While espionage may be associated with secret agents and shadowy government missions, millions of people around the world are digitally spied on every day - through spyware.
What defines spyware?
Spyware is a term for a broad category of malware. Spyware is installed on a user's digital device, such as a computer, mobile or tablet, without the user's knowledge. In general, malware is a type of software designed to collect information about a user through their digital devices.
The data is then typically sent to a third party. The information collected is often confidential or personal information such as browser data, usernames, passwords, PINs, credit card numbers and email addresses.
In cases where cyber criminals are looking for personal information, the aim is to steal money or commit identity theft.
The purpose may also be to monitor a user's online behaviour in order to check whether the user's installed software has legal licences or to map the user's behaviour on the internet in order to target a specific complaint to the person. This includes monitoring keyword entry and web search habits.
How is spyware installed?
Spyware can be installed on a device when a user downloads free programs or apps from the Internet. Typically, when a user downloads the application, the terms and conditions state that a spyware program is included, but as we all know, there are quite a few people who do not read this.
"Bundleware or bundled software packages are a common delivery method for spyware. In these cases, the software attaches itself to another program that a user downloads and installs.
Alternatively, a spyware program can be installed on a computer or other device in the same way as other types of malware, for example via Trojan viruses or when the user visits a fake website or opens attachments in phishing emails.
The different types of spyware programs
There are many types of spyware, but spyware is broadly divided into four main categories of software: Trojan viruses, tracking cookies, adware and system monitoring:
- Trojan viruses: Trojan spyware is installed, as the name suggests, via a Trojan virus.
- Tracking cookies: These cookies can be implemented by websites to track a user's behaviour on the Internet (this is only considered spyware if it is done without consent).
- Adware: Adware collects user data by displaying advertisements when a user surfs the Internet. Adware is not necessarily used for cybercrime or malicious purposes, but it is when data is collected through adware without the user's consent.
- System monitoring: System monitoring is designed to monitor internet activity on a computer and access sensitive data such as password entry and emails and websites visited.
A commonly used spyware program that falls into the category of system monitoring is keyloggers. This kind of spyware can track and record every keystroke on a device. They are typically used by cyber criminals to steal login or payment information.
Spyware vs. viruses
It's worth noting that spyware is different from viruses. While both are types of malware that infect a device, viruses are designed, through replication, to embed themselves in multiple files or spread to multiple computers. Spyware does not have the same replication capability.
Examples of spyware use
Spyware has the potential to be incredibly dangerous if it infects a device. A spyware attack can range from mild annoyance to long-term financial damage. Below are examples of some of the most common uses of spyware:
Data theft and identity fraud
Perhaps most importantly, spyware can steal personal information that can be used for identity theft. If malicious software has access to all the information on your computer, it can collect more than enough information to impersonate you.
Information used for this purpose includes browsing history, email accounts and saved passwords for online banking, shopping sites and social networks. If you use online banking sites, spyware also tracks your bank or credit card account details and sells them to third parties.
Damage to computers
Spyware can, and often will, damage your computer. It be poorly designed, leading to it affecting computer system performance. The lack of performance optimisation can take up a huge amount of a computer's memory, processing power and internet bandwidth. As a result, infected devices can run slowly.
Worse cases include frequent system crashes or overheating of the computer, causing permanent damage. Some spyware can even disable one's internalandsecurity programmes.
Disruptions to the browsing experience
Spyware also has the ability to manipulate search engine results and send users to unwanted websites that are potentially harmful, such as phishing websites. It can also cause one's home page to change and can even alter some of one's computer settings.
Spyware and user protection
Not all data collection programmes are spyware, as long as the user fully understands what data is being collected and with whom it is being shared. Tracking and reporting user information can help legitimate businesses improve their products or provide better service to their customers.
The line between illegal spyware and legal data collection is often drawn by cookies, which store information about internet behaviour on individuals' devices. Some users allow cookies; others refuse to accept them.
Signs of spyware
If you experience any of the following, it could be a sign that your device is infected with spyware:
- Frequent pop-up ads when you are online.
- The Internet speed or the computer is very slow (This happens because the computer is constantly sending information to a third party).
- The home page of the Internet browser changes to a different page than usual.
- There is outbound activity when you are offline.
- Storage space on the computer is reduced (Spyware takes up a lot of space on the computer).
How to protect yourself from spyware
To increase your security, you can take some simple actions to protect yourself from spyware:
- Read the terms and conditions before installing free programs or visiting a website.
- Never click on advertisements from unknown or suspicious websites. Also be aware of the buttons to press to close the pop-up window. These can also lead to the installation of spyware programmes.
- Always use a fully up-to-date internet browser.
- Use well-functioning antivirus software with anti-spy scanners on all devices.
- Be careful about consenting to cookies. Due to GDPR almost all websites ask for your permission to create cookies. Only accept cookies from well-known and secure websites, and only if you really want the personalised experience they can offer.
Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.