Ways hackers can steal information from your device


The advent of the digital age is a blessing in a way that makes life easier, but comes with some challenges including malicious hackers and cyber attacks.

The threats posed by hackers to organizations and individuals have become a major concern as these fraudulent elements continue to increase and devise new methods to carry out their sinister deeds.

According to research by a software testing company, as many as 30,000 websites are hacked daily worldwide and every 39 seconds a new cyberattack is launched against someone on the web.

Let’s dive deeper into how hackers work and how you can protect yourself from cyberattacks and scams.

Social engineering

Social engineering is tricky! Hackers can manipulate you into pretending to be someone you know and coercing you into action if they want to steal your information. For example, they can send you a link from a hacked social media profile and create urgency by asking you to take action.

After clicking on the link, you will be redirected to a page that will ask you to sign in to your Google or Apple account, or similar. But the form does not connect to your account, rather it will be a fake login page created by scammers to steal your login credentials.

A recent example of a successful social engineering attack includes Singaporean scammer Ho Jun Jia (a/k/a Matthew Ho, a/k/a, Prefinity a/k/a Ethereum Vendor) who is now in jail for scamming in the name of co-founder and co-president of Riot Games Mr. Marc Merrill.

Ho also used his social engineering skills to trick Google and Amazon Web Services (AWS) into providing $5.4 million worth of cloud computing services using Merrill’s personal data.

keylogger

Keylogger is designed to secretly spy on victims and can capture everything you type on your keyboard and every command you execute. It captures your passwords, credit card numbers, keystrokes, and browsing history.

It should be noted that a keylogger can be software or a hardware device such as a malicious USB drive.

Software keyloggers sneak into your computer system via harmful links or attachments. A hardware-based keylogger can be installed on your device if attackers have physical access to your computer.

Listening to public Wi-Fi networks

Wi-Fi eavesdropping can be defined as the act where your vital data is stolen by a hacker after exploiting an unsecured public Wi-Fi network. Since some public WiFis allow insecure data transmission, your vital information and unencrypted files are at risk of hacking.

One of the tricks used by hackers is that they would name their hotspot after the name of business premises or mall etc. Wi-Fi will likely be free and password-less, so you’re tempted to opt for freebies.

Once you connect to the hacker’s Wi-Fi, they can see everything you do and steal your personal information, including your passwords. You can avoid this by not using public Wi-Fi, using your own hotspot device, and turning on your VPN at all times.

SIM swap fraud

A SIM swapping attack occurs when one or more cybercriminals call your network provider and impersonate you. They claim that your SIM card is lost and want to transfer your number to a new hacker-controlled SIM card.

Of course, your network provider will ask a few questions to identify the person requesting the exchange. These questions are easy to answer based on the information you have provided about yourself on your social media accounts. (Do not share your personal information on social networks).

In the era of two-factor authentication (2FA) and USSD banking, your SIM card is coveted by hackers. This is because when they get your SIM card, they can bypass 2FA and intercept OTP (one-time password) because the verification code is sent to your redeemed phone number.

Stock and forex brokers also offer online trading apps that use 2FA to verify and authenticate users. When your SIM card has been swapped, this verification code is sent directly to the hacker who now controls your phone number.

Once the attacker has the verification code, they can link a new account to your investment, crypto wallet or trading app and transfer funds. They can also use the funds in your account to buy worthless shares from other scammers, making them richer and you poorer.

browser hijack

An attacker can install malware directly into your Internet browser without you even knowing it. This can happen when you click on an unknown link or download an app from a third-party store. Most of the apps available in these stores are Trojans, which means they are not what they claim to be. By installing them, you might also install a virus in your browser.

Your browser virus then starts redirecting you to hacker-controlled sites that look like legitimate sites. From there, your passwords are collected and used to access your accounts.

IP spoofing

This is the act by which a hacker hijacks your browsing connection using a fake Internet Protocol (IP) address. A publication from Dell Technologies shows that there are more than 30,000 spoofing attacks every day worldwide.

IP spoofing scams mostly happen where internal systems trust each other in such a way that users can access them without a username or password, provided they are connected to the network .

It involves impersonating a fake computer IP address in a way that looks like a legitimate address. During IP address spoofing, attackers transmit a message to a computer system with a fake IP address that shows the message is from a different IP address.

Domain Name System (DNS) Spoofing/Poisoning

The term ‘spoofing’ has to do with identity theft. In this case, a hacker’s computer pretends to be a legitimate computer on a network. A domain name is simply a website name such as “www.google.com”.

DNS spoofing, suppose you want to visit Twitter and you type the domain name “www.twitter.com” into your browser’s URL bar. This domain name is sent to a DNS server which converts the Twitter domain name to an example IP address of 172.28.213.15 which is assumed to be Twitter’s official computer server IP address.

The hacker spoofs it by tricking the DNS server into converting Twitter’s domain name into a different The hacker-controlled IP address that takes you to the hacker’s server instead of Twitter’s server.

The attackers could have designed a fake Twitter page and hosted it on his spoofed server. Once you try to log in, they can steal your password and use it to access your account.

The result of DNS poisoning is that any information you send is routed through the hacker before it hits the web. This allows them to steal your passwords and access your accounts.

Domain spoofing

This online fraud, also known as a homograph attack, occurs when a hacker uses a domain name that closely resembles the website you are trying to visit. By committing this act, the attacker replaces the characters of the fake domain name with other non-ASCII characters that look very similar in appearance.

It will be designed in such a way that you might not notice the difference as you would be assured of the secure browser connection. To begin the HTTP spoofing process, the cyber attacker’s first step is to register a domain name that looks similar to yours.

The scammer would then continue to send you a link, and you probably won’t notice that you are visiting a fake version of the site you intended to go to, since the majority of browsers display puny code hostnames in their address bar. One such example is:

It’s Google.com not ɢoogle.com

This scam system is even designed to prove to you that the website’s SSL certificate is real, thus preventing you from detecting the fraud.

Session hijacking

When you visit a website, you may notice a pop-up prompting you to allow cookies. Cookies refer to your personal information temporarily stored in the cache memory of your computer and are deleted after you leave the site. (Here’s how to permanently disable the cookie notice).

Cookies contain a unique “session ID” number which, if obtained by an attacker, will allow them to take control of your session. An attacker can steal your cookies using different means such as phishing scams where they send you an email containing a malicious link. When you click on the link, it installs malware for session hijacking.

The point here is that once an attacker steals your cookie or gets your session ID, they can take control of your browsing session and if you were visiting a banking website, they can steal your funds. You may notice the page freezes, or a technical difficulty while this is happening and when it’s over, your money is gone.

Don’t be caught off guard

  • Never download files from suspicious emails, messages or contacts. Also, never click on a link shared by an unknown source, or enter your account details and password on websites you don’t trust.
  • Make sure your two-factor authentication is enabled. Or you can also use token-based logins.
  • Do not send PINs, passwords and your financial information via text message or email.
  • To guard against IP address spoofing, be sure to use a Virtual Private Network (VPN). Or use anti-malware software with web protection, which blocks unknown websites.

Previous Debt Consolidation Loan Vs. Balance Transfer Credit Card - Forbes Advisor
Next One of the first "computer bugs" was a bug - literally