Hacking goes hand in hand with the development of the Internet as with new technologies come new ways on how users’ data can be compromised.
That’s why it’s critical to learn the rules of safe internet conduct to protect personal data and adopt the practice of regular web security courses for all working environments. This will ensure proper awareness and prevention of security incidents.
While some of the methods on how hackers may expose your data are quite popular even for non-tech savvy users, some of them are less common. So let’s have a look at the latter ones so that we know what to expect:
Usually, we expect the threat to be coming from suspicious file extensions like .rar, .zip, .exe, the threat may come from the generally accepted text documents like .docx, .xls, or pdf. It’s possible to use integrated commands and scripts that are called macros to help to automate frequently running tasks within a document in most text editors. That’s why it makes it attractive for hackers to exploit these macros by hiding trojans, worms, or other malware inside. As they look pretty innocent for ordinary users, there are more chances that a user opens it without any hesitation.
How to avoid: Make sure to disable running macros in text editors for the downloadable files and double-check all such files via some antivirus scanner.
This one may be a bit tricky because it doesn’t directly steal the information but often in combination with phishing (being a hack within a hack), it may lead to trap and make users easily give out their personal details. Usually, the email services use authentication to log in and send/receive emails meaning that you need to enter the username and password, however, there are open-relay email servers that allow sending out emails without a need to confirm that it’s your address. Here’s how it works: using the open relay servers I take an email address let’s say firstname.lastname@example.org and send out emails on the behalf of this address including the phishing website. A person who receives such an email check the sender sees nothing suspicious and navigates to the clone of the website giving out all the necessary details.
How to avoid: In order to prevent spoofing from your domain name, make sure to use an SPF record for the domain name that specifies all the server addresses that are allowed to send emails. If a spoofing attempt will happen, the email will not be delivered due to the failed SPF check. If you want to make sure you will not be phished by such things, make sure to carefully check the URL spelling ( usually there are spelling mistakes in the domain name that you need to follow e.g. paypall.com instead of paypal.com), and do not hesitate to contact “the sender” by alternative ways to double-check if it was a legitimate request.
As the Internet of things technology is in its infancy stage, the hacks of devices to upload are not widely spread however it may soon change. The stories about hacking a hospital system because someone charged their phone with a public USB port or getting the info from the security cameras are not some sci-fi movie scenarios but real cases. It’s possible to compromise the whole network by getting access to a single smart device running in this network. That is why it’s extremely critical to ensure protection on all levels.
How to avoid: Before adopting any application, do research on the level of its security protection, make sure to use only official applications coming with the device and update them when a new stable version is released, and last but not least changing all the default passwords.
The golden rules of secure internet behaviour like protecting logins with several authentication levels, using software only from official vendors, up-to-date systems, and reliable anti-malware solutions are only working when applied regularly along with other protective measures as a part of the personal or corporate digital security improvements, as keeping the environment safe is not a one-time initiative but as an ongoing process.