The advent of the digital age is a source of blessing in a way that makes life easier yet, it comes with some challenges including malicious hackers and cyber attacks.
The threats posed by hackers to organizations and individuals have become a major concern as those fraudulent elements keep on increasing and devising new methods of perpetrating their sinister acts.
According to research by a software testing firm, not less than 30,000 websites are hacked daily worldwide and every 39 seconds there is a new cyber-attack launched at someone on the web.
Let’s dig deeper into how hackers operate and how you can protect yourself from cyber attacks and scams.
Social Engineering
Social engineering is a tricky one! Hackers can manipulate you by posing as someone you know and compel you to take action if they want to steal your information. For example, they may send you a link from a hacked social media profile, and create urgency by asking you to take some action.
After you click the link, you will be taken to a page that will require you to sign in to your Google or Apple, or similar account. But the form does not login to your account, it will instead be a fake login page created by crooks to steal your login credentials.
A recent example of a successful social engineering attack includes the Singaporean identity fraud scammer Ho Jun Jia (a/k/a Matthew Ho, a/k/a, Prefinity a/k/a Ethereum Vendor) who is now in prison for scamming in the name of the co-founder and co-chairman of Riot Games Mr. Marc Merrill.
Ho also used social engineering skills to trick Google and Amazon Web Services (AWS) into providing $5.4 million worth of cloud computing services by using personal details of Merrill.
Keylogger
Keylogger is designed to secretly spy on victims and can capture everything you type on your keyboard and every command you execute. It captures your passwords, credit card numbers, keystrokes, and browsing history.
It is worth noting that a keylogger can be software or a hardware device such as a malicious USB.
Software Keyloggers sneak into your computer system via harmful links or attachments. A hardware-based keylogger can be installed on your device if attackers have physical access to your computer.
Public Wi-Fi Eavesdropping
Wi-Fi eavesdropping can be defined as the act whereby your vital data is stolen by a hacker after exploiting an unsecured public Wi-Fi network. Because some public Wi-Fi allow unsecured transmission of data, your vital information, and files that are unencrypted are at the risk of hackers.
One of the gimmicks used by hackers is that they would name their hotspot after the name of the business premises or shopping mall etc. The Wi-Fi will probably be free and without a password so you are tempted to go for freebies.
Once you connect to the hacker’s Wi-Fi, the hacker can see everything you do and steal your personal information including passwords. You can avoid this by not using public Wi-Fi, using your own hotspot device plus enabling your VPN at all times.
SIM Swap Fraud
A SIM swap attack is when a cybercriminal(s) calls your network provider and impersonates you. They claim that your SIM card is lost and they want to port your number to a new hacker-controlled SIM card.
Of course, your network provider will ask some questions to identify the person requesting the swap. These questions can be easily answered based on the Infomation you have provided about yourself on your social media accounts. (Don’t share your personal information on social media).
In this age of two-factor authentication (2FA) and USSD banking, your SIM card is coveted by hackers. This is because when they get your SIM card, they can bypass 2FA and intercept OTP (one-time password) as the verification code is sent to your swapped phone number.
Equity and forex trading brokerages also offer online trading apps that use 2FA to verify and authenticate users. When your SIM has been swapped, this verification code goes straight to the hacker who now controls your phone number.
Once the attacker has the verification code, they can link a new account to your investment, crypto wallet, or trading app and wire funds out. They can also use the funds in your account to buy worthless shares from other scammers thus enriching them and impoverishing you.
Browser Hijacking
An attacker can install malware right into your internet browser without you even knowing. This can happen when you click on an unknown link or download an app from a 3rd-party store. Most of the apps available in such stores are Trojans meaning they are not what they claim to be. By installing them, you could install a virus into your browser as well.
The virus in your browser then begins to redirect you to hacker-controlled sites that resemble legitimate sites. From there, your passwords are collected and used to access your accounts.
IP Spoofing
This is the act whereby a hacker hijacks your browsing connection through the usage of a fake Internet Protocol (IP) address. A publication by Dell Technologies shows that there are over 30,000 spoofing attacks every day around the world.
IP spoofing scams mostly occur at a location where internal systems trust one another in a way that users can have access without any username or password, provided they are connected with the network.
It involves the act of masquerading as a fake computer IP address in a way that would look like a legitimate one. In the course of IP spoofing, attackers convey a message to a computer system with a fake IP address which shows that the message is coming from a different IP address.
Domain Name System (DNS) Spoofing/ Poisoning
The term ‘spoofing’ has to do with impersonation. In this case, a hacker’s computer is impersonating a legitimate computer on a network. A domain name is simply a website name like ‘www.google.com’
DNS spoofing, let’s assume you want to visit Twitter and you type the domain name ‘www.twitter.com’ into your browser’s URL bar. This domain name is sent to a DNS server which converts the domain name of Twitter into an IP address example 172.28.213.15 which is supposed to be the IP address of Twitter’s official computer server.
The hacker spoofs it by deceiving the DNS server to convert Twitter’s domain name into a different hacker-controlled IP address which takes you to the hacker’s server instead of Twitter’s server.
The attackers could have designed a fake Twitter page and hosted it on his spoofed server. Once you attempt to log in, they can steal your password and use it to access your account.
The result of DNS poisoning is that any information you send is routed through the hacker before it gets to the web. This allows them to steal your passwords and access your accounts.
Domain Spoofing
This online fraud, also known as a homograph attack occurs when a hacker makes use of a domain name that greatly resembles the website you are trying to visit. Perpetrating this act, the hacker replaces the characters in the fake domain name with other non-ASCII characters that look much alike in appearance.
It will be designed in such a way that you may not notice the difference, as you would be assured about the secure connection of the browser. To begin the process of HTTP spoofing, the cyber attacker’s first step is to register a domain name that resembles yours.
The scammer would then proceed to send a link to you, and you may likely not notice that you are visiting a fake version of the site you planned to go to because the majority of browsers display puny code host names in their address bar. One such example is:It’s Google.com not ɢoogle.com
This scamming system is designed to even prove to you that the website’s SSL certificate is real, thereby preventing you from detecting the fraud.
Session Hijacking
When you visit a website, you might notice a popup prompting you to allow cookies. Cookies refer to your personal information stored temporarily in your computer’s cache memory and are deleted after you leave the site. (Here’s how to disable Cookies notice for good).
Cookies contain a unique ‘session ID’ number which if gotten by a hacker, will enable them to take over your session. An attacker can steal your cookies using different means such as phishing scams where they send you an email containing a malicious link. When you click on the link, it will install malware for session hijacking.
The point here is, that once an attacker steals your cookie or gets your session ID, they can take over your browsing session and if you were visiting a bank website, they can steal your funds. You may notice the page freeze, or some technical difficulty while this is going on and when it’s over, your money is gone.
Don’t Be Caught Off Guard
- Never download files from suspicious emails, messages, or contacts. Also, never click a link shared by an unknown source, or enter your account details and password on websites that you don’t trust.
- Ensure that your two-factor authentication is enabled. Or you can also use token-based logins.
- Don’t send PINs, passwords, and your financial details via text or email.
- To guard against IP Spoofing, ensure you use a Virtual Private Network (VPN). Or use anti-malware software with web protection, that blocks unknown websites.