The internet is a staple in most people’s everyday lives. It is a terrific place full of excellent information, but it is also filled with many dangers.
We all know we need to stay safe while using the Internet, however, we might not know precisely how to. In the past, Internet security was mainly about protecting your pc from viruses. But today, the Internet’s enormous reach, continuously changing technologies, and growing social character have made users more vulnerable to identity theft, privacy violations, and even harassment.
The Question often asked is: How To protect Facebook, Gmail, Twitter and Instagram account from hackers? So in this article, I will focus on methods hackers use to hack into your accounts and ways to stay secure.
Phishing is a Most common method used for hacking especially banking related frauds and social media websites hacking. Hundreds of users fall for such phishing scams every day.
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Let’s understand how Phishing scam works!
You receive an urgent email or message of some sort, allegedly a trusted source (e.g., Social media, bank or even an online store where you usually shop).
The email appears to be legit with a perfect logo, same color scheme and all the text/images mimicking everything, giving no reason to doubt the authenticity of the email.
Such emails would usually ask you to click on a link(malicious) which will take you to a Fake login page or any page asking you to grant permission.
When you enter your “email address” and “Password” and hit the login button your details are sent directly to the hacker, your account gets hacked in just a click.
Read more on phishing in my previous article
Keylogging is the easiest way to hack an account. Keylogger is a tiny program developed by hackers to record the key values typed in using a keyboard. Such keylogging software can be installed by physically accessing the PC/laptop or by sending an .EXE file and asking them to run on their system.
Apart from just email usernames and passwords keyloggers can :
- take screen captures of the device at periodic intervals
- capture copies of all sent emails
- record the URLs that were visited via Web browsers, and possibly also take screen captures of the Web pages viewed
- log a list of the applications run by users on the device
- capture logs of all instant messaging (IM) chat sessions
automatically send the reports containing stored logs and emails to a remote location (by email, FTP or HTTP).
Tip: Use a virtual keyboard on Banking sites if you suspect a keylogger has infected your machine.
Session Hijacking (Sidejacking)
Session Hijacking a.k.a Sidejacking is when an identity thief spies in your Internet session while you use your laptop at a public, unsecured WiFi connection to the Internet, or “hotspot.” Frequent hotspot locations are airports, coffee shops, hotels, and a few downtown city locations.
It is when an attacker gets hold of a user’s authentication cookie, allowing them to do anything that the user can do on a particular website. In other words, the attacker is now able to take advantage of your cookie to impersonate your accounts and can do everything that a user can do if logged-in to some website.
Session hijacking is widely used on LAN’s and Hotspots.
FaceNiff is an Android app that allows anyone to sniff and intercept web session profiles over the Wi-Fi that your mobile is connected to.
It is possible to hijack sessions only when Wi-Fi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK). The phone needs to be rooted for this app to work and web user needs to be on Unsecured Socket, i.e., non – SSL.
Botnets aren’t widely used for hacking Facebook accounts, due to its high installation costs, They’re utilized to carry more complex attacks, A botnet is a collection of computers infected with malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam,
The infection procedure is like the keylogging; nevertheless, a botnet gives you, additional options in for carrying out attacks over a network.
Botnet attacks are to perform distributed denial-of-service attack (DDoS attack), steal data, send spam. Some of the very well-known botnets include Spyeye and Zeus.
Now that we know how most common attacks work – let’s understand how we can protect ourselves from being a victim to hackers.
Update Passwords frequently
Updating your social media passwords enables you to protect your social media accounts from being hacked. Don’t make the mistake of using a single password for all accounts. It would be easier for the hacker to access all account with just one password. Keep different password for all accounts and possibly change every month. Select your passwords smartly, ensure that your password is a mix of alphabets, numbers and special characters making it stronger and hard to crack.
Note: When choosing a password, avoid using names of your loved ones, ex’s, pets and numbers such as your phone numbers, room number, date of birth, vehicle number which can be easily guessed.
Link your accounts with Verified Mobile No.
Always secure your important account by linking it to a mobile number. If anyone tries to access your social media accounts without permission, jailbreak into your account in your absence your social media/email service will notify you with a message regarding suspicious activity.
Facebook Trusted Contacts
Facebook has an option to add Trusted contacts to help retrieve your compromised account. If your account gets hacked, your trusted contacts can help you get your Facebook account back by verifying your identity, the real you. I strongly recommend enabling this feature to keep your Facebook account safe forever and never lose your account.
PS – Visit www.facebook.com/hacked in case you suspect that your account might be compromised.
Use HTTPs Connection
HTTPs Connection will help you to build a secure connection over the internet, be sure to check your URL before signing in, look for the HTTPs along with the lock symbol in your browser address bar. Using this attribute a rare opportunity, that a cookie hack on your social media account.
Never Save Passwords.
Many of us often use our social media accounts in cyber cafes or your friends’ laptop. After entering the credentials and as you sign in your account you might have noticed a popup usually on the top right of your browser asking “Do you want to save your password for this site.” Always use Never unless it’s your personal computer or laptop.