The word ‘hacker’ has been distorted over time. Today, people call themselves hackers when they guess their friend’s Facebook password or security question.
I prefer the older definition of a hacker: someone who gains access to a computer through unscrupulous means in order to perform malicious tasks.
I just made that definition up, but you get the point: there’s a difference between real hackers who know what they’re doing and fake hackers who have guessed a few wireless passwords and social media security questions.
Want to know how today’s elite hackers are stealing information, accessing wireless networks, and jacking identities? Here are the top 5 methods currently in play around the world:
Fake wireless access points
This is arguably the most common hacking tactic used today. Hackers will set up a fake wireless network in a place where lots of people are trying to connect to wireless networks.
They’ll name the network something enticing and then wait for people to fall into the trap. If you got to a coffee shop, for example, you may see two open networks:
-Free Coffee Shop Wi-Fi
Which one would you join? Unless you ask someone who works at the coffee shop, both of those open networks have an equal chance of being the real coffee shop network.
Once you’ve connected to the wrong network, the hacker can then monitor virtually everything you’re doing over your internet connection.
The worst kinds of hackers will make their wireless network look even more legitimate by asking users to sign up and choose an account password. Most users will sign up using a common network name and password. The hacker can then use those login details to access your Facebook page or whatever other websites you use with that account data.
Be smarter: Access wireless networks through Virtual Private Networks (VPNs) or double-check to make sure you’re accessing the right wireless network.
Steal your cookies
Stealing cookies might sound like something that a bully did to you in elementary school. But it’s also a modern hacking method that involves stealing your virtual identity. Hackers have been stealing cookies since the early days of the internet and cookie theft continues to work today.
Basically, stealing cookies involves taking the authentications and certificates with your personal information. Websites use these certificates to verify your access on a website. Once hackers have access to these cookies, they can effectively trick websites into thinking that they’re you!
Hackers can steal cookies by monitoring your wireless network activity and can even intercept cookies protected by SSL/TLS. It’s scary, it’s real, and it’s a real problem
Be smarter: Always access important websites using HTTPS (put https at the front of your URL instead of HTTP). Most HTTPS websites transmit cookies using TLS Version 1.2, which is the most powerful cookie encryption method used today.
Trick you into opening files with misleading file names
This is another trick that goes back to the early days of P2P sharing on Napster and Kazaa but remains popular to this day: hackers will upload an enticing file onto the internet and hide the true nature of that file behind a misleading name.
Instead of downloading an Avicii song, for example, you might download an executable file that instantly wreaks havoc on your computer:
WakeMeUp.mp3 – Good!
WakeMeUp.mp3.zip – Bad!
WakeMeUp.mp3.exe – Very bad!
Most users know how to spot these tricks from miles away, but today, smart hackers can use sophisticated file name-switching techniques with Unicode characters that make the file look like it’s named something that it actually isn’t. Effectively, these hackers trick your computer into display a wrong file name. Fortunately, these tricks aren’t common yet.
Be smarter: Never download an .exe file online unless it’s from a website you absolutely trust. If you’re downloading an .mp3 file, make sure the file ends in ‘.mp3’. Don’t extract .zip files from untrustworthy websites.
Malware disguised as useful software
Downloading software from the internet is kind of like playing Russian Roulette. Instead of using your head as the betting piece, you’re using your PC’s security and your personal identity.
Today, more and more hackers are taking the time to develop semi-useful software programs. This software performs some basic task on your PC – like enabling dual monitor wallpapers in Windows or letting you customize your user account page.
Once you’ve installed this software, it goes to work infiltrating your system’s security. It may launch background processes that monitor your keystrokes, for example, and perform other malicious attacks.
Be smarter: Download software from trustworthy sources and scan your computer with antivirus software on a regular basis.
Bait and switch
Remember everything I told you above about using trustworthy websites? Hackers know about that tip too, which is why some of them have started targeting trustworthy websites using bait and switch tactics.
Bait and switch attacks involve taking a normal looking link and switching it with a malicious link. Let’s say you go to purchase a software program online: you fill up your shopping cart and go to check out. However, once you checkout, you’re redirected to a third-party website where a hacker steals your credit card details.
Perhaps the most famous of these attacks is the Google Redirect Virus, which would switch your Google search result links for links to malicious websites. You would search for antivirus software, for example, and be redirected to malware that claims to fix virus problems.
This is particularly problematic with mobile apps, where hackers sell advertising space to unscrupulous third parties. You click on these advertisements thinking they’re a part of the app only to have bad things happen.
Be smarter: Use a browser with modern security protocols like Chrome that will warn you when entering a website where other people have experienced problems.