What Is Spyware?

man in glasses with headphones around neck looking pensive

Spyware is a type of malicious software, or malware, that collects information about the user of a personal computer or mobile device and transmits it to others for criminal purposes such as identity theft. Some types of spyware can also take control of a device without the user's knowledge.

How Does Spyware Work?

Spyware typically is installed on your device when you think you're downloading or installing something else. You may be tricked into clicking on a link in an email or text, for example, which allows spyware to infiltrate your device. Different types of spyware include:

  • Keystroke capture: This type of spyware tracks all the keystrokes typed into your device, and in the process can capture login information, checking account information, credit card numbers and even your Social Security number—all of which can be used to steal your identity or hijack your credit.
  • Adware: Other spyware tracks your web-browsing habits and uses them to display advertisements for products it thinks you'll like. These ads show up in pop-up windows in your web browser or on your device's main screen. Aside from being annoying and intrusive, these programs consume data bandwidth and can impair the performance of your device. More sophisticated versions of adware can hijack clicks you make on ads you're interested in and funnel the revenue generated by those clicks to criminals.
  • Stalking software: Some spyware uses the location-tracking function of smartphones and other mobile devices to report your whereabouts. This type of spyware is typically installed by an individual with physical access to the device. It has a reputation of being used by abusive partners and other predators who may know the owner of the device. If you think stalking spyware has been installed on your phone, the Federal Trade Commision (FTC) suggests seeking help from law enforcement.

6 Ways to Protect Yourself from Spyware

  1. Use anti-malware software. You can find free versions of many anti-malware programs, but sometimes a paid subscription to a more full-featured malware-protection program can be a valuable insurance policy.

    Anti-malware software detects and blocks spyware and other forms of malware before it infiltrates your device. Many programs even scan the contents of USB thumb drives and external hard drives you connect to, which can spare you the headache of trying to remove insidious software once it's installed. Whatever program you choose, be sure to keep it up to date so that it can recognize newly identified spyware.

  2. Do not click on unexpected pop-ups. If a pop-up window appears randomly on your computer screen, especially if it claims to have detected a virus or other malware and urges you to install a remedy, don't click any buttons in the window. Instead, use the "X" in the corner of the window to dismiss the message. If you fear your device has been infected, run your own antivirus software. Ad-blocking software can help prevent you from seeing these pop-ups in the first place.
  3. Download apps directly from an app store. Downloads from the official app store connected with your computer or mobile device, such as Apple's App Store or Google Play, have been scanned to protect you from malware. Software that's downloadable elsewhere may be legitimate, but if in doubt, try to find the same software through an app store platform you know and trust.
  4. Know the source. Links embedded in emails and text messages are well-known delivery mechanisms for spyware and other malicious software. They can take the form of text links as well as clickable photos and other images.

    Before you click, be sure you know the source of the message, because clicking one can trigger installation of dangerous software. If it appears to be from a trusted source, double-check the sender's address or phone number to be sure it tracks. If in doubt, refrain from clicking and contact the alleged sender directly, using contact information you look up yourself.

  5. Protect your mobile devices. Set complex passwords on your devices' lock screens: Strong passwords use a mix of symbols, numbers and both upper and lowercase letters, and do not use personal information such as birthdays. Also get in the habit of locking your phone before you put it down, and use biometric security methods such as fingerprint or face recognition, if they're available. Most importantly, avoid leaving your phone where others can get their hands on it.
  6. Use two-factor authentication. Two-factor authentication adds another layer of security to online services such as banking and credit card accounts, beyond just a password alone. When two-factor authentication is enabled at a secure website, you first enter your login information, and then a confirmation passcode is sent to your email account or cellphone—an extra security measure that can thwart thieves who've stolen your passwords.

If you believe your phone has some kind of spyware installed, the only way to get rid of it may be to reset the phone to factory settings. A factory reset deletes everything on your phone, including the spyware, so make sure you have a backup before doing this. After the reset, you can selectively reinstall your apps and personal files.

The Bottom Line

There are several ways to protect yourself from spyware, but we all make mistakes now and again. If you believe spyware has siphoned your personal information, watch for suspicious activity on your credit card and financial accounts. Consider using a credit-monitoring service such as an Experian Premium membership to alert you when your credit report changes.