Debunqed

Tag: phishing

  • Be Digitally hack-proof

    Be Digitally hack-proof

    Why do people hack systems? Hacking is a technique used to compromise any digital device. Hackers want to get into your device to use your data for varied reasons – naturally, most of these motives are financially driven.

    A data breach is usually what leads to a hack. There is a difference even though both terms are used interchangeably.

    A data breach happens when data that is left vulnerable in an unsecured environment gets viewed by someone who shouldn’t have access to it.

    While hacks are the result of malicious behavior, breaches happen as a result of negligence, human error, or other non-malicious behavior that creates a security vulnerability.

    Hackers may access your device just to say they could or for financial gain, to protest, or to gather sensitive information.

    So what makes a hacker?

    In the past, a hacker may have been a whiz kid or specialized programmer but in the modern-day, hacking has become easier and more people are becoming hackers. As more people shop online and use computers for everyday tasks, they become the prey of hackers worldwide.

    Actual hacking is technical in nature – the hacker does not communicate with the person whose PC they are hacking into.

    But they can also use psychology to trick the user into clicking on a malicious attachment or providing personal data. These tactics are referred to as social engineering.

    Your cellphone too can be hacked

    While most associate hacking with Windows computers, the Android operating system also offers an inviting target for hackers. That means millions of people who use Samsung phones can be hacked.

    Some fifty years ago, there was a name for hackers who obsessively explored low-tech methods for getting around the secure telecommunication networks and expensive long-distance calls. they were called phreaks.

    This was a portmanteau of the words phone and freaks. They were a defined subculture in the 1970s, and their activity was called phreaking.

    Phreakers have now evolved out of the ‘analog technology era’ to become hackers in the digital world. They are beyond a sub-culture and have become a genuine threat to the safety of our information and data.

    Mobile phone hackers currently use a variety of methods to access your mobile phone and can intercept phone calls, voicemails, text messages, and even the phone’s microphone and camera, all without your permission or even knowledge.

    iPhones are not safe either

    In 2020, many journalists working for Al Jazeera were victims of a sophisticated zero-click spyware attack.

    The Toronto-based internet watchdog group Citizen Lab was asked to look into the attacks, which took place in July and August, and they released their findings at the end of December.

    The report found that 36 journalists, producers, anchors, and executives had their iPhones compromised by Pegasus spyware. The spyware, developed and sold by an Israeli-based firm called NSO Group, targets security vulnerabilities in the iMessage app.

    The so-called “zero-click” exploit deploys without any user interaction. Once installed, it can record ambient sound and phone conversations, take pictures, and access user credentials. It sounds like science fiction but it’s very much real!

    Types of hacks

    Malware

    People can use hardware to sneak malware into your PC. In offices, hackers will infiltrate networks by giving staff members infected USB sticks, dodgy USB cables, and mouse chords.

    It is crucial to always think before plugging anything into your work or personal device with access to confidential data.

    Educate your staff about being careful before plugging anything into their PCs.

    Malware infections generally occur when users interact with dangerous code by clicking on a URL or downloading malicious software disguised as an authentic program. But zero-click spyware penetrates devices without any user interaction.

    Citizen recommends making sure that your mobile OS is updated to the latest version. Identified vulnerabilities in previous versions of iOS were patched in the iOS 14 update.

    Practicing good digital hygiene is always important for the security of your mobile devices.

    Use sites like haveibeenpwned.com and breachalarm.com to see if your email credentials have been compromised. Use strong passwords on any apps that contain sensitive data and delete any apps that you do not regularly use.

    Missing security patches

    Always remember to update your security tools. Too many people ignore update notifications or security patches, leaving themselves vulnerable. It’s not just antivirus software that needs patching.

    Tell your staff to ensure that all their antivirus and applications are routinely updated as security patches become available. This task is usually the job of your IT department if you have one in the first place.

    Getting your password information

    Hackers can obtain your credentials through several means, but commonly they do so through a practice called keystroke logging or keylogging.

    Can you believe that the most common password is “123456”? Hopefully, yours isn’t so, or any of the most hacked passwords in the last 10 years.

    Through a social engineering attack, you could accidentally download software that records your keystrokes, saving your usernames and passwords as you enter them.

    This and other forms of spyware are malware that tracks your activity until a hacker has what they need to break into your system.

    Attackers can deploy malware on a user’s machine if they are in your environment and capture your credentials via keylogging too.

    Hackers also use password cracking programs that can run letter and character combinations, guessing passwords in a matter of minutes, or even seconds.

    To get around this, use a password management tool that securely houses your company’s credentials. These tools can often auto-generate lengthy, diverse character passwords that are difficult for hackers to guess. They can also autofill for your employees for easy access to their tools.

    Encryption and multi-factor authentication methods also offer more layers of protection.

    Distributed Denial-of-Service (DDoS)

    Acunetix

    This technique involves taking down a website so that a user cannot access it or deliver their service. DoS attacks take place when hackers inundate a target’s server with large influxes of traffic. The amount is so frequent and high that it overloads the server by giving it more requests than it can handle. This crashes your server and your company’s website.

    Larger businesses can get hit by a Distributed Denial of Service (DDoS) attack, which is a synchronized attack on more than one server or website, potentially taking down numerous online assets. 

    A good method to fight DDoS attacks is to use cloud protection services to spot them – like Acunetix or Netsparker.

    Social Engineering & Phishing

    This is where hackers try to get your personal information, often by impersonating a legitimate and maybe trusted source.

    Many types of social engineering bait come in the form of phishing emails.

    A hacker sends you a message that looks like it’s from someone you know, asking you to do something, like wire them money, or to click or download an infected attachment to see more. 

    Here is a hilarious example of a phishing Email

    “The top malicious email attachment types are .doc and .dot which make up 37%. The next highest is .exe at 19.5%,” according to a report by Symantec. Always be cautious of opening these types of attachments.

    Warn your employees to never give out private business information over email, to think before opening any attachments, and educate them on mail scams.

    Use email software that scans for phishing. Microsoft 365 and Google’s Business packages come equipped with such. Google’s tech uses AI to scan the content and find things such as spelling errors and dodgy URLs. This enables the system to block them before they even hit your inbox.

    Most people or companies that get hacked or suffer from a data breach do so mainly due to negligence. Many do not prioritize beefing up their security systems before it is too late. Hacks are, however, completely avoidable so don’t fall victim to them.

    Other ways to protect yourself

    • Download a reliable anti-malware product that can both detect and neutralize malware and block connections to malicious phishing websites.
    • Of course, whether you are on Windows, Android, a Mac, an iPhone, or in a business network, you must always use layered protection wherever you can.
    • Only download phone apps from the legitimate marketplaces that police themselves for malware-carrying apps, such as Google Play and the Apple/Amazon Appstore.
    • Check the ratings and reviews first. If it has a low rating and barely any downloads, it might be best to avoid that app.
    • Use long and complex passwords. Don’t use numbers in sequence. You can also use mixes of letters that can be remembered through rhymes.
    • Consider using a password manager.
    Advert
  • Ethical hacking

    Ethical hacking

    Maybe you should encourage your kids to become hackers. When you open Twitter handles and Linkedin profiles, it’s not unlikely that you’ll find people listing hacking as a skill.

    Parents used to tell their kids to become doctors, lawyers, and accountants. Later, they advised them to learn about computers. These kids have now grown to become hardware specialists and then software specialists today.

    In the past 10 to twelve years, we have seen ourselves thrown into the fourth industrial revolution. In it, technology affects our lives through social media and augmented reality.

    We share a lot of our personal information with more people, companies, and institutions every day, willingly and are often blasé about it. This has tempted people to steal this information by hacking it. 

    Hacking background

    Since the advent of personal computers in the 1980s hackers have become prolific, initially in ‘first-world’ countries that had an advanced infrastructure. There were numerous cases in the US but as computer technology permeated the world, hackers followed suit. 

    A hacking group called MOD, Masters of Deception, in the 1980s allegedly stole passwords and technical data from Nynex, and other telephone companies as well as several big credit agencies and two major universities.

    The damage caused was extensive and one company, Southwestern Bell said it suffered losses of $370,000 alone. These days the damages, though not always publically announced, can run into a few millions of dollars.

    READ MORE about the Online Threats hackers use here

    All this has paved the way for a special information technology (IT) vocation. A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system and networks. They break into systems they aren’t authorized to, and tend to break seamlessly into email and banking systems.

    Advertisment

    Hacking as a career

    Ben Wilson works as an ethical hacker. He has more than ten years of experience and worked in London where he received on-the-job training. He now works remotely in South Africa servicing UK clients.

    “I test websites for clients and look for vulnerabilities in the systems. I have done a lot of work for banks lately but my work is across industries.” 

    “Energy companies are using my services more and more,” he says.

    Wilson says he worked in a permanent position for six years. Right now he contracts for five clients regularly.

    Ethical hackers are the knights who test how permeable these systems are.

     

    “The majority of my work is for British clients. The UK pound is strong and I like to earn pounds. I’d say the best computer security consultants in the world are in the UK. The US is strong too but the UK consultants are sophisticated and the best.”

    Vulnerabilities

    The most common way in which people hack information is through email contacts; especially personal Gmail accounts.

    People think that their information is safe because it sits with one of the largest companies in the world. But this is exactly why it isn’t safe.

    Gmail and other third-party free email accounts are regularly hacked. If you want to protect especially valuable information you should either upgrade it to the business/enterprise level, use a different email service, or perhaps the one connected to your employer. 

    Nowadays companies use services to protect themselves against hacks and unauthorized access. These monthly or annual service providers might employ ethical hackers to check the companies’ systems.

    Hacking, however, isn’t just something that happens to big companies or in blockbuster movies. Here are some reality checks:

    • All websites are under threat;
    • So are applications (Apps) on your phone;
    • People can also program artificial intelligence (AI) to hack into systems. This has become a big concern and theme for security experts.

    Ways to proactively prevent a hack 

    Fortunately, there are several ways of protecting yourself and your information from hacking; starting with your emails. Be wary of “phishing” emails asking you to update your information, especially for bogus databases that you have never heard of.

    Use a spam filter – Avoid opening attachments from senders you don’t know – Update your passwords regularly – It helps to have authentication methods, such as a smartphone-linked and email-linked authentication (2FA) or security keys like Yubico – Do not click on any ad – period! Back up your files regularly – it’s always a good idea – Don’t allow ransomware bullies to bully you.

    • If you get sent communication saying that people have your files and want money or they’ll release the files; ignore them.
    • They can’t threaten you forever and might eventually move onto another target especially if your information loses its value over time.

    Anti-hacking software

    As a business, use tools like those from cybersecurity experts Acunetix. More than 4 000 companies protect their web applications from vulnerabilities using its powerful web scanner.

    Its penetration testing software prevents potential attacks by identifying holes in your websites’ coding. This is where hackers usually plant their complex code which allows them to extract data such as contact details, credit card details, and in worse cases, company-sensitive data like patents and blueprints.

    Naturally, it also scans networks to find gateway loopholes that could lead to crashes and downtime-related losses. A bank’s website going down for a few hours can cost it several thousand or even millions in lost revenue.

    Despite having firewalls, VPNs, and other Internet security systems in place, your websites and apps being developed are still vulnerable to cyber-attacks or a hack.

    The most commonly known hack used is a DDoS attack. Basically, it works like a traffic jam clogging up a highway, preventing regular traffic from arriving at its desired destination. Incidentally, only a few days ago, Amazon was hit by a DDoS Attack.

    So, how would you know or find out if you are vulnerable?  By conducting regular scans on your websites and apps to see where vulnerabilities lie.

    Avoiding a hack requires common sense

    Be aware and don’t fall into scams. It’s unlikely you’ve won 120-million Euros in a lottery. You should know by now that you are not the descendant of a king!

    In addition, if someone says they have a sex tape with you in it and they want your salary, unless you know you made a sex tape, they’re probably lying.

    Unless of course, a scorned lover of yours tricked you – but you can’t blame technology or a hacker for that.

     

  • The Online Threats of 2019

    The Online Threats of 2019

    How you can stop them from happening.

    Like a biological virus mutates – as technology advances so do the complexity of phishing and identity theft schemes. With major services adopting cloud technologies and storing private data online, anyone is vulnerable to hacking.

    To make matters worse, hackers continue to come up with some pretty creative ways to profit from stolen information.

    Without wasting time, these are the things you should already be doing to avoid being exposed to hackers in the first place:

    In order to keep these cyber-criminals out of your lives and computers, let’s take a look at some of the actual schemes to watch out for in 2019.

    Hacking

    We all know what hacking is by now – the term has almost become synonymous with internet security. So a question is: do you love watching movies on Netflix or jamming out to your summer playlist on Spotify? If the answer is yes, then you’re at a pretty high risk of getting hacked.

    DynaRisk, a UK cybersecurity firm, recently found that cybercriminals most commonly target these brands, along with adult-oriented sites (you know what we mean) and then, online gaming services.

    Identity Theft

    A few weeks ago, authorities caught a New York-based gang who had used identity theft to steal over $19 million worth of iPhones. Quartz reported that this operation ran for seven years.

    So-called “Top Dogs,” the ring leaders, would organize lower level members of their organization to steal identities and create clone credit and identity cards. Then, affiliates fanned across the nation, signing up for mobile phone plans to acquire iPhones, which were later sold for a profit by the Top Dogs.

    Because phone payment plans take the shape of nominal fees over the course of several years, victims often wouldn’t notice the fraud until it was too late. Learn how another scheme dubbed sim port attack works in the diagram below:

    Ransomware

    Hacking can happen to anyone – including our favorite bands. In early June, a hacker managed to steal the minidisk archive of Thom Yorke, the lead singer of Radiohead. This included previously unreleased demos and audio material from around the time of “OK Computer,” the band’s 1997 worldwide hit album. The hacker then demanded $150,000 on the threat of releasing it.

    Holding files for ransom is so common nowadays that it even has its own name: “Ransomware.” Either pay over the ransom or lose your files—or, even worse, have them released onto the unforgiving Internet.

    In response, Radiohead released all 18 hours of material on Bandcamp themselves, winning against these ransom hackers.

    Most security experts recommend the same route as Radiohead—never pay the ransom, because there’s no guarantee you’ll recover files or prevent their release.

    Sextortion

    If you think ransomware is bad, there’s an entire subgroup of it aimed to profit off sexual shame. Cheekily named “Sextortion,” some hackers creatively upgraded the classic email phishing scam to scare victims into handing over Bitcoin.

    According to Fortune, hackers have already racked up over $900,000 with sextortion. In these phishing emails, the sender claims to have spied on you while you watched porn—and has webcam footage of the salacious deeds. The message then demands a Bitcoin ransom, or else face the social and professional consequences of this lewd video getting sent to all your contacts.

    To make the threat even more believable, the sender references a previous password tied to the user’s email account. According to Krebson Security, a sextortion phishing message might look a little like what’s written in the sidebox.

    In rare cases, the threats are real—and hackers get their hands on some sexually explicit photos. Recently, American actress Bella Thorne fell victim to sextortion. Last Saturday, she took a similar, albeit more risqué, route as Radiohead, opting to release her nude photographs on Twitter in order to take the power away from her hacker.

    Last thoughts

    So, what’s the best way to avoid your personal, or, business from costing thousands in virtual currency? Since most of these emails are fake, you can just avoid them with a spam filter. And you should probably buy a webcam cover…just to be safe. When it comes to general browsing- we suggest using a VPN.

    Read more about VPNs here

    There are now more secure anti-hacking tools that use the Blockchain and offer great protection, especially against identity theft. Have a look at our feature on Tokenisation.

    Most online services now like mobile banks, offer App-based 2-factor authentication. This should now be regarded as the minimum security for ANY online account or App.

    To avoid hacking or phishing scams in general, optimizing your cybersecurity and using online common sense will save you loads of time, trouble and money.

    Cybersecurity by Acunetix
Translate »

This website uses cookies. By continuing to use this site, you accept our use of cookies.