Contact Form

Name

Email *

Message *

Follow on LinkedIn
Image

How Not to Get Hacked?

 

Hacked?


Are you SMART?

Obviously, you’re and we’re.

In this technologically advanced world, almost every individual is carrying at least one of the smart devices (smart phones, smart watches, smart tv, smart fridges, sensors and trackers, etc.) and connected to the internet one way or another.

And with these devices we’re generating tons of data (personal data - birthday, hometown, national identity, jobs, current location, marital status, health data - blood pressure, oxygen level, sugar level, etc., financial data - ATM/Credit Card details, transactions, etc.) and we share them over the internet.

Though the devices and systems are making our life easier and better, have you ever thought what devastation can be caused if this data is accessed by bad people.

The destruction can be unimaginable. 

And the people in developing nations are more vulnerable to such scams and hacks. Because people have just started to use mobile/internet banking (Paypal, Paytm, eSewa, fonepay, etc.), they don't follow the best security practices and are unaware of such scams.

So, even if the systems and apps are highly secure, the end user is highly vulnerable to such attacks and scams.

Thus, Digital Literacy is the only measure to protect people from cyber attacks. 

(Digital Literacy means educating people about the possible scams and hacks and security best practices to follow for protecting their digital data.)

So, with the aim of raising awareness, I’ll further discuss the different types of hacks, best security practices to follow, real incidents of getting scammed, etc. in layman's terms (very simple terms).


Cybersecurity

Simply, Cybersecurity is the measures taken to protect yourself and IT (Information Technology) systems from digital threats/attacks.

Let’s discuss the few types of attacks that can be targeted to us (individuals).


Types of Attack

Phishing

Phishing Attack


Simply Phishing is impersonating other reputed websites and apps to steal your credentials (usernames and passwords).

Same as Fishing where we need worms as bait to catch a Fish. Here, a hacker will make a clone of websites like Facebook, Twitter, Instagram, etc.

Then the links will be shared to you via email, messenger or text messages with catchy titles like “Find who viewed your profile”, “Girls you’ll love”, “Get 1,000 Subscribers/Followers for FREE”, etc.

And when you click that link, you’ll be redirected to login to Facebook or any other social media (Clone/Copy made by Hacker) and it’s really difficult to distinguish whether it is original or fake.

Many will type their real username and password thinking it's the original Facebook, Instagram, etc. But the credentials are sent to Hacker instead of logging in. Thus, their account gets hacked.


Viruses, Spyware and Ransomware

Ransomware Attack


Simply, Viruses are pieces of malicious (unwanted) code which can overtake your system/pc and can damage your files, hardware and steal the data.

Similarly, Spyware is also malicious code written by a hacker with the purpose of stealing your data and sending it back to the hacker without your knowledge. They will stay silently, they won’t destroy anything so you won’t know about it. But it’ll gather data in stealth mode and send it to a hacker when you’re not using the PC and connected to the internet.

Similar to Viruses and Spyware, Ransomware is installed unknowingly and once installed, it locks your computer or system and encrypts all the data. And if you want your data back, they’ll ask for money (ransom).

How do they get into your PC?

Simply, they will be installed when you download software (apps) and files from unauthorized sites like torrent, or when you browse secure websites and click on ads.


Keylogger Injection

Keylogger


Keylogger can be a piece of code or a small hardware device installed/connected to your computer unknowingly.

These software/devices capture all the keystrokes from your PC which could include credentials (username and password) of websites like Facebook, Google, etc. or Financial Data and can hamper your life.


Brute Force

Brute Force Attack


In simple terms, it’s guessing your credentials (username).

Hackers have already gathered the list of common password combinations and use it with your email to login to any system you might be using. 

So, always make your passwords strong and unique.


And never use passwords like “Your Phone Number”, “Name of your Pet”, “Your Date of Birth”, “I Love GF/BF Name”, etc. 

Also always change the default passwords of electronic devices like routers. 


Automated Brute Force

Automated Brute Force Attack


This can be called an advanced form of Brute Force Attack. It’s difficult to try manually all the available combinations as it takes a longer time.

In order to fix this issue, Hackers have developed systems where they upload the file containing all possible password combinations and the system automatically tries it until it finds the correct combination.


DOS (Denial of Service)

DOS Attack

Simply, it’s sending more data than a system (website and apps) can handle, so it shuts down.

Let’s take an example of organizing a birthday party for your child.

You’ve invited 10 kids. But unknowingly someone (Hacker) invites 1,000 kids from the whole area. So you’re expecting 10 kids but 1,000 appear.

What do you do in such a case? You close the door and will try to make an excuse and send them home.

Similarly, certain web services can handle a limited amount of requests or visitors at a time. And the developer also buys the service based upon the expected number or request. So, when a hacker sends more traffic than expected, then it shuts down its service and you don’t get anything.


DDOS (Distributed Denial of Service)

DDOS Attack

This is the upgraded version of DOS attack.

As we took the example of a birthday party in the previous scenario. Now, in this attack, 100,000 kids will appear at your kids birthday party.

So, originally you just invited 10 kids but 1,000 kids appear in the DOS attack scenario and 100,000 kids appear in DDOS attack. And you may have to close your house for a few days.

Similarly, Hacker will use multiple zombie computers (computers controlled by hackers) to attack you with this DDOS attack. Where in DOS attack you may be attacked by a single system.

And the result could be Server Down, like face on government services in Nepal.

Server Down at Nepal Airport


Evil Twin Attack (Fake Free Wifi)

Evil Twin - Fake Free Wifi Attack

In this attack, hackers will create a free Wifi Access Point (WAP) on public places. Then people will connect to it thinking it’s the original (genuine) one.

Since it's created by the hacker, now they can get access to your device and steal or tamper your data without your knowledge.


IOT Attacks

IOT Attacks

IOT - Internet of Things.

Usually, it’s attacking anything connected to the internet.

These days, everything is smart and connected to the internet. From home appliances like washing machine, refrigerator, TV, Baby Monitors, to National Infrastructures like Electric Power Transmission, Nuclear Power plant.

Just Imagine, Our electric power supply of 110V getting hacked and suddenly being transferred 220V. Can you imagine the destruction it can cause?

Or Our CCTV and Baby Monitors being hacked and being hacked to track our daily activities and intimate moments being recorded and later used for blackmail.


Juice Jacking

Juice Jacking Hack


These days most smart phones are charged with USB cables. And with heavy usage (recording video, browsing the internet, gaming, etc.), battery drains faster than ever. So we need to charge it frequently.

And the hackers consider it as an opportunity to create Phone charging points in public places like buspark, airports, seminar halls, etc.

But USB cable is not only used for charging, it’s also used for data/file transfer.

And when connected to hackers' charging point, they’ll have access to your phone and can steal your data from the phone or install malicious code and control your phone in stealth mode (silently).

Thus, this technique is called Juice Jacking.


Social Engineering

Social Engineering Attack

This is the technique where humans are attacked in order to gain access to systems or apps. It is because hacking a human mind is much easier than hacking a system.

Hackers use human weaknesses like carelessness, laziness, ignorance, sympathy, greed, ego, trust, etc. to find the victim and attack accordingly.

Reason for Social Engineering Attack


Scam is the perfect example of Social Engineering. Let’s Discuss more about it.

Scams

Simply, It is stealing money or data by lying/impersonating (pretending to be someone else).

Some of the major types of scams that are popular these days are as follows.

Credit Card Scams

In this scam, the hacker pretends to be a bank employee and calls a random number. Then tells people (victim) that their ATM/Credit card is going to be deactivated. And if they want to activate it, then they (customer/call receiver) need to send them (scammer) their card details with the OTP code (code that is sent on message by bank for login).

Then the scammer gets all the necessary details and steals the money from the bank of naive people.


Romance Scams

Similarly, in this scam, scammers create a fake profile (male/female) and target the opposite gender.

First they try to be friends with casual talk and later romanticize it by pretending to be future boyfriend (husband) or girlfriend (wife).

And slowly, they will start asking for money indirectly. Either to buy a gift or they’ll tell some of their problems and ask for financial help. And promise them to return the money within a couple of days.

But once they get the money, they disappear.

Also some may impersonate divorcees and tell them things like their partner has given some amount (in millions of dollars), and they’re looking for some genuine partner to share their rest of the life and in return they’d gladly transfer all the money. And as before they’ll ask for money (transfer fees) to begin the process.


Email Scams (Business Proposal, Billionaire Died, etc.)

This is another type of scam where scammers will impersonate some business tycoon from the west and send an email saying something like they’re billionaires or owners of companies and they’re looking for investing opportunities in your country. 

And they’re looking for some locals to make a partner. And if you’re interested then you’ll need to reply to this email as soon as possible. And later they’ll ask for money to begin the process of making you a partner.

Or they can pretend to be a lawyer and tell them that one of their billionaire customers has died. And say things like there’s no one to claim his property and you’re the right fit for it. And he (scammer lawyer) is ready to help you to get that property with a split of 60-40. But to start the process you need to send some amount like $250.


Lottery Scams

And another scam that’s spreading like wildfire is the Lottery scam. In this scam, scammers call or send messages saying that we’ve won the lottery worth millions (lakhs).

And we should contact their manager soon.They also give a phone number.

Later they will say that they’re trying to send the money but first you need to pay some processing fees which could be 1% of the lottery.

If a naive person sends the money, then they’re scammed and the scammer disappears.


Call Center (Tech Support) Scams

I’ve seen this type of scams mostly from India targeted to the western people. They’ll call old people in the US, UK or Australia and tell them that the software is going to expire or the victim's computer is having some issues and they’re authorized customer support for microsoft or dell or other some reputed company.

Then, they’ll tell the victims that a software is needed to be installed to inspect their PC which is usually a malware. Once they install the malware, they will tell them for credit card information and steal the data as well as money from the customers.

You can find such scammers in action from the link below (Here a real hacker hacks the scammer)


Real Example of Scams

1. Phishing Attack Promotion

Fake Facebook Page creating Fake offer.

Phishing Attack Promotion

2. Scam Message on Whatsapp

Scam Message on Whatsapp


3. Lottery Scam Message in Nepal

Lottery Scam Message in Nepal


How Vulnerable Are We?

People in developing nations like Nepal are more vulnerable to Cyberattacks and Scams.

Currently 36.7% people in Nepal are connected to the Internet and there are almost 13 millions social media users (datareportnepal, 2021 January).

Also nearly 10.15 million people are using mobile banking services (which is One-third of bank holders) in Nepal (kathmandupost.com, 15 July 2022).

And the rate is increasing exponentially.

But the users are unaware of the cyber threats and don’t know the best security practices.

People of our Dad and Mom age group are more vulnerable to such scams. Since they can’t distinguish what’s genuine and what’s fake but have started using the internet without knowing its consequences.


So, the threats, scams and cyberattacks will be increasing in the coming days.

And the only counter is to raise awareness about cybersecurity and make people digitally literate.


Now, let’s discuss some measures to protect oneself from such cyber threats.


Preventive Measures to Protect Yourself from Getting Hacked

Some of the measures to protect yourself from cyber attacks are discussed below

1. Update Your Operating System and Softwares

It’s really important since the update fixes the existing vulnerabilities and tightens the security for future threats.

2. Use Antivirus Software and Update Regularly

New Antivirus is created regularly and spread across the internet, so antiviruses should be used, turned on and regularly updated.

3. Use Strong Passwords

Always use strong passwords. Your password should contain at least 8 characters with the combination of Capital Letter, Small Letter, Numbers and Special Characters.

Never Use passwords like, your date of birth, phone number, gf/bf or pet names, etc.

4. Keep Password Secret and Unique

Don’t share passwords with anyone. Everyday is not the same. Even the friends can turn into enemies.

And do not reuse passwords. Make different passwords for different digital accounts (social media), so that other accounts remain safe even if one is hacked.

5. Implement Multi-Factor Authentication on your digital accounts

Along with strong passwords, multi-factor authentication or 2 factor authentication adds an extra layer of security.

Here, while login into an account you will have to enter the code sent to your email or phone after you’ve submitted the correct username and password. And your account will only be logged in if the code also matches.

Almost every digital platform has these features.

6. Change Default Username and Passwords

Most of the devices like routers, monitoring cameras, etc. come with default passwords like admin, 123456789, root, etc.

So you must change it and add secure passwords.

7. Do not open email attachments from unknown senders

As we’ve discussed in the beginning, hackers can send malicious codes (viruses, spywares, ransomware and keyloggers, etc.) in the form of email attachments.

So, never open attachments sent by unknown senders.

8. Do not open links from unknown senders

Hackers may send you Phishing links on your email or social media. So avoid clicking on links sent by unknown senders or suspicious links sent by known users.

9. Always check URLs (links) before logging in or share credentials

When logging in to any account of sharing credentials, check the domain name or link. Because the hackers can create fake websites with similar domain names.

For example facebook.com could be fasbuk.com or faacebook.com, etc. and easily they can clone the login page of any website.

10. Avoid using unsecured Wi-Fi networks

As we’ve discussed earlier, there’s a great risk of evil-twin attack, identity theft, malicious codes, etc. while using the fake free wifi.

Hackers can create free wifi and steal your personal/financial data or install spywares. So, be aware while accessing public free wifi (mostly avoid it).


We need to protect ourself as well as our loved ones from such digital attacks. And the only measure is digital literacy or awareness.

Hope this article was helpful to you.


In Summary (Cyber Security and It's Preventive Measures)




Comments