This post first appeared on AFDtechtalk, authored by Kwamina Eyiah Arthur
How secure are your online accounts? One of my friends recently got her Instagram account wiped clean. She had over 3,000 carefully curated photos and almost 10,000 followers. By the time the hacker was done with her, she had less than 2,000 followers and exactly 0 pictures.
She asked me a very simple question about how exactly hackers gain access to people’s accounts and devices. Today’s post examines the commonest ways hackers use and how to guard against them.
Guessing
Yes. Some hackers simply guess your password and get access to your account — as simple as that.
There have been many crusades about choosing strong passwords but it will surprise you the number of people that use very horrible and extremely simple passwords like ‘12345678.’ Splashdata’s fifth Annual Worst Passwords list shows some outrageously weak and easily guessable passwords:
How Do I Prevent This?
- By using strong passwords, you can easily prevent someone from guessing your credentials. A strong password consists of characters that are a combination of letters in both uppercase and lowercase, numbers and symbols (!, @, #, $, %, &, *). Just by including a symbol or a number, you can astronomically make a guesser’s work very difficult.
- Do not use one password for all your online accounts. That way, your entire online presence will not be at risk if one account is compromised.
Phishing
When fishing, we attach food to a hook and line and just casually let it sit in a lake. A fish, unaware of the potential danger and swayed by the food tries to eat it, only to be ensnared by the cunning fisher.
This is how phishing works. You are fooled into entering your credentials by being sent a very enticing message like “Congratulations! You just won $50,000. Sign in with your email to receive your reward.”
By falling for this, you easily hand over your credentials to a hacker on a silver platter.
There is a myriad of catchy and clickbaity descriptions phishers use into tricking you to provide your sensitive data.
On Facebook, I’m pretty sure we have all seen posts that go like “You wouldn’t believe what Ella said about you.” After you click on the malicious link, you will be asked to sign in with your Facebook account to view exactly what Ella said.
If you fall for this, the schemer could have access to your account and do you harm.
How Do I Prevent This?
- Enter sensitive information on secured websites only. How do I know if a website is secure? If it begins with “HTTPS” instead of “HTTP” and is preceded by a green padlock icon, it means the site is secured using an SSL Certificate.
- Do not click links in unsolicited emails. Report all emails you don’t request for as spam. Also, if you click on an image on Facebook, it should load without requesting a login. If it does, that is a red flag.
- If you choose not to follow the second recommendation and click on links in unsolicited emails and on any of the social media platforms, do not enter your email address and password to ‘unlock’ the document or the picture.
- Look out for some of the characteristics of phishing schemes — Messages may have bad grammar, pixelated images, and headings, and threaten loss of money or information unless a quick action is taken.
- Unfortunately, you have not won $50,000. Luck doesn’t work that way.
Keyloggers
Keyloggers are very nasty. Once they gain access to your phone or computer, they record every keystroke you type. Everything you type will be logged and uploaded to the hacker in plain text!
The hacker will then sift through the document which will likely have your sensitive information and potentially take over your online accounts.
How Do I Prevent This?
- One sure way of installing a keylogger on your computer or phone is to pirate applications. Beware the sites you download executable files from
- Hackers work tirelessly to explore vulnerabilities in apps and operating systems. So by constantly updating your apps and OS with the latest versions available, you are assured all known exploits have been patched.
Remote Connections
Windows users have probably seen “Remote Desktop Connection” and “Windows Remote Assistance” somewhere on their computers before.
With this feature , you can get assistance from a specialized IT staff by connecting your PC to the staff’s so that the staff sees exactly what is on your PC – as though they are the one using your PC – but from another location.
Once connected, every command that is issued from the remote location is implemented on your system, as though you are the one issuing such commands.
Using Remote Administration Tools, hackers can walk right into your system and mess your digital life up causing significant damage to your files and online accounts.
How Do I Prevent This?
- Make sure you have an updated antivirus software installed on your computer. If you’re using an Android device, you do not need to install an antivirus app. Here’s why
- Always have your Windows Firewall up. This will beef up security and help protect computers from hackers and malicious software
- If you can, avoid using public WiFi connections. If you have to use a public WiFi connection, make sure you tell Windows to treat it as public
- Make sure your router security settings are current and up-to-date
- Update your browser frequently
Trojan Horses
Just as the people of Troy got Greek soldiers trained to do major harm in addition to the wooden horse they allowed into their territory, trojan horses are applications that contain harmful lines of code which get executed as the user installs or runs such applications.
Trojan horses are embedded in unsuspecting and ‘friendly’ applications, like games. But once you install that, you will get more than a game.
How Do I Prevent This?
- If you pirate software, you probably have used a ‘keygen’ to patch files before. Most of these keygens contain trojans – which is why Windows warns you before executing. You may have successfully licensed the product in question but you may probably pay for it with your passwords and credit card details
- Do not set removable devices to auto-play. Your system can easily be compromised if autoplay is turned on
- Constantly update your antivirus software on Windows.
- Turn Windows Firewall on.
- Do not grant administrative rights to all user accounts on your computer. For example, your work account should have limited access if you use your personal computer at work
- On Windows, make sure User Account Control is turned on so that you will be notified when an application wants to run.
Conclusion
Never underestimate what a bad person could do with your online account should he/she have access. Imagine someone uses your Facebook account log into a shopping site, use a fake/stolen credit card to purchase items.
Who do you think will end up being arrested eventually, the hacker or the account owner?
If your account holds zero information and includes nothing useful to anyone, remember there’re a million ways one could jeopardize your reputation or get you in trouble.
Featured image credit: bobchoat.com
[wp_ad_camp_3