Hello, and welcome to another blog post! Today, we’re diving into a lot of technical stuff about protecting from online attacks, but it’s for a good cause, we promise. Too many folks are losing access to their Facebook pages or accounts, or they’re having their data scraped and sold. We’re going to start off by explaining the different kinds of common attacks, and then we’ll go into steps you can take to prevent them. Ready? Great. Grab a cold beverage, and let’s get rolling.
We’re sure you’re familiar with most of these, but we’re going over them anyway. Here are the different types of hacks:
- Phishing – This is where a cybercriminal attempts to steal your passwords to get into your accounts. They get really tricky, and their attempts can directly mimic communication from your bank or other services.
- DoS and DDoS – This is when your device is basically held for ransom. Cyberattackers flood your network or machine with a waterfall of requests so normal traffic is unable to access it or they overload your machine with information/processes so it locks up. In a DoS attack, the information comes from one source, but in a DDoS attack, it comes from many.
- Bait and Switch – If you’ve ever visited a website where you thought you might get something cheap that you’d usually have to pay a lot for, entered your payment information, and then were redirected to a page that locked your browser up, you’ve fallen for a bait and switch attack. These attacks usually appear in the form of ads on websites you visit. It looks like one thing, but is, in fact, something completely different.
- Cookie Theft – This occurs when you visit a site via public Wi-Fi or some other unprotected network. Thieves copy the session data and use it to impersonate you.
- Virus, Trojan, Malware – These are things like worms used to mine your data or take over your machine. They include things like Ransomware, Spyware, and Adware. If you’ve ever downloaded something only to have a billion ads suddenly appear in popups, you’ll understand what these are. Trojans tend to pretend like they’re harmless only to install one of these more malicious things, and viruses tend to damage your system.
- ClickJacking Attacks – This is a user interface redress attack and has many layers to it. You visit a website only to find several ads or other links that encourage you to click, and you end up giving away your login credentials for the original site when you click.
- Fake WAP – This is basically fake, free Wi-Fi. Hackers set up a free access point that looks legit, and you connect to it to browse, logging in to all your favorite sites. Bam. Information stolen.
- Keylogger – It’s exactly what it sounds like: A program that will log every key you press on your machine or device. These programs usually run in the background and are invisible, but you can usually route them out using a keylogger detector and removing the software.
- Eavesdropping – This is when your network communications are being watched, or listened to, by a third party. They can gain access to everything that you send over the network and can be done via cell, email, or phone lines.
- Waterhole Attacks – This is when a hacker infects a website that’s visited/used often. They then infect the website with malware, which sometimes trickles down into users’ systems.
- Brute Force Attacks and Cracking Passwords – This is when a hacker either forces their way into your account or just runs a program that tries a billion different passwords until it gets them in.
Ways to thwart these attempts:
- Never click links in emails. Ever that will Protecting you from online attacks If you get an email or text message that looks like it came from your bank, PayPal, Facebook, or any other online account you have, open a browser window, type in the URL for that service directly, login, and see if you have any messages. If you have the app, even better. If that service needs to get you a message, it’ll be on the platform. All it takes is one click to compromise your security.
- Never download a “fix” to an online warning that your machine is being attacked or click any link. Close the webpage right away, and shut down your machine. Disconnect your router for a time. When you boot back up, do NOT connect to the internet before running your malware or virus checker. Set your internet security on your machine to its highest setting before reconnecting your router. Be sure everything is okay before going back to the settings you had before.
- Never enter credit card or banking information if the link looks sketchy. Use a third-party app like PayPal or Shopify as a mask to protect anyone getting hold of your direct information. If the site doesn’t take any type of third-party payment vendor, leave. If your browser locks, force close it, and follow the instructions for the previous item.
- Don’t use free public Wi-Fi and visit your bank, or other sites, via the browser on your machine unless you disable cookies or use an SSL connection. This will help prevent the storing of information that can then be stolen by someone else using the network.
- Never install software or download something (yes, even pictures) from a site you’re not familiar with. This is how viruses and other things end up on your computer. Some of the worst perpetrators of this are websites that host pornographic content.
- Don’t click ads or links that appear on sites where they usually aren’t. If it looks fishy in any way, run as fast as you can. Close everything, reset, and run your antivirus program.
- Have a routine to check for programs you didn’t install. If something looks weird, look it up online and see what it is and what it does. If you feel you don’t need it, remove it.
- Don’t use easy passwords. Be sure the passwords you use are as complex as possible and that you change them often.
- Use a third-party approval for unknown logins. There are several apps (one of them is connected to Google) that will force you to put in a secret code when you login to one of your accounts from an unrecognized device. That code can only be obtained via the app, and you only have five minutes to get to it and enter it before it resets to a new one.
- Have strong cybersecurity protocols in place. This is for the corporations out there that house tons of user data. You need to protect it. Period.
Of course, there are other ways to Protecting from online attacks, and one of those is just staying offline, but since you’re obviously reading this online, we have to assume these tips and tricks will probably come in handy. You may have known about them, and you may have not, but now you don’t even have an excuse—you’ve read all about it.
Thanks for reading, and we hope you got a lot out of this post. While you’re around, be sure and check out some of our other posts. We have a ton of informative (and fun) stuff to read.
If you’re interested in CloudQ’s Cybersecurity services, contact us, and someone will be in touch with you soon to discuss options.