From stolen cookies to invisible interfaces, do you know some more advanced ways a cyber criminal could target you?
Discover five types of hack you might not know and top tips on how to avoid them.
With the constant evolution of technology, the ways for a cyber criminal to target you continue to grow.
You might have heard of some basic types of hacking such as phishing or ransomware, but what other forms of cyber attacks are out there?
To stay one step ahead of cyber criminals and keep safe in the digital world, check out these five types of hack you might not know and how to avoid them.
Here we go!
1. Clickjacking
Imagine you’ve just received an email from your bank saying you urgently need to log in to your online bank account.
You click the link in the email and reach a login screen that looks just like your online bank. From here, you fill in your login details, but nothing happens.
Later, you check your bank account, and your bank has made a transfer without you knowing it.
Uh oh! You may have just become a victim of clickjacking. But how?
What happens during a clickjacking hack?
Clickjacking can happen on any internet-connected device. This type of hack enables cyber criminals to insert an invisible user interface layer over what you see on your screen.
When you click or type something, you unknowingly interact with the invisible layer that the attacker has placed over the page.
An attacker could use a clickjacking hack to:
- Steal personal information such as bank details
- Divert you to sites containing malware or spyware
- Make you change settings or permissions on your device unknowingly
- Trick you into liking or following social media pages
- Get you to unwittingly share a clickjacking attempt to other people
How to avoid a clickjacking hack
- Don’t immediately trust emails that request “urgent action” or ask you to log in to online banking.
- Don’t visit non-secure sites.
- Avoid clicking on suspicious ads or links.
2. Keylogger
A keylogger is used as a form of malware to record your keystrokes as you type. Cyber criminals use keyloggers to steal your login details for any application or service you use.
What happens during a keylogger hack?
The most common type of keylogger attack is a software keylogger.
A software keylogger could be installed on your computer through an infected application or link from a spear-phishing email. Your keystrokes are then automatically transferred to the attacker.
A hardware keylogger has the same purpose as a software keylogger but must be manually connected to your physical computer. It’s another way to track keystrokes, but it’s more of a risk for a hacker to set up, so less common.
Did you know - keyloggers are also used to catch criminals! During certain criminal investigations, a keylogger might be installed on a suspect’s computer to track their digital activity and gather evidence against them.
How to avoid a keylogger hack
- Learn to identify and avoid phishing attempts.
- Avoid visiting suspicious-looking websites.
- Don’t click on links that you can’t trust.
- Only install software from trusted sources.
3. Bait and Switch
Have you ever had an ad pop up saying something like, “you’ve just won a free iPhone” with a button to claim it?
Don’t click it, or you could be the latest victim of a bait and switch hack!
What happens during a bait and switch hack?
Bait and switch hacks work by using an enticing but completely untrue ad as bait to get you to click on it.
By clicking on the ad, you could allow your computer system to become infected by:
- Downloading malicious software on your system without you realising it
- Being sent to a harmful website that contains malware
- Initiating other attacks such as clickjacking
How to avoid a bait and switch hack
Don’t take the bait! Always trust your instincts, and if you come across an ad that sounds too good to be true, it probably is.
4. Distributed Denial of Service (DDoS)
Attackers use DDoS hacks to crash a network, website or application, preventing others from gaining access to it.
An attacker doesn’t necessarily have to gain anything from a DDoS attack. A DDoS attack can destroy a company’s reputation, target a person or business’s source of income, or just cause annoyance.
How does a DDoS hack work?
A DDoS attack occurs when an attacker overwhelms a network with too much traffic, causing it to crash.
The illegitimate traffic is created by multiple systems that may target a network all at once or in waves.
How to avoid a DDoS hack
Using a VPN hides your IP address, preventing an attacker from carrying out a DDoS attack on you.
However, you’re not likely to be a target of a DDoS attack as an individual. The threat of DDoS attacks on organisations is much more likely.
Many companies employ cyber security professionals to strengthen their defences and prevent DDoS from rearing it’s ugly head!
Cloud services such as serverless, autoscaling and CDNs can absorb and work with ongoing heavy loads or sudden spikes in traffic.
Discover all the basics you need to know about DDoS attacks
in our blog post.
5. Cookie Theft
Cookie theft is when an attacker uses cookies to take over your online user session to perform actions as if they were you.
A user session happens when you log into a site such as your social media or online banking and ends when you log out.
What are cookies?
Browser cookies act as a lookup ID for websites to search for current information about you, such as your login state.
This way, you don’t have to enter login details every time you browse between pages or on sites that “remember you” when you revisit in the future.
Cookies are handy when logging into services and browsing online, but they can provide instant access to a user’s current session if the cookie is obtained.
What happens during a cookie theft hack?
A cyber criminal needs to know your session ID to execute cookie theft.
An attacker can find your session ID by stealing your session cookie, often done via other types of hack such as cross-site request forgery (CSRF) or cross-site scripting (XSS).
Cookie theft can be carried out against both large organisations and individuals. Once the attacker has stolen your session ID, they can perform actions that only you should be able to.
An attacker could use a cookie theft hack to:
- Transfer money from your online bank account
- Steal your personal information to carry out identify theft
- Access financial systems or client data from companies
How to avoid a cookie theft hack
- Enable multi-factor authentication on your online accounts.
- Don’t click on suspicious links.
- Enable safe browsing on your internet browser.
Are you a smart enough cookie to fight back against cyber attacks? Catch criminals and discover many more hack types in CyberStart’s challenges - try for free!
