Hackers don’t need to know you before they steal your password or other important information. In fact, they have probably never seen you before and may even speak a different language. After all, we can’t assume the hackers who compromised 3 billion accounts at Yahoo would have known everyone behind those accounts to carry out their hack. If that’s the case, then how do they steal passwords at all?
That’s what we are going to shed some light on today.
Common Hacking Techniques
Depending on the kind of password in question and how sophisticated the attacker is, here are some ways by which hackers gain unauthorized access to accounts:
1. Man in the middle attack
This attack is mostly propagated when the victim is accessing the web via an unencrypted network. Such networks are always around us. Many users prefer to look at them as convenient public Wi-Fi connections. However, since these networks lack good security protocols, it becomes easy for hackers to place themselves between the user’s computer and the platform they are accessing. Any piece of information being sent on that network will always pass through the hacker before it arrives at its destination. This includes all of the chat messages, emails and password information. The hacker can then collect the information they want and use it as they please.
Fix: Stay away from public Wi-Fi networks as a whole. If you must use them at all, layer the connection over a VPN (virtual private network) so that your internet data is passed through secure tunnels to ensure no one can snoop in from the outside.
2. Phishing attacks
Phishing attacks are so commonplace, they have become the most popular social hacking tool for many hackers.This form of attack starts off in the form of a seemingly innocuous email or text sent to a user. The message is constructed to look like one coming from a service, or person that such a user would normally trust. At the end of it all, there would be a link in the message to lead such a user to an online page where they should take some action. The tricky part is that this link would takes the user to a page designed to look like the exact one. As soon as they enter their login information, the hacker gets that data in real-time. They can now use that login to access the user’s real account and do whatever they like on it.
Fix: Don’t click on links in messages (texts or emails). It is better to type out the links in your browser address bar yourself.
3. Brute force attacks
When all else fails, brute force comes to the rescue for hackers. That is why not just any hacker makes use of it, but the cream of the bunch. After all, it takes a lot of time to get results, and the resources dedicated to this hack are just as extensive. With brute force attacks, a computer algorithm is fed all possible characters which could make up a password. That includes all the letters in the alphabet, the numbers, special characters and symbols. The algorithm then starts running them in different lengths and combinations till they come up with one that fits into the user’s password model. This is the technique employed against some of the strongest passwords when all other forms of hacking would not work.
Fix: The best way to fight against brute force attacks is by limiting the number of password trials on your accounts. Thus, the account gets blocked whenever someone tries different passwords a set number of times. Likewise, you should consider generating strong and random passwords for all your accounts so that the brute force attack will even take years to crack a single password of yours.
Malware attacks are made to happen in a different number of ways. No matter which one it is, the general concept is one where a malware is installed on the user’s computer and used to the hacker’s advantage. The malware in this case can be programmed to do a lot of things. For one, it could be a key-logger that would silently gather all the keystrokes of such a user which can then be later analyzed by the hacker to determine which key presses were for passwords. Likewise, the malware can take over the computer (called ransomware) and deny the user access until they pay a certain amount.
Fix: Don’t side-load applications on your smartphones and computers. Only download from your official app stores. Likewise, scan email attachments before you download them. Finally, be careful of inserting just about any USB stick into your computer.
While this list is certainly not complete, it details some common tactics by which hackers gain access to user accounts. As you can see above, though, the good news is that you can prepare for and foil many attacks.
The question now is, will you?