Malware Awareness

Malware: The Way Thieves Gain Access

Malware is malicious software designed to infiltrate and damage computer systems, collect private data, steal private data and ultimately to commit fraud. Thieves use malware to gain the ability to monitor your keystrokes (thereby recording everything you do) and/or exfiltrate your data, take control of your computer or initiate processes that can affect the performance of your computer. Malware is mostly distributed through email, pop-up ads, websites, social media and P2P sharing sites.

Malware is designed to be undetectable and it’s often disguised as legitimate programs. Beware of all .zip, .cab, .rar or executable files (*.exe). It’s important that you do not open any files with these extensions unless you know exactly what they contain and trust they are from a known, reputable source. Other file formats to use caution with include screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) as they can contain or launch the installation of malware. Microsoft Word, Excel and PowerPoint file types can also have malicious macros embedded.  

Also beware of malicious software that is designed to hide the true file type. By default, your computer may be configured to hide extensions. For example, a malicious file named "Cute-Puppy.png.exe" may be displayed as "Cute-Puppy.png."

How Infections Can Happen

  • Criminals target victims through phishing
  • Victims unknowingly install malicious software by opening an email, clicking on a link or visiting an infected website
  • Criminals begin monitoring computer activity, exfiltrate data or deploy additional malware, including ransomware
  • When a victim logs into their online banking, criminals can collect login credentials
  • Criminals can then use those credentials to wait for the right time to strike – in one of the following ways:
    1. Criminals use the credentials to log in after-hours so you are not immediately alerted to suspicious activity.
    2. If you are utilizing a token, the criminals wait until you enter your code and then they hijack the session and send you a message such as “online banking is temporarily unavailable.”
    3. Sell the stolen credentials on the dark web.

Infection via Email

 Some experts feel that email is the biggest security threat of all. Email is the fastest, most-effective method of spreading malicious code to the largest number of users. As a best practice, it is recommended that you do not click any links within the email. For access to online banking, launch a secure web browser and enter the website address directly. Attachments delivered through email can be particularly risky, so do not open or even preview any attachments from an unfamiliar source. If you receive an email from SDCCU, make sure it contains the "Account Safety Guard" that displays the last four digits of your account number.  

Common Types of Malware


  • Rootkits are a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.
  • You may have heard of “rooting” in reference to the process of removing operating system restrictions on an Android device and jailbreaking for iPhones. This is not recommended, as it makes the device more vulnerable to malware threats.


  • Scareware is a form of malware that misleads users into paying for the fake or simulated removal of malware and it has become a growing and serious security threat to desktop computers and mobile devices.
  • Most Scareware scams include a Trojan horse component, which users are misled into installing.
  • Common forms of Scareware:
  • Browser plug-in (typically toolbar)
  • Image, screensaver or ZIP file attached to an email
  • Multimedia codec required to play a video clip
  • Software shared on peer-to-peer networks
  • A free online malware scanning service
  • Pop-up ads

 Trojan horse

  • A Trojan horse is an application that poses as a valid program to trick users into running the program. They are typically a non-self-replicating type of malware containing malicious code that, when executed, carries out a predetermined function, typically causing loss or theft of data and possible system harm.


  • When executed, a virus replicates by inserting copies of itself into other computer programs, data files or parts of the hard drive, thus corrupting or "infecting” the affected areas.
  • While most antivirus software can detect and block this malware, criminals often rely on psychological manipulation to trick victims into installing it.
  • Requires user action to spread to other systems.


  • A worm is malware designed to spread to other computers through the Internet or a shared network. It often relies on security failures on the target computer to infiltrate it.

 Malware Defense

  • Keeping your antivirus software and applications updated is the best defense for all forms of malware. Outdated antivirus software may allow your computer to become infected if you simply view an infected email. Use caution when opening unfamiliar or suspicious emails. 

San Diego County Credit Union makes no representations or warranties as to the completeness or accuracy of the information that is supplied on this page. Information is supplied upon the condition that the persons receiving it will make their own determination as to its suitability for their purposes prior to use. 

Apply for a Loan

Thanks for applying for a loan with SDCCU!
Before we continue, please answer the following questions:

Welcome to SDCCU

Before we continue, please answer the following questions:

Are you a current SDCCU member?
What will you be applying for?
Thanks for applying for a business loan with SDCCU!
Before we continue, please answer the following questions:

What will you be applying for?

By clicking the "Go" button below, you acknowledge that you are leaving and going to a third party website. You are entering a website which has separate privacy and security policies. SDCCU® is not responsible or liable for any content, products, services, privacy and security or external links on the third party's website.