
For any queries please feel free to reach out:
PR Contact (Global Headquarters - India):
Sunanda Jayaseelan
Director and Head, Public Relations and Media
Zensar Technologies
sunanda.jayaseelan@zensar.com
Cyberscammers Confess: Their 20 Top Tricks, Cons, and Schemes to Hack Your Internet Security
News | 23 Feb 2015
Computer hackers have lots of tools to threaten your internet security, but these tips from cybersecurity experts can help protect your privacy.
- We send incredibly personal eâmails. Spear phishing, the act of sending targeted e-mails to get you to share financial information or passwords, can be exceptionally sophisticated. âThe old-style ones had spelling and punctuation errors, but today, it has really become an art,â says Mark Pollitt, PhD, former chief of the FBIâs computer forensic unit. âThey may call you by name, use your professional title, and mention a project youâre working on.â Outsmart us: Spot phishing e-mails by looking for incorrect or unusual URLs (hover over links to see the actual URL address), requests for personal information or money, suspicious attachments, or a message body thatâs actually an image. Unless youâre 100 percent confident that a message is from someone you know, donât open attachments or click links.
- Weâve got all the time in the world. Hackers have programs that systematically test millions of possible passwords. âThey go to sleep and wake up in the morning, and the program is still going, testing one password combination after another,â says Peter Fellini, a security engineer with Zensar Technologies, an IT and software services firm. Outsmart us: Instead of a password, try a passphrase. Use letters and characters from a phrase and include special characters, numbers, and upper- and lowercase letters (Mary had a little lamb could become mh@Ll, for example). Or consider a password manager that generates and remembers random, difficult-to-crack passwords. (Even then, some experts recommend unique passphrases for financial accounts in case the password manager gets hacked.)
- We sneak while you surf. A growing number of cyberattacks are arriving via âdrive-by download,â says Giovanni Vigna, PhD, a computer science professor at the University of California at Santa Barbara and cofounder of anti-malware provider Lastline Inc. âYou visit what looks like a perfectly harmless website,â he says, âbut in the background, you are redirected to a series of other sites that send you an attack.â Often even the websiteâs owner doesnât know the site has been compromised. Although search engines keep blacklists of known malicious sites, the bad sites are continuously changing. Outsmart us: Make sure you install all available updates to your browser, or use a browser that automatically updates, like Firefox. Vignaâs research has found that Internet Explorer users are most vulnerable to these attacks.
- We can infiltrate your baby monitor or smart TV. Remember, your smart device is essentially a computerâand chances are, itâs not a particularly secure one. Anything in your house thatâs connected to the Internet, from your smart fridge to your climate-control system, can be hacked. In several recent incidents, hackers were able to hijack a baby monitor and yell at a baby. Experts have also shown how hackers can turn on a smart TVâs camera and spy on you. Outsmart us: When setting up smart devices, always change the default password. Most of these devices work from your wireless router, so password protecting your Wi-Fi can also help. Keep up with firmware updates; many devices will inform you when thereâs an update available. Otherwise, look for an Update Firmware option in the main menu or settings.
- We eavesdrop on free public Wi-Fi networks. Even if youâre connected to a legitimate public network, a âman-in-the-middleâ attack can allow hackers to snoop on the session between your computer and the hot spot. Outsmart us: Avoid public Wi-Fi if possible, especially unsecured networks without passwords, advise security experts at MetLife Defender, a personal data protection program. Instead, set up your smartphone as a secure hot spot or sign up for a VPN (virtual private network) service. If you must use public Wi-Fi, avoid financial transactions and consider using a browser extension like HTTPS Everywhere to encrypt your communications.
- We lure you with âshockingâ videos on Facebook. A friend just posted a video of an âunbelievable animal found in Africa.â If you click to watch, youâre asked to download a media player or take a survey that will install malware on your computer, says Tyler Reguly, manager of security research at the cybersecurity firm Tripwire. It also shares the video with all your friends. Outsmart us: Type the videoâs title into Google and see if itâs on YouTube. If itâs a scam, someone has probably already reported it.
- We take advantage of your typos. Fake sites with slightly altered URLs like micrososft.com or chse.com look surprisingly similar to the real site you meant to visit, but theyâre designed to steal your data or install malware on your computer. Outsmart us: Double-check the siteâs address before logging in with your name and password, especially if the home page looks different. Check for https in the address before typing in your credit card information
- We crack your password on âeasyâ sites. A 2014 study found that about half of us use the same password for multiple websites, making a cybercrookâs job easy. âA hacker will break into a soft target like a hiking forum, get your e-mail address and password, and then go to your e-mail account and try to log in with same password,â says Marc Maiffret, chief technology officer at BeyondTrust, a security and compliance management company. âIf that works, theyâll look to see if you have any e-mails from a bank. Then theyâll go to your bank account and try that same password.âOutsmart us: Use two-factor authentication, a simple feature that requires more than just your username and password for you to log on. In addition to your password, for example, a site may require you to enter a randomly generated code sent to your smartphone to log in. Many companiesâincluding Facebook, Google, Microsoft, Apple, and most major banksânow offer some form of this safeguard. (For a list of companies that offer it, visit twofactorauth.org and click Docs under your provider to learn how to set it up.)
- We love your Bluetooth headset. If you leave the Bluetooth function enabled after using a hands-free headset, hackers can easily connect to your phone, manipulate it, and steal your data.Outsmart us: Always turn Bluetooth off after you use it. Set your visibility to âoffâ or ânot discoverable,â and require a security code when you pair with another Bluetooth device.
- We can easily break into routers that use WEP encryption. Many older routers still rely on a type of encryption called WEP (Wired Equivalent Privacy), which can easily be cracked with a widely available software program that anyone can download.Outsmart us: Make sure your router uses WPA2 (WiâFi Protected Access 2), the most secure type of encryption, or at least WPA. Click your computerâs wireless network icon to check the security type. If your router doesnât give you one of those choices, call your router manufacturer to see if you need to do a firmware updateâotherwise, plan to get a new router. Donât forget to change your preset Wi-Fi password, since any good hacker knows the default passwords for all major routers.
- We impersonate trustworthy companies. You may get a fake financial warning from your bank or credit card company, order confirmation from a retailer, or social networking invitation. Outsmart us: Remember, most companies never ask you outright for your account information. You can sometimes spot this type of scam by hovering over the address in the From field or by hitting Reply All and looking for misspellings or strange addresses. Also, check to see that the e-mail was sent to you and only you. If youâre not sure itâs legit, call the company instead.
- We debit tiny amountsâat first. Cyberthieves may test-drive a stolen card number by running a small charge under $10 to see if anyone notices. Outsmart us: Check your transactions online regularlyâeven daily. If you spot a charge you donât recognize, report it immediately to your card issuer.
- We hacked that ATM you just withdrew cash from. Crooks install cleverly disguised âskimmersâ to steal your card information, while a hidden camera or a thin skin over the keypad captures your PIN. Outsmart us: Try to use ATMs inside banks, where itâs tougher for criminals to install these devices, and inspect the machine carefully before you use it. âWhenever I use an ATM, I give the area where you insert the card a little tug to make sure itâs secure and is really a part of the machine,â Fellini says.
- We count on your downloading our free, fake versions of popular apps. These apps steal confidential information or bypass your phoneâs security settings and subscribe you to premium services. âYou choose the free version of a game, it asks for all sorts of access, and you say âyes, yes, yesâ to all the permissions,â Vigna says. âThe next thing you know, itâs sending premium SMS text messages and stealing your money.â Outsmart us: Before installing an app, check the ratings and number of people who have installed itâhackers can fake positive ratings, but they canât stop other posters from warning that the app is a trick. Most fake apps have to be downloaded straight from a website, so make sure you always download from an official market like Google Play or Appleâs App Store.
- We love that you always leave Wi-Fi on. Though itâs convenient to leave Wi-Fi turned on while traveling with your laptop, tablet, or smartphone, your device will constantly try to connect to known networks. Attackers can identify those and set up rogue networks that impersonate them.Outsmart us: Get in the habit of turning off your Wi-Fi every time you leave your home.
- We fool you with bogus software updates. You know youâre supposed to update your software to protect it, but hackers may send you fake updates that actually install malicious backdoor programs on your computer. Outsmart us: If you get a pop-up message about an update, go to the software providerâs actual website and check to see if itâs real. You can also try closing your browser to see if the pop-up disappearsâif it does, it may be a fake.
- We can crack supposedly safe retailers. Experts say big brands will continue getting hacked until retailers can better protect their data. Hackers sell your information on the black market, and other criminals then use it to make counterfeit cards that can be used for shopping. Outsmart us: Donât save your financial information when you shop onlineâcheck out as a âguestâ when you can. If you fall prey to an attack, ask your bank to issue you a new credit card, take advantage of any credit monitoring thatâs offered, and scrutinize your statements. SAFETY IN REAL LIFE: Readers who recovered from or prevented a cybercrime share their advice
- Try not to apply for credit cards online. Credit card companies require your Social Security number. Once you put that out there, itâs out there forever. âChristine Mumper, via e-mail
- Avoid debit cards âthey allow hackers much easier access to bank accounts than credit cards do. Also, when logging in to an online account, never check the box that says âRemember me.â It takes only a couple of seconds to type in your username and password each time, and you donât want that information âremembered.â âRick Kane, Collettsville, North Carolina
- Consider freezing your credit with the three credit bureaus and simply thawing your file when you need to open a new account. Keep the passwords you need to thaw the account in a safe place. This is free or inexpensive in most states. âFrank Coulman, via eâmail