Hacked password is one of the most annoying problems we face today. At first glance, this may not seem important. Who cares if someone finds out the password to an old, rarely used, and worthless email account?
But you will remember that the same email associated with your social media accounts, not to mention banking services and other applications, is now in the hands of cybercriminals. Apart from losing money and data, this type of hacking can also cause huge problems for your friends, family and colleagues as the hacked account can be used to send phishing, phishing or scam emails.
Kaspersky, a company that specializes in digital security solutions, published an article yesterday explaining six ways hackers can steal passwords and how to prevent them.
1- Using a Trojan horse program:
If you open a malicious file sent by another user, downloaded from a website, or transmitted from an external medium, a Trojan horse can enter your computer or smartphone. So always remember that any executable file found on the internet is a potential trap.
But even those that look like non-executable files should be handled with care as hackers go to great lengths to trick victims into hiding malicious files in files like photos, videos, files, documents, and so on. And they often succeed. .
For example, they can change the icon or use a file name that emulates a secure format. In addition, even a regular Office document can become a trap in some cases, since malicious scripts in the document can exploit vulnerabilities in the software you use to open it.
Therefore, to prevent such leaks, Kaspersky recommends installing a security solution that can detect and block spyware Trojans. If you are using Kaspersky, you already have:
- File Antivirus: Scans your device's content and all connected media and detects malicious files.
- Email Anti-Virus: Blocks dangerous links and attachments in emails.
2- Phishing
Phishing emails come in many forms, but the goal is always to lure you to a fake website and trick you into entering data.
It could be a message that your bank account has been blocked or an offer to sign up early for an online cinema. Or it could be a phishing link from a potential buyer of your product on Amazon or a close friend whose email has been hacked.
The first tip in this case is to take a good look at the URL, some fake sites have an extra character in the title, duplicate domain names, etc. However, this step does not always help because today's cybercriminals have learned to hide fakes, for example: in an in-browser (BitB) attack, you may see phishing pages with real sender addresses.
So it is better to use a security solution that detects and warns you about phishing attacks. In Kaspersky applications this is handled by:
- URL Advisor: Compare any URL against a cloud database of dangerous websites.
- Safe Browsing: Scan website content for harmful and malicious elements.
3- Navigation attack:
Passwords are often stolen through security holes or browser plug-ins. In the first case, a specially set up icon and code on websites that install spyware on your device.
In the latter case, you installed a malicious script yourself under the guise of a handy and useful browser add-on. Then for example: When you visit a bank's website, this script forwards all your actions through the hacker's proxy server and publishes your login credentials used to do so.
- The (Payment Protection) function of the (Kaspersky Premium) solution prevents such attacks by automatically activating the (Safe Browser) mode when visiting online stores or banks or using online payment systems.
4- Public WiFi:
Attackers can also intercept data including: passwords sent over the network if you're on an older Wi-Fi network that isn't encrypted or protected by WEP.
Instead, hackers install a public WiFi hotspot with a similar name to an existing network—often belonging to a nearby coffee shop, hotel, or business center—and then unsuspecting users connect to the fake hotspot and all their internet traffic is routed there. . Flow to cybercriminals.
You can prevent such leaks by double-checking network names, avoiding suspicious access points, and disabling automatic Wi-Fi connections. Better yet, make sure your Internet connection is encrypted so that even if you're connected to the wrong access point, hackers won't stand a chance and not know what or where you're sending it.
- You can enable a secure connection via VPN in the Kaspersky application settings in the Privacy section. Note that you get unlimited VPN traffic with the Plus and Premium versions.
5- Save the password anywhere you want:
There are still people who write passwords on stickers and pieces of paper and put them where everyone can see them. It's also dangerous to type passwords into unsecured text files on your computer or smartphone, or to save them to your browser to fill in the car.
So how can we do this? Information security professionals always recommend using strong passwords that cannot be attacked using brute force. They will never stop advising you to never use the same password more than once because if it is stolen, the attacker can access all the accounts you use and steal more of your data.
In these cases, the simplest solution is to use a password manager that is protected by strong encryption. Simply enter all your usernames and passwords and save a master password for the tool itself only.
- In Kaspersky you will find the Password Manager feature that allows you to easily manage your passwords. Also, you should never write your master password on a sticky sticker on your screen!
6- External leaks:
All of the above is about protecting your passwords, but password leaks are common in online services we use, such as: By hacking into these sites, cybercriminals can gain access to large databases of users, as well as passwords and other personal information.
Furthermore, the owners of these websites are not always willing to report such hacks. Meanwhile, your data is being stolen or sold on the dark web. Information security experts monitor the version of these databases and notify users.
Another common example of phishing: a user receives a message about a suspected violation and is asked to click a link to a website that requests credentials for verification. In this case, his data has been stolen and he's trying to check for fake data breaches. .
- Kaspersky applications include a service that checks if your data has been leaked and can be found under the Privacy tab. It allows you to check if your email is in a database that has been stolen somewhere. In this case, you will get a list of hacked sites, what kind of data has been made public (personal information, banking information, online activity history, etc.) and tips on what to do next.