Internet security 101: Six ways hackers can attack you and how to stay safe
These days most of our important transactions happen over internet. While an increasingly connected world makes our lives easier, it also poses great risk as we expose our personal data to cyber criminals or hackers. The hackers have devised numerous ways to steal important data which is then put to misuse. Below are six most common ways your data can be stolen and the precautions you can take to stay safe:
What is phishing?
Phishing is a fake email masquerading as legitimate. Hackers create phishing emails through which they intend to steal your confidential information like passwords and bank account details. This kind of email appears to have come from a well-known person or organisation like your bank or company that you work for. These emails generally try to create an urgency or panic to trick users into giving out their personal details. For example, you receive an email from your bank saying that your ATM card has been disabled and you need to confirm your card number or your Aadhaar number to re-activate it. A victim who has received this email might think that it is from a legitimate source when in reality this email has been sent from a malicious hacker trying to steal your confidential information.
How it can it steal your data
The phishing email might contain a link which on clicking will take you to a fake web page. For example, the link might take you to a fake bank website which looks very legitimate but in reality is just a lookalike. If the victim falls for the scam and enters his/her account details on the website, the details will actually go to the hacker’s server instead of going to the bank and the hacker will have all the information that the victim has provided on the website.
Another way is the email might have an attachment and asks you to download it. As soon as you click on the download button and open the attachment, a malware gets installed on your system giving the hacker complete access to your device and data.
How to stay safe
Look for spelling or grammatical errors in domain names or email addresses. Cyber criminals also often use email addresses that resemble the names of well-known companies but are slightly altered. For example, accounts@gmall.com instead of accounts@gmail.com (“l” instead of “i”).
Think twice before clicking any links. If you see a link in a suspicious email message, don’t click on it. Instead, hover your mouse on the link to see if the URL matches the link that was provided in the message.
Cyber criminals often use threats that your security has been compromised or your account has been blocked. Don’t fall for such tricks. Take your time to assess the situation.
2. Malware
What is malware?
Malware is a malicious software that is written with the intent of compromising a system and stealing the data available on the system. These programmes can perform a variety of functions some of which include stealing or deleting sensitive data, modifying system’s core functionalities, and secretly tracking the victim’s activities. There are various factors that can lead to the installation of malware in your system. One is running an older or pirated version of an operating system which is not safe or updated and thus vulnerable to attacks. Clicking on unknown links or installing fake/pirated software can also lead to downloading of malicious programmes.
Major types of malware
Virus: A virus is a programme that is capable of infecting software and disabling or modifying a system’s core functionality. It tends to replicate itself into data files, programmes or boot sector of a computer’s hard drive and making the files/system inaccessible.
Trojans: This type of malware tends to create backdoors in your security to let attackers monitor your activities remotely. It disguises itself as legitimate software or is included in legitimate software that has been tampered with.
Spyware: Spyware is malware designed to spy on you. It hides in the background and tracks everything you do online, including your passwords, credit card numbers, surfing habits and chats. It can record keystrokes, videograph you from your webcam and even listen from your microphone.
Keylogger: This is a specific form of spyware that simply records the keys you type and where you type them. These logs are then sent to the attacker who can analyse them to find your passwords, chats, credit card numbers and much more.
How to stay safe
Use a legitimate anti-virus software.
Do not download any fake software as there are chances it may contain malware.
Never click on fake antivirus pop-ups that are generated from websites.
Always keep your operating system updated.
Never download pirated apps/software as they always contain some kind of malware
Never click on fake antivirus pop-ups that are generated from websites.
Always keep your operating system updated.
Never download pirated apps/software as they always contain some kind of malware
3. Malicious mobile apps
What are malicious mobile apps?
There is a big misconception that every app available on Google Playstore or Apple store is safe and legitimate. However, this is not the case. Not every app available on these stores is safe for users. Some of these apps may contain malicious code that can put your privacy at risk.
How such apps can steal your data
The malicious apps may contain a code snippet that can install malware on your device. Besides this, the app may ask for unnecessary permissions that hackers may misuse to extract critical data including your contacts, messages and media.
It is advised to look out for the following permissions as they can be misused by an application:
Accounts access: It helps collect crucial data including contact lists and e-mail addresses.
SMS permission: It can be used to send SMSs to premium-rate numbers and drain out your balance.
Microphone access: It can record phone conversations.
Device admin permission: It can help a hacker take remote control of your phone, track it live and even wipe it remotely.
Contacts: It can help a hacker steal your contacts and sell it to ad networks.
How to stay safe
Always check the permissions before downloading an app.
Check reviews and ratings.
Avoid downloading an app if it has less than 50,000 downloads.
Do not download apps from third party app stores.
Never download pirated/cracked apps.
4. Smishing
What is Smishing?
Smishing is a form of phishing in which someone tries to trick you into giving them your private information via a phone call or SMS message. Smishing is becoming an emerging and growing threat in the world of online security.
How it can compromise your data
Smishing uses elements of social engineering to get you to share your personal information. This tactic leverages your trust in order to obtain your information. The information an attacker is looking for can be anything from an online password to your bank account details or OTPs to gain access to your accounts. Once the hacker has your required data, he can use it for various attacks.
Messages sometimes also come with shortened links with luring offers and deals that when clicked, install malware on your devices.
How to stay safe?
Don’t share any critical information over a phone call or SMS.
Always verify the identity of the message before clicking links in it.
If you receive a message saying its from a person you know and asks for critical data, call the person on the number stored in your contacts (instead of calling the SMS number) and verify that he/she has requested the data.
5. Physical security threats
What are physical security threats?
A physical threat is any threat to your sensitive information that results from other people having a direct physical access to your devices like laptops, hard drives and mobile devices.
Physical security threats are often underestimated in favour of technical threats such as phishing and malware. Physical device threats occur when someone is able to physically gain access to your confidential data like data gathered from stolen devices.
Physical security breaches can happen at your workplace or even at your home. For example, someone could get hold of your confidential files that they are not supposed to see or access an unattended system which is not password-protected.
How to stay safe
Be careful how you store confidential information. Use encrypted computer hard drives, USBs, etc if they contain sensitive information.
Never write your passwords on a post-it or notepad.
Never leave your system unattended. Always protect it with a strong password.
Don’t leave your phone unlocked and unattended.
Make sure proper backup and remote wipe services are enabled in case you lose your device.
6. Insecure networks
What are Insecure networks?
Connecting your system or device to an insecure network can create the possibility of a hacker gaining access to all the files on your system and monitoring your activity online. A hacker in control of your system can steal passwords of your social accounts, bank accounts and even inject malware on authentic websites that you trust. With programmes freely available on the Internet, anyone can sit in a car outside your home and access your critical files, accounting data, usernames and passwords, or any other information on the network. A competitor in possession of such in-depth knowledge of your official documents can be a damaging or even fatal threat to your business.
Connecting to a “free” airport/coffee shop WiFis is dangerous especially when you are carrying out critical activities online such as banking, private conversation or even browsing your email. These networks are often left unprotected which can allow a malicious hacker in the same shop/region to snoop on you easily.
How to stay safe
Never connect to open Wi-Fi networks that you can’t trust. Just because it’s free, it doesn’t mean it’s safe too. When in a cafe with a Wi-Fi facility, ask the staff for the Wi-Fi you can connect to instead of randomly connecting to any open network.
If you are using a public Wi-Fi, avoid performing any bank transactions or accessing any critical information while being connected.
Use strong encryption like WPA2 on your home and office WiFi router instead of Open or WEP security as these can easily be hacked.
Your security is in your own hands. Stay cautious and alert at all times. Always remember, someone, somewhere is trying to hack you and basic security practices mentioned above can protect you from most hacks.