How did I get hacked? If you have asked yourself this question recently, I hope you can take solace in the fact that security experts are striving daily to find ways to detect and prevent attacks. The level of sophistication and novelty of cyber attacks continue to widen in scope. For organisations (whether large, medium, or small), these are worrying times because while technology serves as a catalyst for growth and productivity, it also creates vulnerabilities. The rates at which authorised access to private accounts and confidential information are breached daily are worth discussing. While some of these attacks are very sophisticated in nature, others require very little understanding of how systems work. Sometimes, activities of account holders create an opportunity for attackers to gain unauthorised access to accounts. Below we discuss some opportunities created by unsuspecting users that leave them exposed to attacks by hackers.
1. Drive-by Downloads
This is the unintentional downloading of malicious content by visiting compromised websites. These malicious files are placed on key pages of a website by attackers. As soon as the page is visited, browsers are forced to download these hazardous files. All of this is done without a user’s approval. When these files are downloaded onto your device, they stealthily grant access to an attacker. In some rare cases, antivirus software prevents users from visiting sites that are suspected to be compromised. Some recommendations to prevent this mode of attack is to purchase a highly-rated antivirus software, update your operating system regularly, look out for security prompts, and stay away from suspicious websites.
2. Trojan Horse Attacks
Have you seen the 2004 movie titled “Troy” starring Brad Pitt? You should – not only because it is a good movie, but it puts this section into perspective. Trojan Horse attacks occur when a compromised software is installed on a computer, including mobile devices. The software may be disguised as a game or a useful application. Upon installation, an attacker either gains unauthorised access to your device or releases viruses and worms onto a device. The software may be performing without any glitches. It is important to note that Trojan Horse attacks are not manifested only in software. They can be found in videos, documents, and other related files. Some strategies to adopt in order to prevent this mode of attack is to purchase a highly-rated antivirus software, update operating system regularly, look out for security prompts, and only install trusted software.
3. Phishing Scam
A few months ago, a friend received an email from a popular email service claiming he had ran out of inbox space. As such, a link was provided to request for additional space. When he clicked the link, he was asked to confirm his username and password which he keenly did. To date, I can confirm that he has not received a kilobyte of additional space. Had he paid critical attention to the header of the email and the links provided, he would have realised
that the email was not from the purported email service. Rather, he had just given out confidential information to attackers. This is an example of how phishers operate. Phishing scam is therefore the art of deceiving users to divulge confidential information. The channels used for attacks may come in different forms. Some examples include emails, text messages, phone calls, among others. One of the most basic of strategies for avoiding this is to verify that request for confidential information are from authentic sources.
4. Shoulder Surfing
Shoulder surfing is gaining popularity in recent times. This is simply the practice of looking over a user’s shoulder to steal confidential information such as passwords, pins, credit card details, among others. This mode of attack usually happens in crowded spaces such as airports, bus stops, malls and restaurants. There have been several reports and records of fraudulent money transfers that have occurred through this mode of attack. If you must check your private account in a public place, ensure that you are not being monitored. You can also consider using secluded areas of a public space such as restrooms (yes, sometimes you have to go the extra mile). It is a better practice to abstain from checking confidential accounts when in public spaces.
The mode of attacks discussed above are in no way exhaustive. However, they provide an understanding of some popular ways by which users, through their own activities, compromise the security of their devices and information. The suggestions provided are also basic strategies that users can employ to stay secure. If you suspect that your account or device has been compromised, do not hesitate to consult a professional.
By Kofi Arhin,
School of Technology, GIMPA