These are some of the most common ways that your devices can get infected with malware.
Malware authors often try to trick you into downloading malicious files. This can be an email with a file attached that tells you it is a receipt for a delivery, a tax refund, or an invoice for a ticket. It might say you have to open the attachment to get the items delivered to you, or to get money.
If you do open the attachment, you'll end up installing malware on your PC.
Sometimes a malicious email will be easy to spot—it could have bad spelling and grammar, or come from an email address you've never seen before. However, these emails can also look like they come from a legitimate business or someone you know. Some malware can hack email accounts and use them to send malicious spam to any contacts they find.
To reduce the chances of your device being infected:
If you aren't sure who sent you the email—or something doesn't look quite right—don't open it.
Never click an unexpected link in an email. If it appears to come from an organization you trust or do business with, and you think it might be legitimate, open your web browser and go to the organization's web site from your own saved favorite or from an internet search.
Don't open an attachment to an email that you weren't expecting, even if it appears to come from somebody you trust.
To learn more, see Protect yourself from phishing.
Microsoft OneDrive has built-in protection against Ransomware attacks. To learn more, see Ransomware detection and recovering your files.
Malicious Office macros
Microsoft Office includes a powerful scripting language that allows developers to create advanced tools to help you be more productive. Unfortunately, criminals can also use that scripting language to create malicious scripts that install malware or do other bad things.
If you open an Office file and see a notice like this:
do NOT enable that content unless you're certain you know exactly what it does, even if the file appears to come from somebody you trust.
Warning: A popular trick by criminals is to tell you that you're about to be charged for a service you never signed up for. When you contact them to protest they tell you that to cancel the service you just need to download an Excel file they provide and fill in some details. If you download and open the file Excel will show the warning you see above. If you select Enable Content the malicious macro will run and infect your system.
No legitimate company will ever make you open an Office file just to cancel a service. If one asks you to, just hang up on them. It's a scam and there is no service you need to cancel.
To learn more about controlling how macros run on your device see Enable or disable macros in Office files.
Infected removable drives
Many worms spread by infecting removable drives such as USB flash drives or external hard drives. The malware can be automatically installed when you connect the infected drive to your PC.
There are a couple of things you can do to avoid this type of infection:
First and foremost, be very wary of any USB device that you don't own. If you find a USB device that was apparently lost or discarded, be reluctant to plug it into a computer with data you care about. Sometimes attackers will deliberately leave infected USB devices laying around in popular areas in hopes that somebody will find them and plug them into their computer.
Tip: This is called a "USB drop attack".
If you don't plug it in, you can't get infected. If you find a USB drive just laying around, apparently lost, see if there is a nearby receptionist, or lost-and-found, that you can turn it in to.
Second, if you do plug an unknown removable device into your computer be sure to run a security scan of it immediately.
Bundled with other software
Some malware can be installed at the same time as other programs that you download. This includes software from third-party websites or files shared through peer-to-peer networks.
Some programs will also install other software that Microsoft detects as potentially unwanted software. This can include toolbars or programs that show you extra ads as you browse the web. Usually you can opt out and not install this extra software by clearing a check box during the installation. Windows Security can help to protect you from potentially unwanted applications. To learn more, see Protect your PC from potentially unwanted applications.
Programs used to generate software keys (keygens) often install malware at the same time. Microsoft security software finds malware on more than half of PCs with keygens installed.
You can avoid installing malware or potentially unwanted software this way by:
Always downloading software from the official vendor's website.
Making sure you read exactly what you are installing—don't just click OK.
Hacked or compromised webpages
Malware can use known software vulnerabilities to infect your PC. A vulnerability is like a hole in your software that can give malware access to your PC.
When you go to a website, it can try to use vulnerabilities in your web browser to infect your PC with malware. The website might be malicious or it could be a legitimate website that has been compromised or hacked.
This is why it's extremely important to keep all your software, and especially your web browser, up to date and remove software you don't use. That includes unused browser extensions.
You can reduce your chances of getting malware in this way by using a modern browser, like Microsoft Edge, and keeping it updated.
Tip: Don't want to update your browser because you have too many tabs open? All modern browsers will reopen your tabs after an update process.
Some types of malware can download other threats to your PC. Once these threats are installed on your PC they will continue to download more threats.
The best protection from malware and potentially unwanted software is an up-to-date, real-time security product, such as Microsoft Defender Antivirus.