Follow this expert advice to keep the malicious software known as spyware far from your trusted devices.
Spyware is sneaky. And experts say it’s a pervasive threat on the Internet, designed to infect your computer and violate your online security and privacy. It’ll follow your online activity and pry into your personal information, stealing passwords from your password list, banking information, your phone number, and your credit card numbers. It secretly infects your computer and engages in illegal activities, like identity theft and data breaches.
“Spyware is like that angel or devil you see on someone’s shoulder in a movie,” says Phil Reitinger, president and CEO of the Global Cyber Alliance. “Spyware typically sits there and looks at what you do but then shares that with someone you didn’t intend. So a hacker, an advertiser, or government might see what you do online, what bank you use, and even your password. You can see why this is so dangerous—we live a lot of our lives online, and spyware can leave you embarrassed and poorer.”
Just as it is easy to become a victim of doxxing or phishing, it’s easy to fall prey to spyware. And right about now, you’re probably wondering, How can I tell if my computer has been hacked? The bad news is that victims of spyware often don’t know they’ve been attacked. To help you protect yourself, we asked cybersecurity experts your most pressing questions: What is spyware? How can you spot it? And what can you do if your computer has been compromised?
What does spyware do?
The spyware definition may seem complex, but at its core, spyware is a type of malware (aka malicious software) designed to steal your data. And it’s designed to do that without detection.
Spyware enters your computer and installs itself, secretly monitoring your online activity without you knowing. It gathers your data and forwards it to third parties seeking to profit from the material. Sometimes, the data goes to advertising or marketing data companies. A less dangerous (but still annoying) side effect is that it also slows down the performance of the device it attacks or freezes applications completely.
“By collecting information such as Internet habits, authentication credentials, and email addresses from a device without your consent, spyware can lead to financial loss from identity theft or credit card fraud,” says Eric Goldstein, executive assistant director for cybersecurity at CISA, the federal Cybersecurity and Infrastructure Security Agency.
How do you get spyware?
Considering spyware’s defining characteristic is its sneakiness (hence the “spy” in its name), it should come as no surprise that you don’t install spyware yourself. At least not intentionally.
Hackers sometimes use what is called a “drive-by download” to get spyware onto your computer. They hide the code in a real application or a pop-up window. You might visit a compromised website, and without you even clicking a link, the malicious software downloads onto your device.
Phishing scams, misleading marketing, and Trojan horses are other techniques that bad actors use to get spyware onto a device. It can be bundled as part of free software that you download from the Internet, or it could get onto your computer through security vulnerabilities in your hardware or software—known as an exploit or a bug—which give it unauthorized access.
And then there’s mobile spyware. Yep, iPhones can get viruses.
While your favorite apps may be spying on you, there’s a more insidious type of spyware: stalkerware. It can be secretly installed on mobile phones by, for instance, an abusive partner or an employer who wants to track your actions on a company device. The programs will track your location, collect emails and texts, listen to phone calls, record conversations, and access photos and videos.
What are the types of spyware?
There are several types of spyware, each of which works in a slightly different way to, well, spy on you. They generally fall into one of these categories:
- Password stealers: No surprise here. This type of spyware is designed to steal your passwords.
- Keyboard loggers: This type of malicious software is created to capture your computer’s activity, from keystrokes to your emails, search history, and the websites visited.
- Adware: Often downloaded with free software, adware bombards you with unwanted ads.
- Tracking cookies: Cookies follow you around the Internet, collecting your browsing habits and using them to personalize your web experience. If you’re not a big fan of websites and Google tracking you, you might be tempted to disappear completely from the Internet, but that’s not 100 percent possible.
- Mobile spyware: This type of spyware can be transferred through MMS or SMS text messaging and does not require a user to interact with it. It is particularly dangerous because when a smartphone or tablet gets infected with mobile spyware, the camera or microphone can be used to spy on nearby activity and record phone calls. And the device’s location can be monitored through its GPS.
How do I remove spyware?
Before you remove spyware, you need to know you have it. And that’s not always obvious. Signs your device has been infected with spyware include a slower processing speed, loss of data usage, and loss of battery life.
Reitinger notes that spyware can be hard to fight because there are so many kinds, from malicious software on your computer to tracking cookies that you may have permitted but that follow what you do across the Internet. “The best things to do are to focus on the basics: good cyber hygiene,” he says.
Antispyware tools can be used to remove spyware. Run a scan with security software (such as McAfee, Norton, Bitdefender, or Windows Defender), which will scan for threats and remove them. You can also remove spyware from an iPhone and Android phone.
Don’t forget this important step: After removing the software, it is important to change your password. Now is a smart time to ensure you’re using good passwords that hackers will never guess.
How can you prevent spyware?
There are several ways to prevent spyware. For starters, be sure to use anti-malware software, including the security software built into Windows and iOS. Antispyware tools will provide protection in real time by scanning network data and blocking malicious data.
It’s also a good idea to opt in to two-factor authentication or multifactor authentication—you know, “those annoying confirmatory texts and emails,” says Scott Shackelford, chair of the Cybersecurity Risk Management Program at Indiana University in Bloomington. Yes, they may mean extra steps, but they’re a must for online security.
It’s also a good idea to follow the rules below.
- Don’t open emails from senders you do not know.
- Don’t download a file unless it comes from a source you trust.
- Hover your mouse over a link before clicking on it to make sure you are being directed to the right web page.
- Explore a reputable cybersecurity program that includes real-time protection, such as Norton 360 and Bitdefender.
- Consider antivirus protection for your iPhone or Android phone (such as Android’s Google Play Protect).
- Be careful about consenting to cookies.
- Install an anti-tracking browser, like Brave or Tor. These come in handy if you want to do an anonymous search without tracking.
- Keep software updated with the latest security, “and make it automatic, if possible,” Shackelford says.
- Adjust your browser security settings.
- Avoid clicking on pop-up ads.
- Turn on auto updates to keep your software fully “patched.”
- Don’t install apps or software that you don’t need, and don’t download from app stores that you don’t trust. Security apps, on the other hand, can actually protect you.
“None of these measures are foolproof,” Shackelford says. “Picture layers of Swiss cheese, but the more you have, the less likely that unwanted spyware can sneak through.”
The bottom line, Goldstein says, is to implement basic cyber hygiene practices. “Think,” he says, “before you click.”
- Phil Reitinger, president and CEO of the Global Cyber Alliance
- Eric Goldstein, executive assistant director for cybersecurity at the federal Cybersecurity and Infrastructure Security Agency
- Scott Shackelford, chair of the Cybersecurity Risk Management Program at Indiana University in Bloomington
- Cisco Umbrella: “Cybersecurity threat trends: phishing, crypto top the list”
- Global Cyber Alliance: “Enabling a Secure and Trustworthy Internet”
- NCC Group: “Annual Threat Monitor 2021”