It Pays to Be Skeptical


A message pops up on your computer, warning you that malware has been detected.

What do you do?

The answer’s not as clear as you might think.

In fact, no matter what you choose to do, it could be the wrong thing.

Your trust is a commodity

It’s no secret that scammers actively prey on the trusting.

But it’s not just con artists who abuse our generally good nature and desire to trust. Hackers, malware authors, overly-aggressive salespeople — essentially anyone who wants something — are skilled at using your trust against your better interests.

Warning: malware detected, click to remove…

A pop-up message telling you there’s malware on your machine, and click here to fix it, is probably no big surprise to most people. With the constant barrage of news reports about hacks and malware and the ongoing emphasis on anti-malware tools (including from sites like Ask Leo!), your first response on reading such a message may be to believe it.

“Malware? Well, it happens to so many people, it’s no surprise it happened to me!”

Except … it might not have.

Not yet, anyway.

That message might be completely fake. It may be inciting you to trust it and click to take further action. And that click and “further action” could install malware, or worse.

Or, it could be legitimate.

What do you do?

Unable to deliver package, details attached…

You’ve probably received email — important-looking email — that indicates there’s a package on its way to you and the details are in an attached file.

Perhaps your online email provider has detected a problem with your account, and you need to check something by clicking on a conveniently-provided link.

I’ve even received email from “PayPal” indicating that access to my account had been “limited” because of suspicious activity. I needed to log in to provide additional information — once again, using the provided link.

In each case, the sender wants you to trust them and take whatever action they’ve recommended in their message, be it examining the contents of an attached file, clicking a provided link to their web site, or replying to the email with sensitive information.

Abusing your trust in this manner is currently one of the most effective ways to distribute malware.

And yet, each one of those scenarios could, in some cases, also be legitimate.

What do you do?

I’m from Microsoft, and we’ve detected…

You’re working on your computer one afternoon and get a phone call from someone who says they work for Microsoft, and your computer is causing many errors on the internet. They offer to walk you through some steps to show this to you, and indeed, there do seem to be lots of unexplained errors right there on your computer.

Then they offer to fix it for you, if you’ll just go to a site and type in a few numbers they recite to you.

Those errors are pretty scary looking, and you certainly don’t understand them.

What do you do?


What you do: get skeptical

Skeptic: a person who has or shows doubt about something – Merriam Webster

If there were one skill I could magically impart to my Ask Leo! readers — hell, on the entire technology-using, internet-loving universe — it would be healthy skepticism.

I’m not suggesting you believe nothing and trust no one. I mean that before you believe, you question, and before you trust, you learn.

Truly, being skeptical is the only solution to the scenarios I’ve outlined above.

In each case, it’s critical you not blindly trust the information presented to you. In each case, you must question whether or not the person or company at the other end of the message has your best interests in mind. Is the story they’re telling accurate? Verifiably accurate? Do you know beyond doubt that they are who they say they are?

If the answer to any of those questions is “no”, or even “I’m not sure”, then stop. Stop and take additional steps to confirm what you’re being told is legitimate.

It might mean some internet research, calling them back, or asking a trusted friend or resource for their opinion.

But if you aren’t sure, question everything.

Be more skeptical: it’s a skill that helps prevent disasters before they happen, and keeps you and your technology safe.

Nullius in verba.
“Take nobody’s word for it.”

It’s more than just technology

Naturally, my plea to be skeptical and question everything is about far more than the technology you have sitting in front of you.

As I’ve written about before, an amazing amount of information we’re shown each day is completely bullsh*t — or at least nuanced and presented in such a way as to cause you to believe that things are other than they truly are.

Add our natural tendency to believe that which supports what we already believe (known as the “echo chamber” or “confirmation bias”), and it’s exceptionally easy to be mislead and misinformed.

The solution remains the same:

Be skeptical.

Question everything …

… even things you already believe are true.

Originally published as It Pays to Be Skeptical on Ask Leo!