Here are six ways your online account can be hacked into, and some simple yet effective ways to protect your Internet avatar.
Illustration: Dominic Xavier/Rediff.com.
On successive days this week the Twitter accounts of Congress vice president Rahul Gandhi and that of the Congress party were hacked into last week.
Were the security breaches politically motivated?
While the cyber crime unit of the Delhi police will get to the bottom of how and why the security breach occurred, here are six ways your online account can be hacked into, and some simple, yet effective, ways to protect your Internet avatar.
Weak Passwords: Be careful while choosing your password. A weak password is one of the main reasons why most accounts are compromised. Many users choose such passwords as 123456, password, qwerty, abcde12345, aaaaaa, 111111, Passw0rd etc. These can be easily cracked using the brute force method.
A brute force method is where an attacker uses a library of passwords and tries to login in to the account through sheer brute force. If your password is weak and present in the weak password library, it can be easily cracked.
Also do not use your name, date of birth, city etc in your password as they can be easily guessed.
A good password should contain special characters so that it cannot be guessed.
And yes, do not write down the password. Ever.
Using the same password across sites: People tend to use the same username and password across different sites, obviously because how many password details can one remember! Remember, there have been instances of data breaches in some of the major sites like Yahoo, Adobe, LinkedIn etc where important data like username and password were leaked.
If the same password is used across sites then it is very easy for the attacker to gain access to your multiple accounts if any one of the sites is breached and the passwords are leaked. Different passwords should be used for various sites to keep them safe from such breaches. Use a password manager if you find it difficult to manage many complex passwords, but do NOT use the same password for different sites.
Using unsecured Wi-Fi: Oh yes, it feels lovely to access the free Wi-Fi most of our public places now provide. What greater joy than checking into Mumbai’s T2, logging into their free Wi-Fi and update your status message, right?
Caution: Use the free Wi-Fi facility at public places like airports, railway stations etc only if it is necessary. Even where you use the service, do not login to any services like email etc. And that ecommerce transaction can wait till you reach your home Wi-Fi. And never ever access your bank accounts while on public Wi-Fi as your activities can be sniffed using the ‘Man in the Middle’ technique, where the attacker manages to insert himself in between your communication steals your passwords.
Use a VPN so that your traffic is encrypted and you are safe.
Malware: Malwares are computer viruses, worms, spyware, keyloggers etc. Malwares are installed in computers and smart phones without the user’s consent. Malwares can sniff out the login details typed to access sites which are then sent to the attacker who can use these details to compromise your account.
A good antivirus software should be installed and be always updated with the latest definitions to be safe from malwares. People tend to have antivirus installed in their systems but seldom update the virus definitions. If the virus definitions are not updated then the computer is at risk from the new malware as the antivirus will not have the latest information. There can be no over-emphasising that virus definitions have to be updated regularly and a full system scan has to be done at regular intervals.
Not just your phones and computer, you also to always scan the pen drive before using it, and never use pen drives handed out by strangers or pen drives which you just happen to find. They can contain malware and will infect your machines.
Malwares are generally installed from pirated software or by visiting malicious sites. Do not download and install any pirated software and do not visit sites which you do not know.
Phishing: Phishing is a term used where a victim shares his login details on a fake site believing it to be the genuine site. Here the attacker sends out spoof emails to victims impersonating as if from a bank or email provider and asks the victim to login to the site from the link given in the mail -- or else the account will be disabled! Remember getting such mails?
If you get taken in and click on it, links in the mail will redirect the user to spoof sites which are totally similar to the bank site’s login pages. If you trustingly enter your access details, voila, you money is gone!
Always check for the green bar and HTTPs in the URL in the address bar to be sure that you have landed on the genuine site.
Social Engineering: Here attackers call up victims claiming to the representative of a bank or some financial site and ask the victim to share their login details. Once the trusting victim hands out these details, they are used to compromise the account, and skim off money.
Remember, do not share your credit card, debit card or bank details or other login details with anyone who calls you and asks for them. These details are never asked by genuine representatives of banks etc, so that should be a dead giveaway.