It is possible that some of you have ever been affected by an account hack , it is possible that you have not even noticed it. Sometimes we can receive some kind of notification that there has been an attempt to enter one of our email accounts, or that a friend has seen us connected to one of our social networks when we were not even awake. Today in this article we are going to list some of the techniques that are used by cybercriminals to carry out this type of incursion into our accounts, and we will also give you a few tips to minimize unwanted access as much as possible.
If you have never suffered an attack of this type, it is possible that all this may sound like a legend to you. But the truth is that the number of user accounts damaged by this type of theft over a week is large enough to scare anyone who sees it. More than 250,000 email accounts appear on the black market every week. And it is that, sometimes, we make it so easy with many of our habits that it is not surprising that these thefts occur continuously day after day. In our days, thanks to the continuous growth of social networks, this type of practice only increases due to the amount of personal data that, without realizing it, we pour into them.
Long ago, the preferred target for cybercriminals was Hotmail email and messaging accounts, but over time everything changes, and now the priority target is social networks, with Facebook and Instagram in the lead, closely followed by Twitter . We are going to tell you what the most common methods are and what we can do to avoid them, or at least try.
OSINT as a method to enter your accounts
The cybercriminal in question will try to access your data using the passwords they have obtained with a little tracking of your activity. This social networks make it extremely easy , since sometimes our passwords are the name of a close relative, such as a partner or children, the name of our pet, a date set for us, etc. These kinds of things are what can be obtained by collecting data within social networks, since it is practically in sight by just following one of these accounts.
Facebook, the great goal. Facebook has once again become the most used social network in the year that has just ended, 2020. Without a doubt, it has a great deal of information about us and our relatives. Many times we think that, because a website is so well known or does not ask us directly for our bank details, it cannot be potentially dangerous, and that is not true, also thanks to Facebook games we can add our bank details to the equation of theft which can get us a pretty nasty scare.
With this type of data, cybercriminals, or buyers of this type of account, can carry out an identity theft to, for example, request a bank loan with our names, or impersonate us to make some type of illegal purchase .
Instagram is another giant, it has a number of personal documents both written and graphic that many times we can think that they are not so important, but they can be used for the same, make identity theft much easier. Sometimes there have also been cases of blackmail, the cybercriminal would publish private content if their demands were not accepted.
Twitter seems harmless, because we only go in to make a small comment or see who has said what at any time. But the real danger of Twitter is that it is a giant channel of information , every day they try to steal the accounts with the most followers for promotional or advertising purposes since it can reach a large number of people in an extremely short space of time.
What we advise you to avoid this type of problem is to be extremely scrupulous with the data that you publish on your social networks, that you refrain from unnecessary excesses of information, that when choosing a password, it is a secure password that does not It can be discovered through social engineering because someone checks your networks and scrutinizes your life, and above all, that you change your password from time to time to one that is even more secure than the previous one.
Using the same password for everything, bad idea
In this section there is not much to say. And to some it will seem crazy, but this happens, and it happens continuously. For making access to social networks, email accounts, messaging accounts less complicated … We use the same password for all of them and that is a huge error, since the moment they have access to an account, the rest will fall due to effect. dominoes, being totally at the mercy of the cybercriminal in question and whatever he wants to do with each of our accounts.
The solution is simple, use a different password for each access, and do not do the typical thing to change a letter or a number, quite different keys. Create a password that is totally different and secure for each account, use uppercase and lowercase letters, use numbers and to make it even more complicated, use some weird character such as the at sign or the umlaut.
Using public Wi-Fi networks without a password, another big mistake
The owner of the network, or practically anyone, can intercept network traffic by instantly obtaining our passwords with a simple traffic analysis program, this act is known as sniffing . In this country, using an open network in order to obtain user data through sniffing is a practice that is totally illegal, but it does not mean that it is not used, so we must pay special attention not to use these “free” networks , or In case you need forced access to the Internet and have no other way, do not connect to any of our social networks so as not to have any type of problem.
Simulated email attack, full-blown phishing
Many times we receive emails from our bank, our telephone operator, or any other important entity in which it is reflected that there has been some kind of problem and that a review of our data is necessary to solve it. Sometimes these emails are so heavily worked that they are exactly the same as the one used by the entities in question. This link takes us to a similarly worked page where we are asked to confirm the data , and when entering it, it will deliver the message that the problem in question has been solved and that we can use the service normally, well, we have just delivered our account to another person.
Absolutely no entity is going to ask us for our password to access our account , it is possible that at some point they will ask us for other types of data because they update their security policies or some other management of this type, but they will never ask us for our password.
To avoid this type of problem, we have it easy, if they ask us for a password on something, we close immediately . Another essential clue to detect a simulated email attack is the sender’s address, if, for example, our bank has to communicate something to us, it will do so through a simple and easily recognizable address, however, the addresses from which it arrives. type of emails are very strange addresses and it is easy to see that they are not reliable.
Keylogger or Keystroke Analyzer
These types of programs are usually undetectable since they can enter your computer through some mail of dubious origin, this type of program will record every keystroke and save it in a file which will be automatically sent to the sender. This presents the threat clearly, everything that is typed with the keyboard will be from another person, keys, passwords, private numbers, conversations, everything.
Given this, it is best to have a good antivirus and antimalware installed and scan your computer periodically . We have given you specific measures for each case, but the truth is that there are measures that work in all cases. The best thing is to use common sense to know what to make public and what not to do, and to have our team protected with security measures such as an efficient antivirus which is able to face threats without problems.