Digital Navigator: Stay Safe Online

STAY SAFE ONLINE

This article will tell you about various hacking methods used to compromise user accounts, how to stay away from them and what to do if you fall a victim of any such attack.

Here we will concentrate mainly on 4 most usual techniques used in hacking i.e, Phishing, Cookie Logging, Brute Force Cracking & Keylogging.

1. Phishing

Phishing is one of the most basic, most widely used and the simplest technique of hacking used.

In this method, a hacker creates a webpage which looks exactly like another webpage. For example, popular sites like GMail, Facebook, Twitter etc. And he sends the link of the page he created to the user through e-mail, text message (SMS) or chat client. When the user visits this page and logs in using his UserID and Password, it displays an Error Page or redirects to some other page whereas the entered UserID and Password is sent to the hacker.

The only way to prevent it is seeing the address bar carefully before logging in. Look at the images below:

The first one is the original Facebook login address and the other one is the Phishing page address. Thus before logging in into any account type the web address directly in the address bar rather than following any links to arrive at the page.

Now if you fall for this attack (you will come to know because of the error page displayed or some other site opens up), you will have to change your password IMMEDIATELY by logging in from the original site.

2. Cookie Logging:

Cookie: Whenever you login into any site, the site server sends a cookie (a file) to your PC and it is stored in your browser's memory. As long as it is present in the browser memory you will be logged in into that particular site. When you press Sign Out, this file is automatically deleted from the memory (or atleast the contents of the file are cleared).

Cookie Logger: A Script which fetches Cookies from your PC and sends it to the hacker.

To carry out this, the hacker sends a link of the cookie logging script to the user and when the user clicks on it, his cookie is automatically sent to the hacker. When the hacker places this cookie in his browser memory and goes to the site, he will be logged in as the user. Note that here no UserID, no Password is required.

The link sent to the user might be masked using URL Shortners or other text links.

You can be easily deceived. Only way to prevent it is to carefully look at the link before clicking. Installing a Firewall on your system helps greatly.

If you fall for this attack, immediately log out as the cookie on the hackers machine will also be deleted. It is advised to change the password later.

3. Brute Force

It is a complex procedure and requires heavy computing power. It is basically a Trial and Error approach to password cracking (used online and on offline PCs also). It just sends a series of characters to match the characters of your password and thus finds out all the characters one after the another. However, this method cannot be carried out on most of the sites because they provide only 3 chances to enter right password.

There is no way to stay away from it but the only hope is to create a STRONG password.

4. Keylogging

KeyLogger: A small software that records every keystroke when a keyboard is used. It sends the recorded keystrokes to the hacker whenever the PC goes online.

Keyloggers can be installed on your system stealthly by using Pendrives with autorun scripts installed, through online links (these can come attached to music files, images, video files etc), or can be installed on anyone’s PC just like any other software.

It is one of the most Dangerous technique as it can compromise UserIDs and Passwords of various accounts, Credit Card numbers, PC program passwords etc. A user will be completely unaware of this because these are Stealth softwares and work silently in the background. Most of the anti-virus packs cannot detect keyloggers because they aren't any virus. Usage of Anti-Spywares, Firewalls might safeguard against these but manual detection and deletion of keyloggers needs much expertise in computers.

Hacking basically involves carelessness of a user in some or the other way. So it is important for every one of us to be more careful with our online activities.

How to Create Strong Passwords???

Ok, so I said you need to create strong passwords right? But the question that arises is how to create it and how to remember complex passwords???

Let’s start with the basics: A strong password includes Small Letters, Capital Letters, Numbers and Special Characters.

Passwords need to be Simple for the User but Complex for others. I'll explain it with an example.

Just think my password is ‘Something’. It is simple but not complex. So to make it complex I would set my password as ‘5oM3t#!nG'. Match the characters and you'll find the secrets of designing Complex yet Simple passwords.

Thank You