top of page
Jan 8, 20236 min read

5 ways Hackers are Getting into Your Computer

Here we go! First post of 2023, “5 Ways Hackers are Getting into Your Computer”


#1 holding first place through the years, Phishing Emails!

We are going to start off with an oldie, but goodie Phishing emails. You may think of phishing emails as obvious spam messages from a Nigerian prince who would like to ask you for a favor, or for a couple hundred bucks... Ok we see you Mr phishing email and we are not amused...but attackers are getting really, REALLY sly with their tactics when it comes to phishing cyber attacks.

Bad guys are using the most common forms of human fear or excitement to leverage topics that get people interacting with malicious, malware infected emails. Some common topics will revolve around money, love, death, and social media. If you are in a targeted pool, you may even tailor emails to you or that pool.

Example: Say you work for an company and an email comes through looking JUST like something that would come from your boss, or better yet your bosses boss. The branding is perfect down to the logo and your higher ups name. Would you be likely to trust it?


How to protect yourself against phishing cyber attacks.

  • Be suspicious of all emails that have attachments or ask you to click on a link. Though your email from any reputable provider will be safe to view, clicking any items within the email could send malware rampant thought your system, or give a cyber criminal access, leading to a devastating personal or professional loss.

  • If something looks suspicious directly contact the company or person the email claims to be from, do not click on the provided link or documentation.

  • Look at where the email is coming from. The phishing email may say it is coming from your friend jessie but you know her email is jessie@hotmail(.)com when you take a closer look at this domain it's from jessie@hotmaiI(.)com the L in Hotmail is actually a capitle i. They can be sneaky like that so be careful!


 

#2 Next up, Social Media Scams!

Social media scams where the cause of $770 million in losses over 2022 according to the Federal Trade Commission. Here are some of the top ways attackers have leveraged social media to scam their victims.

  • Malicious direct messages loaded with bad files, requesting information, or trying to lure the target to a different site.

  • Pig Butchering, the attacker creates a fake romantic or friend relationship with the target (the pig) and then "butchers" them by carrying out the cyber attack. Most of the time these attacks are focused on monetary gain but could also be for access to information or assets.

  • Fake ads trick victims into sending money, putting in personal information, or credit card data.

  • Using surveys and quizzes to gather data on targets to facilitate future attacks or sell the data to other bad guys who could carry out attacks. Doing the survey you may find out your sprit animal is a fuzzy pink wolf who lives in the forest but an attacker now knows your birth month, day, year range and letters in your name.

  • Tagging scams. The target will get a notification that they have been tagged by what looks like the social media provider "Your account is suspended follow this link to activate your account." The pages/posts are set up to look remarkably like the legit platform so it feels natural to trust. Victims are then lead to a page then prompted to put in their username and password, well my friend now the hacker has access to your social media account.

How to protect yourself against Social Media cyber attacks.

  • Make sure you have solid passwords on your social media accounts.

  • Be suspicious of any accounts that have been recently created or look like they have never been used the way the platform is normally used.

  • If you get a friend request from someone you thought you were already friends with, go check it out. Hackers will create fake accounts of your coworkers, friends and family members.

  • If you see an ad being run for a "best deal of the year" that you couldn't possibly pass up....go directly to the company website and see if the promotion is ligament or not.

#3 Bad Password Management

Oooooh passwords...

Unlike your relationships passwords should be complicated. If you have a weak password, it's just a matter of time before it's cracked. A few attacks that are particularly successful against weak passwords are...

  • Brute Force Attack. If you think of a password being the key to open a door, brute force is kicking the door down. Using algorithms hackers can run 2.18 trillions password guesses in approximately 22 seconds, so if your password is pass123 (or something simple)...there is a good chance it will be revealed in the process.

  • Dictionary Attack. A Dictionary Attack is another type of Brute Force Attack but it focuses on basic key words and in more sophisticated Dictionary Attacks, attackers will use key words that are specifically important to the target.

  • Rainbow Table Attack. A Rainbow Table Attack is a bit different as it's process is searching related hashes. Another key difference is that with a Rainbow Table Attack there are no precomputed data sets like there is with Brute Force or Dictionary Attack.

How to protect yourself against Password Cracking Attacks

  • Use strong passwords. The stronger your password the less likely it will be guessed. A reputable password management app may help if you don't want to remember a bunch of complex passwords.

  • Multi Factor Authentication. Meaning to gain access there must be two types of authentication in 2 different categories. The categories are "something you know" like a password "something you have" like physical token app or pin and "something you are" like a finger print or face scan.

  • Change your password often, especially if you think you may have been breached.

#4 SEO Poisoning & Malicious Software

This one is a newer type of cyber attack but was on the rise over 2022 and I suspect we will see more through 2023. For those of us that grew up around the internet we are hardwired to think if we type something into a search engine (like google) the results at the top are trustworthy. Well the hackers know this and are leveraging it to their advantage. The bad guys are using SEO and google ads to manipulate users into downloading malicious software.

  • Cyber criminals are creating webpages to serve up their evil versions of common software.

  • Leveraging SEO and keywords bad guys make sure their evil pages pop up at the top of the users search result, gaining user trust.

  • Taking advantage of Ad poisoning. Attackers can run ads just like anyone else and can use the top ad spot to trick the victim into clicking onto the malicious side.

How to protect yourself against Malicious Software

  • If you need to download software go directly to the company URL, do not search for the software name in the search engine.

  • Look at the URL of the page you will be downloading the software from. Is it the legit page? If you aren't sure take a few moments to do a little more research. It could mean the safety of your data.


#5 Outdated Software/applications/extensions.

Like phishing, this one has been around for a long time, however the more applications, extensions and software we work into our digital landscape, the more vulnerable our attack surfaces become.

  • Attackers have the pulse on what vulnerabilities are out there and will target users with this knowledge. Say there is a vulnerability in Minecraft (if you need a good example look up log4j, spooky stuff) and it's a game you play all of the time but never think of what version you are on. If there is a known vulnerability in version 2.0 the company (Minecraft in this scenario) will put out a patched or "fixed" version. It is the responsibility of the user to update that app to the fixed version. If you let that old version sit on your system it could be opening a door for a hacker to walk right through.

How to protect yourself against outdated Software/applications/extensions

  • This one is pretty simple, keep all of your software, applications, and extensions updated with the latest versions.


So as you see there are a variety of ways a hacker can break in to your computer, and these are just a handful of many more. It is on you to ensure your data is safe from attack so, until we chat again


lock it down, trust no one.


If you want to stay connected sign up for the mailing list. Suggestions for topics always welcome!















Sources


https://www.onelogin.com/learn/6-types-password-attacks


https://www.aura.com/learn/social-media-scams#:~:text=Social%20media%20scams%20are%20a,that%20lead%20to%20malicious%20websites.


https://www.cloudwards.net/ransomware-statistics/


https://www.cyber.nj.gov/garden_state_cyber_threat_highlight/seo-poisoning-what-is-in-your-search-results

Comentarios

bottom of page