How do Hackers steal your passwords? |DROP Organization

Posted by on

In this digital era, we keep every information in the locker of internet, locking it with passwords and tends to feel safe. Passwords act as a key to safeguard our financial data, company secrets, and other confidential information. However, some malicious attackers try to open these locks by cracking or stealing the passwords through various methods. They, then use it for malicious and unethical activities. But the question is how do they get your passwords?

How do the hackers steal passwords?

There are numerous ways to attempt password theft. Generally, the simplicity and ubiquity in the passwords attracts the hacker most. They are either being stolen in data breaches or mocked for being too simple. Here are some of the tactics used by the malicious hackers to steal passwords:

1. Phishing Attacks: 

Hacker tends to get an unauthorized access to systems through the process of social engineering. Phishing attacks are a common social engineering attempt that use fake emails, texts, or phone calls, that appears to be legitimate entities. They in turn, trick us into providing confidential information like passwords.

2. Malware: 

To perform data theft, hackers inject malicious software like adware, worms and viruses into the systems of the target. These malware interfere in the functioning of your system. Malware are be as simple as like annoying and as dangerous as stealing money, sensitive data and passwords. 

  • Spyware- It is a form of malware that gets installed by itself on your system and collects information. As you work on your systems, spyware steals sensitive information from your device such as usernames or account passwords, as soon as you enter it and can be stolen by the hackers without your conscience. 

  • Ransomware- Hackers use this malware to prohibit the operations of the computer until a ransom is paid via cryptocurrency or a credit card. This way, the hackers get motivated to do similar crimes in future, on fulfillment of their demand.

3. Brute-force attacks: 

This is a trial and error method to get you passwords. Brute-force attacks use software to guess the passwords of the user and continue it till hackers find a match. Instead of stealing or purchasing the password, hackers obtains it through computer-assisted guesswork. 

4. Password reuse:

 You must have used similar passwords for our different accounts. Reusing passwords can be a dangerous habit that puts your multiple accounts at risk. If one of the accounts are breached, the other are at a high risk of being exposed. 

5. Man-in-the-middle attacks: 

Here, the hackers positions themselves virtually between two parties to intercept data travelling between them. MITM attacks can be performed in places with unsecured WiFi connections such as airports, cafes and hotels. The WiFi networks are spoofed to name similarly as legit networks to deceive the users. 

6. Dictionary attacks: 

This a subset of brute-force attacks that cycle through lists of common password phrases and patterns to improve their odds of success. Dictionary attack leverages on the passwords available in the list of commonly used passwords.

7. Shoulder surfing: 

It is an old-fashioned physical password theft method. At present, we have all the high-tech tools to steal passwords from unknown parts, but despite of them, this traditional method work as threat. As the name implies, shoulder surfing involves stealing confidential information be looking over the shoulder of the target. Passwords are written on sticky notes or slips of paper are often prone to this attack. This method is appropriate to steal PINs in places like gas stations, ATMs and supermarkets.

8. Unsafe password sharing:

 Often, we share our passwords with friends, family and near-dear ones, for video streaming and online retail accounts. This increases the risk of password theft. The information can be intercepted while being shared, if an unencrypted method like text messages is used for sharing. Or else, sharing passwords exposes everyone in the group if one among them is infected.

How will you know that you're hacked?

Some of the methodologies used by the hackers such as spyware, are designed to go unnoticed, which allow the hackers to steal more passwords and other sensitive information for a longer period of time. Other methods may have visible signs you can look for. The signs are discussed below:

  • Emails or direct messages sent from your account which are not written by you: Friends and family never ask about mysterious links or messages from your email or social media account. If the hackers have cracked your account password, stolen personal and financial data from your account or sent phishing messages to you contacts, you can get an hint from this acts.
  • Random pop-ups: The pop-ups from the sites which you generally do not visit can become a definite sign. This may include messages from fake antivirus software companies. When you experience excessive or unusual pop-ups, install an antivirus or anti-malware software in your system and scan your system right away to detect and remove any malicious file.
  • Fraudulent transactions: You should have a close check on the bank statements and other financial records to ensure there have been no unusual or unexplained transactions. Hackers may initially opt for small transactions to test the waters, but soon this may amount to greater digits. If you observe any suspicious transaction, notify your bank and change your password immediately.
  • Your passwords stop working: A malicious attacker tends to change your passwords after stealing it. This may lack you and grant them in getting access. If you ever face, to get an access to your account even after typing the password you had set earlier, someone may have seized the control.
  • Your information is found on dark web: Stolen passwords are often traded on dark web for financial gain. Where cybercrimes become undetected, you may scan the dark web that provide an added layer of protection.

How to keep your passwords safe?

Despite of several methods and strategies followed by the malicious attackers in stealing your password, there are basic practices and approaches to minimize the risk of stolen passwords. Such approaches are discussed below:

  • Create strong passwords: A strong password consists of at least 12 characters long and includes a random mix of uppercase letters, lowercase letters, numbers and special characters. Always avoid in using your personal information such as your name in your passwords. This makes them more vulnerable to brute-force or dictionary attacks. Avoid reusing your passwords in multiple accounts, which can safeguard you other accounts, if one has been compromised.
  • Do not share your passwords insecurely: While using unencrypted password sharing methods such as email, text messages or slack, you invite the malicious attackers to steal your passwords. Instead use safer and encrypted methods to share passwords and other sensitive data.
  • Use encryption: Encryption is a way to hide your information in an unrecognizable format. This was originated in earlier times and at present is a significant tool for website and password security. Encryption strongly protects from password theft as the hackers are unable to see the unencrypted version of the password without an encryption key
  • Use a VPN on public Wi-Fi networks: Public Wi-Fi networks are the most targetable areas to intercept data and spoof into the systems. Use a virtual private network (VPN) to protect your privacy, passwords and account information by encrypting the data going in or out of your device and routing it through a secure portal. A VPN masks your IP address which allow you to browse the internet privately.
  • Turn on 2FA: 2-factor authentication (2FA) uses a second login credential along with a password. Generally, a code is sent through an app or text messages. This will defend you against many common hacking tactics, as the hacker is unlikely to have both - the login credentials and the user's device to gain unauthorized access.
  • Spot social engineering tactics and unsafe websites: Social engineering tactics can be more than phishing emails which includes phone calls, in-person scams and deepfake impersonations. You should impose zero-trust policy to compensate for the dangerous combination of technology and our tendency to trust others by ensuring everyone is authenticated. A proper and efficient training on security and discerning eye will help you spot unsafe websites that increases vulnerability to malware and data intercepts.
Want to start your learning journey on Cyber Security and Ethical Hacking field?



Comments

Post a Comment