If you’ve watched Mr. Robot (streaming on Netflix at the moment) or any other series/movie about hacking, you’re probably already pretty paranoid about cybersecurity. And for good reason.
With technology continuously advancing, it has become easier for hackers to exploit users and use data to their advantage. Most of us who are on social media have probably seen friend’s accounts being hacked with attackers posting explicit or other unwanted content on a friend’s profile. It seems small but could potentially lead to more serious hacks. Here is a little bit more about cybersecurity threats…
Hacking Methods
The most common types that are used on everyday people like me and you are phishing, credential stuffing and password spraying. These could be carried out by any hacker, whether you know them or not.
Phishing
Most of us are familiar with the term as it has become very popular and is an easier way for a hacker to get to your information. Phishing is when the hacker “tricks” you into giving up your details. The attacker usually uses something like an email prompting you to click on a link and takes you to a cloned site where you then enter your details thinking you are on the true site. Many banks are targeted like this (yes, in South Africa too) which is obviously a serious problem.
To stay safe, make sure that you recognise the link you are on – so for the Webafrica Customer Zone, for example, you can ensure it’s always: https://webafrica.co.za/clientarea.php It’s very important to rather go straight to a site you know is legitimate by typing the true site’s URL straight into the web address bar.
Always check the sender’s email address and if it looks strange, try to Google it first and check if there are any scam reports for it. Don’t open attachments if you’re not sure the email is legitimate. A dead giveaway usually is that the emails and cloned sites will typically contain spelling and grammar mistakes. Usually, hackers are working fast and not all are English-speaking, so you’ll probably notice a few strange typos.
Password Spraying
The hacker uses a list of commonly used passwords against various usernames until he finds a match between a password and a username. It’s a bit like the wheel of fortune – spin it until you win it. Well, in this case, the hacker would be the winner sadly. The best way to not get caught by a password sprayer is to use a password manager with randomly selected passwords that mean nothing at all. It relies on bad password habits. Spraying is a lot more specific in the attack as they will typically only attempt passwords four times to avoid an account being locked (in the event of a lock-out account system where you can only enter the password incorrectly five times).
Credential Stuffing
Like Password Spraying, this is a bit of a roulette game. The difference here is that they use details that they have already stolen and start testing it against other sites. So after a data breach, there will be a list of email addresses, usernames and passwords which they will then use to try to log into other sites. It works on the idea that people reuse passwords on different sites. This is where it becomes important to always have unique passwords for every account you create.
If you want to see if your passwords have been compromised you can sign up for a website like Have I been pwned where you enter your email address and they give you all the sites that have been breached.
Other
Other hacking methods are a bit more personal. We won’t go into it too much as the chances are lower for you to be hacked in these ways, but here’s a quick rundown:
Keylogging: Here the hacker knows the victim either personally or has an interest in the victim (political figures, corporate/state espionage for example). This will require the hacker to gain access to the victim’s device/machine to install malware. Your password strength won’t matter much here. Your only defence will be a good endpoint security system.
Brute Force: This you will probably see in many movies. Credential stuffing and password spraying are versions of brute force attacks with a common underlying theme: trial and error. It’s where the hacker runs an algorithm against encrypted passwords. Password length is your best bet if you’re scared of these more forceful attacks. Keep it above 16 characters and use capital letters, special characters and numbers somewhere.
Local Discovery: This is basically when a friend, colleague, acquaintance or relative finds out your password – maybe you wrote it down somewhere – and uses it to log into your account without your knowledge.
Extortion: This is exactly what the name suggests. A hacker will blackmail you for your login details with reasons and demands depending on your relationship with the person.
Precautions You Can Take:
- The most obvious precaution: don’t write down your password where someone can find it.
- Use two-factor authentication if it’s available. Not all sites have it available yet but if you do, it’s definitely a good thing to have. WhatsApp also recently introduced it, which we recommend you activate as WhatsApp hacking have become a popular new trend.
- Don’t ever use a password that means something to you like your maiden name, a birth date, your child’s name, etc. And never, ever, ever use something like “Password1” or “1234” or “QWERTY” – those are way too easy to hack. Here are the most popular passwords to definitely stay away from.
- Use a password manager to randomly select passwords and store it for you – this will also help you to not reuse passwords and make you vulnerable to repeat attacks and credential stuffing.
Password Managers
We strongly recommend you use a password manager for your login details. These managers help you to keep all your passwords safe in one place with no need to worry about remembering them. Not only can (most of) these password managers generate passwords, store your passwords and auto-fill for you on multiple devices, they can also do dark web monitoring for breached passwords.
These are some that you could make use of:
1Password: One of the more popular password managers out there. Get a 14-day free trial and thereafter pay $2.99 (roughly R53) per month which will be billed annually or for a family of up to five, $4.99 per month. It’s a user-friendly application without complicated technical language and includes advanced security that will make you feel much safer.
LastPass: This password manager is known for its simplicity and ease of use. The best part of LastPass is that you can get it for free for one person/one device. You will still get a 30-day trial of Premium so you can get a taste of the advanced features. If you decide to upgrade your subscription, it will come at a price of $3 per month, billed annually. On Premium you can add an unlimited number of devices and on the Family plan ($4 per month) you can have unlimited devices for up to six users.
Keeper: With a very high customer satisfaction rate, Keeper is a very trusted source out there. They have various payment plans that you can choose from; Student, Family, Personal, Business and Enterprise. It comes to only $2.91 per month ($34.99 billed annually) for the Personal standard package.
NordPass: There are two options, a Personal Plan or a Business Plan. They are a bit cheaper than 1Password if you opt for a one-year plan at $1.99 per month working out to about $23.99 for the year. If you’re not ready to commit to a year, you can opt for a month-to-month basis at $4.99 each month.
Bitwarden: This is considered one of the best free password managers out there by a variety of sources. It can be used across an unlimited number of devices (unlike many other free versions). If you don’t want to pay for your password protection, this is the next best thing you can get. You can also add additional features if you’d like through a Premium subscription at $10 per year (one of the cheaper options out there coming in at less than $1 a month) or the Family plan for only $3.33 per month. There’s also Bitwarden for Business starting at $3 per month per user, should you want to get it for your business.
If you want to do some more research on the subject and weigh the pros and cons, we found this PC Mag article to be very helpful in the ratings and they provide a section where you can compare specs as well.