How to Protect Yourself From 5 Most Popular Data Hackers

Hackers can take a number of detours to extract personal data or money from you: ransomware, phishing, password theft, bogus websites, and "trick" Wi-Fi networks. How to identify and protect yourself from these most common threats.

The worldwide wave of ransomware that blocked the computer systems of hundreds of companies in May and June 2017 was a severe wake-up call to those who believed they were safe from Internet hacks. Employees working in their company on their connected computers are not necessarily more protected from computer threats than when they surf the Internet from home.

The reason is due to the variety and sophistication of the techniques used by hackers to extract personal data or money from you. Here are five of the most common threats and ways to anticipate or deal with them to avoid being trapped when the time comes. Often, a little common sense or prudence is the best advisor.

Ransomware

What is it? 🙄

This type of threat is based on a malicious program ( malware ) that triggers encryption of all files on a computer. This computer code may have been installed on the PC via phishing technique (see below) or via a "trick" USB key imprudently connected to the computer. Result: the "infected" computer becomes totally unusable and its screen usually displays a message warning that it has been blocked. The objective of this malware is to extort a ransom(hence its name) in exchange for the computer decryption key which, on its own, will (perhaps) recover the data from the PC by unlocking it. Until the ransom is paid, the hacker refuses to decrypt or return the files. "In a professional context, the damage incurred can be particularly significant. Indeed, the volume of data likely to be lost is higher and will cause all kinds of problems in terms of business continuity" explains Lionel Goussard, Director from SentinelOne, a cybersecurity company. Ransomware is at risk of becoming a lasting trend as it provides a profitable business model for cybercriminals.

How to fix it? 🤔

Preventively, it is advisable not to click on any e-mail of dubious origin, a fortiori on its attachment, which also obliges to be vigilant on suspicious extensions of the attached files. Especially the names of files ending in .exe, capable of penetrating the computing processes in their heart and which can contain malicious computer code. The difficulty with this recommendation is due to the fact, explains Anssi(National Information Systems Security Agency), that this type of attack is based more and more on the usurpation of the identity of the sender in order to fool the recipient whom he invites to open a document malicious attachment or to connect to a link to a malicious website. Software updates correcting computer security vulnerabilities must also be systematically installed, some hackers exploiting these vulnerabilities. The other recommendation is more curative. It is a question of implementing regular backups of its data (defined at suitable intervals), acting as a guarantee in the event of an attack by making it possible to recover at least the data used on the blocked computer.

Phishing (or phishing )

What is it? 🙄

The purpose of phishing is to get the user to click on a fake website or an attachment from an email impersonating a sender to better deceive the recipient. It can be used to introduce malware which will then "infect" the computer for the purpose of blocking (see the previous case) or espionage and data theft (see the following case). Its objective is also to get the user to connect to a "decoy" site to leave his personal details such as his login credentials to a banking service or his bank card numbers, which he will have communicated of his own free will. . Phishing can also be used in more targeted attacks targeting company employees. It is about trying to obtain the credentials of access to the internal professional networks of the company. The stake will be, in the latter case, to pirate data with high added value such as a client file or future projects stored on the pirated computer. The

How to fix it? 🤔

Many recommendations are mostly common sense. Even if cyber criminals pose as a person, a company, or an administration with which we are used to communicating via the Internet to deceive our vigilance. "If an email seems questionable or unusual to you, do not click on the attachments or on the links it contains!" Explains Anssi. You should also check that your antivirus is up to date to maximize its protection against malicious computer programs, even if this precaution is not an absolute guarantee.

Password theft

What is it? 🙄

This type of hacking consists of stealing passwords with more or less sophisticated means. This ranges from hardware or software device capturing keystrokes on your keyboard without your knowledge ( keylogger), hacking a merchant site containing thousands of customer passwords. Other techniques use malware installed on the browser without the knowledge of the Internet user or consist in increasing the number of password entries, based on information (date of birth, names of children, etc.) collected on an individual on social networks that he uses until he finds the "sesame". The goal is then to access an email box or the account of an e-commerce site in order to collect other confidential or personal information that can then be cashed in or used directly for fraudulent purposes.

How to fix it? 🤔

When it comes to passwords, the first risk factor is the user himself. The chosen passwords must be "complex", ie long (minimum 8 to 10 characters), include numbers, lower and upper case letters, special signs mixed together. They should be changed regularly and if possible be different between e-commerce sites or bank accounts. It is also to avoid storing passwords in a file on a PC exposed to the risk (example: permanently connected to the Internet). Likewise, it is better not to send your passwords to your personal e-mail or communicate them by SMS to your relatives even when they need them occasionally. The Anssi goes as far as used during a trip abroad on the grounds that They may have been intercepted without the knowledge of the traveler.

Fake websites

What is it? 🙄

Fake websites but having all the appearances of real websites, imitating their logo or their look and feel, exist only to deceive the Internet user and collect his bank details or his passwords. The most frequent "copies" are either administration sites that frequently use online payment such as tax (for fines), or e-commerce, or online banking sites. You may be enticed to surf on these bogus websites, which often have a fleeting existence, by e-mail using phishing techniques (see above).

How to fix it? 🤔

Pay special attention to web links clicked on via an attachment or email. Many cyber criminals use massive phishing, through emailing hundreds of thousands of Internet users, to try to redirect them to their pirate sites. "One letter or character too much or less can lead you to a completely different website," explains Anssi. It is better to prefer entering the addresses of websites directly on the address bar of your browser as well as links starting with "HTTPS", ie sites with which payment-related transactions are secure and encrypted on the Internet.

"Trapped" wi-fi networks

What is it? 🙄

When you are in a public place (street, café, library, airport, shopping center), looking for an "open" wi-fi network to connect your smartphone or tablet, you should be wary. Like bogus websites, "tricked" wireless networks only exist to steal the data of the Internet user who will have imprudently connected to them. This threat is particularly true for employees traveling with a company PC or tablet containing confidential professional data, which could be hacked by this means.

How to fix it? 🤔

The mobile user in search of "open" wi-fi networks when on the move, will have every interest in looking closely at the name of the wireless network which is presented to him. He will have to make sure of its authenticity, even if it means asking a manager or a local employee if it is indeed the "official" wi-fi network of the place where it is located. It is recommended that you do not connect to e-commerce sites or consult your bank accounts via these wireless networks.