How users are hacked? What are the silly mistakes users make that welcome hacker leverage their endpoints? If you are a regular user who spends a lot of time on the web, then this article is for you. You will get an idea about how users fall prey to attackers over the web and surrender valuable data to hackers.
Phishing is one of the serious techniques used by hackers that entice users to click on a link embedded in an email and download malicious attachments. Such malicious attachments drive users to a different website where they are being asked for login details. Once a malicious attachment downloaded, it will monitor the activity on a Smartphone or desktop silently and it will send data to hackers. It means users unknowingly surrender themselves to hackers as a result; hackers successfully gain access to their system. According to Verizon Data Breach report, around 23% recipients open malicious messages while 11% recipients open malicious attachments from the email.
Phony Phone Calls:
The bad guys try to pretend a company’s IT help desk person and ask users to give login credentials or personal information to solve the product-related problems. Sometimes, they pretend to be an internal employee of a company and call the current employee to open a document that is actually Trojan malware, which is designed to gain access to the system. The phony phone call is an easy method to get personal details from users.
Attackers easily find a loophole in unpatched systems and inject malware or virus to gain access to the system. A patched system protects from common attack vectors. Verizon report says that attackers take advantage of common vulnerabilities found in outdated systems. Around 97% of exploits have happened due to common vulnerabilities. The sad thing is these breaches could have been prevented if organizations have patched their network, OS, and other applications. Keep your system updated and if possible turn on Auto-update.
Passwords are a weak chain in big data breaches and the recent example of the Sony data breach where hackers found a cache of documents related to passwords. They found employees were using weak passwords for their official usage and “12345” is the most favorite password of employees. Besides this breach, many users keep the same password for every online account, whether it is a bank account or social media accounts. If a single password is exploited, the entire chain of accounts will be compromised.
Users do not aware about the dangers of free Wi-Fi and innocently connect to an unsecured network. Generally, free Wi-Fi is available in public places, coffee shops, restaurants, hotels, but it can be a trap for users. Attackers create such a compromised machine and adopt data using a snooping technique to get the details of ongoing data transfer. Users download stuff using such unprotected networks and fall prey to attackers as such network routers may be infected by the vulnerability. Attackers can easily inject malware into the user’s device or act as an intermediary between two users, and get login credentials or confidential information of a sender without his/her awareness.
Too Much Info on Social Media:
Many users spend a lot of time on social media and share too much information. Social media is always been a hunting ground for attackers; they monitor ongoing information and it would help them in guessing a user’s password or security question asked while password reset. After getting an idea about the password, they create a spear-phishing message to get users’ login credentials. Attackers can create a fake “Like” button to install malware on the user’s device.
Organizations make policy regarding BYOD that reflects usage of personal device in organizations’ premises. If employees breach the policy, it can expose the confidential information of an organization. When employees have more freedom to install any stuff, the risk of attack is also increased. It is advisable to impose audit controls and data governance on employees while surfing social media and other websites.
The Internet is a place where information and data risk travel simultaneously; therefore, users should take precautions and avoid the above-mentioned mistakes to have a safe web browsing experience. Always go for an antivirus that will give you utmost protection to your device and evades malware intrusion. Remember, we are primarily responsible for our system breach, if we do not care of our data, then no one can protect you.