U.S. has lost billions due to hackers. We show you how it’s done and how to keep yourself safe

Clark Howard,WSBTV.com News Staff
·3 min read

From phishing, spear phishing, job scams, to romance scams, hackers attempt trillions of cyberattacks every day.

A cyber expert sat down with Boston 25 News consumer adviser Clark Howard to show us just how easy it is for hackers to create and spread malware.

“We’re talking billions, trillions of scans of attempts on a daily basis,” cyber threat researcher Willis McDonald said. “The last couple of years, it’s multiple billions of dollars that we’ve lost, and that’s just the US.”

McDonald has been fighting the hackers for over a decade.

“I research malware authors, criminal marketplaces and who is using them, what they’re selling and how they operate,” McDonald said.

Those criminal marketplaces are big business.

“They have employees they have benefits, they have health insurance,” McDonald said.

Crooks can choose to buy malware that collects usernames and passwords or ransomware to extort money.

“A lot of times those are sold as a service and the subscription services have many different ways. They monetize it. Sometimes it’s by how many infections that you would like to carry out,” McDonald said.

McDonald demonstrated two attacks criminals use gain access to our info and it was not hard.

“It’s really just answering a bunch of prompts as long as you have all the information. It’s a fairly simple process,” McDonald said.

Using open-source tools available online McDonald was able to create and send a phishing email to multiple addresses.

Then he waits.

“If I don’t get a connection back, I try a different template until eventually I’m successful and I can gain access to this person’s computer,” McDonald said.

Once they have access …

“In most cases, the whole purpose of the malware is to not make itself known, to collect data in the background silently and send that back to the attacker,” McDonald said.

Using another template, he was able to take control of the user’s computer by setting up a malicious link.

“In this case it’s actually warning me that I should not download this,” McDonald said. “What I’m going to tell it is, I want to keep it. So I’m just going to ignore it. Which a lot of times this happens as well.”

Within seconds he was able to remotely take over.

“It mirrors on my attacker laptop,” McDonald showed Howard. “Someone could do this in a matter of seconds, gathering credentials, gathering personal information.”

McDonald said people looking for pirated versions of software like Microsoft or Adobe products are asking for trouble.

“Plenty of those have malware attached for free on pirated versions,” McDonald said.

There are ways to protect yourself.

“Pay attention to what you’re clicking on,” McDonald said.

He said to also look at the URL and make sure a site is legit before you login in.

If you think you are a victim, McDonald said to change your passwords and enable two-factor authentication.

Howard recommends freezing your credit. It’s free to do it’s a key thing for you to set up defenses around your identity and your wallet.

Download the FREE Boston 25 News app for breaking news alerts.

Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW