Online accounts are now a key component of our daily lives and allow people to send emails, post on social media, do their banking online, shop from home, store documents in the cloud, and perform many other functions. Because most of these accounts will be storing sensitive and valuable personal data, there are many ways that hackers can steal this data. The methods hackers use include using automated hacking programs and software to attempt to crack passwords or exploit the vulnerabilities of users through phishing scams and poor password choices. Learning how hackers attack accounts is a necessary step in learning how to protect your digital identity.
Why Online Accounts Are Targeted
Many types of information are stored in online accounts which include personal details, messages between individuals and/or organizations, and sometimes also some type of financial information. Since many services link an individual’s email account (or username) with their password, a hacker who has access to a person’s email account is able to reset many of that person’s other service passwords.
An attacker that gains control over an online account will generally utilize the account for one of two reasons; either to steal the victim’s personal identifiable information or to utilize the account as a platform from which to distribute unsolicited emails (spam), send out scam messages or post links to malware.
Due to the high volume of accounts maintained by most internet users, many attackers have resorted to using automated tools which allows them to target tens-of-thousands to millions of potential victims at the same time.
Brute Force Attacks
One of the most basic forms of hacking attacks is known as a brute force attack. In a brute force attack, automated programs will try to determine a user’s password through trial and error, using a large number of different attempts to guess the correct combination of letters, numbers and symbols. Automated programs are able to test thousands of potential passwords in a matter of seconds, especially when users select short passwords, or passwords that include common words or phrases. As such, if a user selects a weak, or easily predictable password, it would likely only take a few seconds for an automated program to guess the correct password. As a result, creating a strong password with multiple characters and variations will provide a higher level of protection from brute force attacks.
Credential Stuffing
A second type of common attacks is credential stuffing. Many users share the same password across multiple sites.
An attacker can use this information to automate attempts to break into multiple sites with the same email and passwordcombination when those credentials are compromised through a breach of another site’s security and put up for sale or publish on line.
So if you have used the same password across multiple sites it is possible an attacker will be able to get access to all of your accounts at once when a breach of one site occurs. Therefore it is highly recommended that you create a unique password for every site that you create an account on.
Phishing Attacks
The goal of the phishing attack is to deceive the end-user, not to attack the end-user’s system. Hackers will typically send out fake emails or messages to the end-user pretending to be from a legitimate company or service, that include a link to a fake website which appears to be similar to the actual login page for the service. Once the user has entered in their login credentials into the fake login page, the hacker will then have the ability to access the user’s account by using the credentials they obtained from the user.
Typically, phishing email or message includes language that creates a sense of urgency in order to prompt the end-user to take some type of action (i.e., update password, fix account) in order to avoid losing access to their account or having problems with their account. The sense of urgency may encourage the end-user to click on a link, enter information, etc., prior to checking the legitimacy of the message.
Malware and Keyloggers
Some attackers will try to gain access to a target’s account information using malicious software on that person’s computer. The kind of malicious software that attackers use to spy on victims could be configured to collect data from keystroke input, take screenshots, or track all logins into an account.
For example, if an attacker uses a key logger to gather every keystroke entered into a keyboard when a user enters their username and password into an online account, the attacker would obtain the username and password in real-time, but the user would never know the attacker was collecting this sensitive information.
There are many ways to contract a virus/malware, including opening files from unknown sources (downloads), clicking on links in suspicious emails, or visiting infected sites.
Social Engineering
Not every hacker uses computer hacking techniques as a method for their attack. Many use social engineering (which is using psychological tactics to trick individuals into giving away sensitive data) to obtain information that would otherwise require access to a system or database in order to steal.
A common example of a social engineer’s tactic is to disguise themselves as a customer service representative or an employee of a company or business that you believe is trustworthy. Once they have your trust they will create a sense of urgency and try to get you to give them either your login and password information or other forms of sensitive information. The goal of a social engineer is to find ways to trick you into doing what they want, rather than trying to find technical weaknesses in a system.
Protecting Your Online Accounts
Users have many ways that they can protect their accounts against these types of sophisticated attacks with some simple and effective actions.
By using unique and very strong passwords for all of your accounts you can dramatically decrease your exposure to both brute force and credential stuffing type attacks. Many people find it difficult to create new, unique and complex passwords. This is where a password manager comes in handy as a password manager will help you generate them and keep them safe and secure.
In addition to creating and storing complex passwords, enabling two-factor authentication on all of your accounts adds another layer of security. If a hacker is able to obtain one of your passwords, he/she would still require access to a secondary method of verification to login to your account.
You should always be careful when receiving emails or messages from unknown senders asking for your personal data. By verifying who sent you the email/message prior to clicking on a link, etc., and by providing your sensitive information, you can avoid falling victim to phishing scams.
Managing Your Email Exposure
Protecting your email address helps protect you from identity theft and other cyber crimes that take place in the digital world; therefore, it is essential that you protect your email address by limiting how you use it.
Temporary email accounts have made it easy for individuals to register for websites that require an email account simply to verify your registration or to allow you access to the website temporarily, while keeping your primary inbox private and reducing the amount of spam emails you will receive.
Conclusion
There are a multitude of methods that hackers utilize in order to breach users’ online account, ranging from an automated attack on user’s password to a complex phishing scheme and social engineering tactic. Although all of the threats mentioned above are legitimate, numerous successful breaches have occurred due to weak security, including using the same password for multiple accounts and/or responding to unknown emails/messages.
Users may protect their online accounts by learning how the aforementioned attacks operate and practicing basic security measures (e.g., utilizing strong passwords, two factor authentication and being cautiously online) to greatly decrease the likelihood of compromising an account.
One of the most efficient means of maintaining control over your personal information and protecting your online accounts from future hacks, is to stay informed of the most common types of hacking methods.