How do Crackers(Black Hat Hackers) gain access to your account?
- Phishing: The most common way a cracker uses to steal your credentials is “Phishing” . Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. To be more clear it involves creating of a fake website, page or gateways to trick you into thinking it as authentic.
- Keylogging: Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. Keyloggers record every letter you press on keyboard also it does record the applications we use or websites we visit etc.
- MITM (Man-in-the-middle attack): In cryptography and computer security, a man-in-the-middle attack (often abbreviated to MITM, MitM, MIM, MiM or MITMA) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. The trick used in this is to set up a engine(possibly a server or any other method) between two connections(b/w you and a website you are connected) and monitor all traffic(even passwords).
- Brute Forcing: This is the most naive form of attack that involves guessing of usernames and password.
- Dictionary Attack: An advanced form of brute-force attacks that uses a password dictionary(A password dictionary is a list that contains billions of commons passwords used by a user).
- Social Engineering: Social engineering is a non-technical method of intrusion crackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter.
- XSS(Cross-Site Scripting): Cross-Site Scripting (XSS) vulnerabilities are a type of computer security vulnerability typically found in Web applications. XSS vulnerabilities enable attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. This is not for normal users to understand this type of attack. It’s beyond user control to prevent it. Developers need to pay Attention to this.
- SQL-Injection: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). This is not for normal users to understand this type of attack. It’s beyond your control to prevent it. Developers need to pay Attention to this.
These are only a few most common ways to steal credentials. The next part cover ways to prevent them.
How to prevent Yourself ?
- Don’t just keep a good password. Use a unique password instead. Random use of UPPERCASE, lowercase, special characters(!@#$%^&*+/*-) Numbers(0123456789) make a password unique.
- NEVER use same password twice. Keep different passwords for all online accounts you have.
- No matter what the situation is NEVER tell your password to anyone. DON’T respond to any messages, emails and requests from unknown persons.
- Refrain from using OPEN WI-FI . Sometimes hackers trick users providing them open wi-fi and let everyone connect to our network. Now they can monitor your traffic and worse even control your phone or whatever the device you may be using. If you ever have to use a open wifi use a proper VPN service. A virtual private network (VPN) is a method for the extension of a private network across a public network, such as the Internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network, and thus are benefiting from the functionality, security and management policies of the private network.
- USE FIREWALLS. Firewalls are the last line of defence between your device and a cracker. You must have all ports closed to avoid anyone access to your computer.
- DON’T JUST INSTALL ANYTHING. Only Install softwares from a VERIFIED vendor on your computer. Don’t just use any browser add-ons, toolbars and extensions many are designed to modify pages you view or monitor traffic. On phones be very very careful while installing applications. Have a proper look at the permissions they are taking. Some apps may be useful but they take more permissions than needed and exploit you. Suppose you installed a calculator application and permissions it took were access media files, connect to internet, send messages etc. Now you yourself can think that these permissions aren’t required. It may be that the Calculator app you installed might be accessing your photos, personal files etc. and sending them over internet to someone.
- Change your Password Monthly.
- LOCK DOWN YOUR PRIVACY. Keep a check on your privacy settings on facebook, twitter, and gmail. Do you Know that the things you hide from your timeline are still visible elsewhere. So always set things as only me instead of hiding it from timeline on facebook.To have a checkup of your privacy settings visit http://www.secure.me/ .
- DON’T THINK HAVING UNIQUE PASSWORD IS ENOUGH. Setup TWO-STEP verification for facebook, twitter, microsoft and google(or all accounts that support it). 2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone. Read here for more: https://support.google.com/accounts… and here https://www.facebook.com/notes/face… and here http://windows.microsoft.com/en-in/…
- NEVER USE YOUR ACCOUNTS ON A PUBLIC COMPUTER. Public computers are computers that many people have access too. These include the computer at school, cyber cafes, kiosks etc. If you ever have to use you account in such computer refrain from using physical input(Keyboard), Use virtual keyboard instead.
- SSL: Always look for a proper SSL certificate on the website where you are entering sensitive informations. But with increase in technology at such a fast pace SSL can be faked.Use browser such as Chrome,Firefox that warn you if you are at risk of visiting a fake website.Pay close attention to where you are online. Many phishing sites appear to be legitimate, but if you look closely at the address bar you will see that you are not really at your bank or site that you thought you were going to.
- Don’t just fill anything asked in any web forms or any others. Think before entering any information anywhere.
- Keep Everything Updated. Keep up-to-date your operating system, any programs you have installed and, most importantly, your antivirus software. Turn on the auto‐update feature, and let your computer update itself automatically. Be sure to reboot if it asks you to.Always update your softwares, apps as with new updates comes patches for security vulnerability. Uninstall any software you do not use. Outdated programs often have security problems.
- Be careful with what you post on social networking sites about yourself, your friends, family and colleagues and your job. Remember: “Once on the Internet, always on the Internet”.
DO SHARE THE POST TO HELP OTHERS. Following above rules will help you stay safe.
Have any Questions? Leave your comment below:
Also published on Medium.