Is there anyone left to hack? In the last couple of months all the giant firms and services have reportedly been hacked. Microsoft, Apple, Facebook, Twitter, Evernote all of them have stated data breaches in their databases. Misha Glenny in his TED talk smacked the very same argument, by saying:
There are two types of companies in the world, those that know they have been hacked, and those that don’t
Truth is, most people mishandle their own accounts, they are not doing it right. A great man once said, ignorance is bliss, but the question is – can you afford its consequences? Here is a list of things you come across everyday, check how you deal with them.
Do not scan that QR Code
Inherited from Japan, the QR Code (Quick Response) is an incredibly convenient, fast, cheap and portable way of bestowing and distributing data. In those black and white matrices as many as 7000 characters can be sketched.
So, you take out your smartphone, do a scan and reach a specific web address and get to have more information without having to bother all the hassles it requires otherwise. Sounds so convenient, right? But the problem arises when you take an insight look at its working principle. A QR code prevails access to your system files, contact list, and what not.[color-box color="white"]Also Read: The Cyber War – Is it Inevitable? [/color-box]
Cyber criminals and vicious app makers have started making money around it. You see a QR code, and out of curiosity or boredom, you scan it. But instead of getting to a relevant page, you are directed to somewhere else, and before you could hit close, an app starts downloading, or you receive a confirmation text that – hey, congrats, you have just subscribed to this service. Next time when you see a QR code, and unless you are too sure of its source, and destination (hah!), do not scan it.
Fake webpages and Phishing
I took a hacking class last semester, and one thing that made my jaw drop was phishing attacks. Let me share what I learnt. You will see a webpage that looks like exactly like the authentic Gmail, Facebook, Amazon or any website’s official page. In fact, the resemblance is so great that even top professionals may fail to distinguish it. This is the first part of illusion, the trick is to fool you and make you put your login details. And when you do that, instead of getting into the site, your username and password is saved and logged into some file – a file that those evil guys have put on some webhosting service.
Tip: Next time before entering your credentials, look at the address bar, and see if there is nothing unusual, and if it is indeed the link to a page where you were supposed to be and not some webhosting site’s address.
Don’t visit malicious websites
Sometimes due to internal breaching or site’s nature, your web browser or Anti-Virus will warn you before proceeding to a webpage. The reason is that the link you are heading to or being redirected to contains malware. Unless you are completely sure, don’t proceed, because it is never a false alarm – doing otherwise will get you in some big trouble.
Be a smart pirate
Who doesn’t like free stuff? If it is a freeware, and the source is legit, it is all cool. But, some of us (*coughs*) are ready to violate laws and turn into the Ninja mode to get the stuff. While this is wrong on many levels, my present concern is regarding your safety. What most people fail to realize is that the application, crack and keygen they are downloading from such infamous websites, most probably contains malicious codes attached to them.
Now, it could be anything, but most of the times, it is the case of keyloggers. For those who are unaware of it, a keylogger is a program that sits silently on your computer hidden from view, and records everything you type. Every Facebook status you update is saved and sent to the criminals, every email you write is saved and sent to the criminals, same with all your login information. But what these criminal minds are really looking for is the session when you go to an online trade portal, because this is where you will be typing your credit card number and your PIN. Once they have gained access to this information, you can’t imagine what they will do with your card’s information.
The same goes with your smartphone apps, because when you install any application on your phone, you are giving it access to your system files, contact list, network, and in addition to that, you are also giving it the power to deduct money from your account.
Don’t trust public wi-fi and cyber cafes
There is this Firefox extention, called firesheep, that grabs password and login information of all the people connected to the same wi-fi network. Firesheep is not the only tool that can brute force your privacy; there are many network sniffing tools such as Wireshark that can intercept your communication.
Stay conscious while using a cyber-cafe’s system, you never know what adware, keylogger and viruse the system is infected with. Besides this, you might want to always know who is accessing your Wi-Fi network, to be completely sure that you are the single one on it.
Check the authenticity of the email
Another newly devised trick from fraudsters are fake and deceptive emails. They make you believe that it is sent from a legit source. To detect such fraudery, one thing you could do is check the IP address from which the email has been sent, and look up for its location and check if it make sense. Another life hacking trick is googling the email addresses and seeing if its spam story is cited on the internet. If you’re using a Gmail account, you might also want to check these security tips for a better protection.