Hardly a day goes by without hearing about someone getting an online account “hacked.” Understanding how this type of “hacking” occurs in most situations will go a long way toward helping you protect your online accounts. Even though hacking or “cracking” is spoken of in magical or even mystical tones – computer wizards targeting you with silent and invisible attacks from which you are ultimately defenseless, the real story is far less mysterious.
Fortunately, Chris Hoffman’s excellent post called “How Attackers Actually ‘Hack Accounts’ Online and How to Protect Yourself” is a welcome starting point and primer for all of us to understand how accounts get broken into and the simple steps we can take to make our accounts safer than they are now.
As he says, “Knowledge is power. Understanding how accounts are actually compromised can help you secure your accounts and prevent your passwords from being ‘hacked’ in the first place.”
He highlights five key problem areas:
1. Reusing Passwords, Especially Leaked Ones. This dangerous practice has become even riskier as lists of leaked passwords are now widely available and incorporated into password “dictionaries” used by the bad guys. Gaining access to one account can result in compromise of many accounts.
2. Keyloggers. Malware is, well, bad. Some malware is very bad and keyloggers are example of the very bad kind. Once installed without your knowledge on your computer, a keylogger simply logs your keystrokes and sends them off to the bad guys to analyze at their leisure. Since all keystrokes are logged, some of your passwords will likely be revealed. Install antivirus and antimalware tools, keep them updated, and run them.
3. Social Engineering. From emails appearing to be from reputable companies where you have accounts to legitimate-sounding phone calls to other tricks, there are many ways to get you to give up your password on your own volition. Think about it – should anyone at all ever need to get your password from you? Then why would you give it to anyone?
4. Answering Security Questions. To add another layer of security, many accounts require you to give answers to questions that have answers that are easy to find – mother’s maiden name, where you were born, and the like. At this point, it’s probably best to make up answers for these questions.
5. Email Account and Password Resets. Hoffman’s best advice is to protect your main email account because so much is tied to it. If someone gets access to your main email account, he or she probably will be able to request password resets on other online accounts. Once he or she changes your password, there’s no need to know yours anymore, is there?
Hoffman goes into detail on each of this points with clear and easy-to-understand explanations and I can’t recommend Hoffman’s blog post highly enough.
He ends by saying:
”People who say their accounts have been “hacked” are likely guilty of re-using passwords, installing a key logger, or giving their credentials to an attacker after social engineering tricks. They may also have been compromised as a result of easily guessed security questions. If you take proper security precautions, it won’t be easy to “hack” your accounts. Using two-factor authentication can help, too — an attacker will need more than just your password to get in.”
In this case, a little knowledge will give more than a little power to help you protect your online accounts.