July 2020 Security Awareness
Email Hacking
This is the most popular method of hacking today. Once a hacker has control over your email they will usually take one of the following actions:
- Spam your contact list with another phishing email because your contacts are more likely to fall for the phishing attempt with the email coming from a trusted source.
- Turn on auto-forwarding and try to trick one of your key contacts into a fake exchange (wire transfer, gift cards or reveal of personal information)
Here are four hacking methods, and ways to prevent them.
1. Credential Harvesting:
A phishing email or other hyperlink sends you to a fake login page. After you login, your username and password are sent to the hacker.
How to Prevent
- Take a quick look at the address bar when logging in. Is it the right website? See the examples below.
- Setup two factor authentication for important sites like Microsoft, Paypal, and financial sites.
2. Email address harvest:
A major site is hacked (Sony, LinkedIn) and you have used the same password for the hacked site that you used for your email.
A major site is hacked (Sony, LinkedIn) and you have used the same password for the hacked site that you used for your email.
How to Prevent
- Do not use the same password across multiple sites or services, especially between business and personal accounts.
- Use a password manager like LastPass, Dashlane or 1Password. These services allow you to use more complicated passwords while only remembering one access password for the manager, usually with multi-factor authentication setup.
3. Password hacking:
Hacker uses trial and error with common low security passwords (Password123, 123456, qwerty).
Hacker uses trial and error with common low security passwords (Password123, 123456, qwerty).
How to Prevent
- Use more complicated passwords. See this article for tips on creating secure passwords that are not as hard to remember: https://northerncomputer.ca/2019/12/01/security-awareness-update-december-2019/
- If the site or service offers multi-factor authentication, set it up. Access to your account will then require a password as well as a token sent to your phone.
4. Keylogger:
Malware with keylogger or other monitoring tool is installed on your system. These tools will watch silently while you work, and capture information including entered passwords.
Malware with keylogger or other monitoring tool is installed on your system. These tools will watch silently while you work, and capture information including entered passwords.
How to Prevent
- Use good anti-virus / anti-malware software that is kept up to date.
- Watch your system, especially your browsers (Chrome.Edge, Firefox) for any weird popups or additions like a new or changed search bar. See our last article on browser hi-jacking: https://northerncomputer.ca/2020/06/01/security-awareness-update-june-2020/
