Cybersecurity is one of the hottest topics in the tech industry right now. Online privacy and safety are major issues that affect not only big business and high-ranking government officials but also ordinary users like you and me.
Last year, Yahoo starred in the largest security breach in history, revealing half a billion accounts had been compromised for years. The NSA, FBI, and CIA have also been regular targets of hackers who later disclose top secret info and tools.
While tech giants do their job to keep users safe and the media reports on hacking incidents constantly, few people actually know how these attacks are carried out. Below, we list a few of the most common ways in which cybercriminals get access to your data.
Clickjacking, quite simply, refers to hijacking the clicks someone makes on a website. By fooling them into believing they are browsing a legitimate site, hackers can gain access to information such as usernames and passwords.
Also known as UI Redress, cybercriminals carry out a design overhaul of the site, sometimes as simple as placing an identical ‘skin’ on top of the original to achieve their goal.
2. Bait and switch
Another common hacking technique is known as bait and switch. Just like the real thing, it consists of switching up a legitimate piece of software for malware without the user’s knowledge.
A variation of this technique might involve the download of both the original program the user wanted to download and, covertly, the malware string. In this way, the malicious code hides and persists in the terminal as it was never downloaded while it collects and relays information to hackers.
3. Phishing scams
Phishing scams rely on the target’s ingenuity to click on a tailored message sent to them with the sole purpose of getting their information. Hackers “fish” (or phish) sensitive data, waiting for users to click on their bait.
These became more notorious recently after Hillary Clinton’s campaign manager fell for one disguised as a fake message from Google that prompted him to change his password. Pop-ups and false messages are usually the main channels for phishing.
4. Fake WAPs
Fake WAPs, or Wi-Fi Access Points, require only a hacker with a computer and a piece of software that turns his terminal into a hotspot as well. With a little tech savviness, he might disguise it as a legitimate connection at a popular coffee shop, airport, or store.
After that, cyber criminals can virtually gain access to the browsing sessions of all the people connected to their fake setup. They can take advantage and steal the cookies of their browsers, or plot a waterhole attack to sting multiple computers.
5. Keylogging or password guessing
A keylogger is a piece of software that detects and captures keyboard strokes to find out logging information, namely usernames and passwords. Not all of these programs are illegal, but more often than not they are used for questionable purposes.
Hackers might use some sort of keylogging technique, or they might just use social engineering to guess your password. Most people use public information like pet names and birthdays as their passwords or security question answers. Sometimes, all it takes is some trial and error to come up with the right combination.
6. DDoS Attacks
DDoS attacks are a little more sophisticated than most but equally notorious. The acronym stands for Distributed Denial of Service, and it consists of flooding servers with multiple requests at the same time to take it down due to traffic overload.
Cyber criminals have devised clever techniques to maximize the damage and effect of these attacks, most notably using botnets to command hundreds of thousands of zombie computers at once.