The number of security breaches in what are thought to be secure systems is increasing as time goes by, and for one simple reason: people don’t know how to recognize a potential threat. Despite the number of Facebook users that claim they were hacked, the vast majority just leave themselves logged in somewhere. The rest click on a link that implants a program that steals their information or they log in to a website that looks like Facebook, but isn’t. All of these are very common tactics used by malicious elements online, and can be broken down into three categories: hacking, phishing, and keyloggers.
Hacking – that is, ‘real hacking’ – is not at all like people imagine. Don’t let the movies fool you, it’s not as grand as it seems. It typically involves the use of an exploit in a system or a computer program to try thousands of passwords a minute until it finds the right one. Exploiting weaknesses in a security system is an advanced skill, and not something used to gain access to Facebook accounts. Hacking is normally reserved for high-level jobs such as corporate espionage. The use of a program to guess passwords is a subset of hacking known as ‘phreaking.’
‘Phishing’ (pronounced fishing) is the use of a website that looks similar or identical to the one the user is attempting to log into in order to gain information. When a person enters their information on one of these sites, it is stored in a database for later use. Many websites also ask for Facebook login information in order for users to view their content, and then use that information to post advertisements under that user’s account.
To avoid phishing attempts, look for any irregularities. Check the address bar at the top of the screen and make sure it reads the name of the website. For example, Facebook’s login URL is www.facebook.com. If it reads differently, such as www.phacebook.com, then it’s a phishing attempt. Trust your gut; if something seems abnormal about the login process, close your browser, reopen it, and try again. Make sure the address is correct.
A keylogger is a type of malware called a ‘trojan’. Much like the Trojan horse from which the name is derived, it piggybacks off another, usually legitimate, program, hiding itself within your files and storing each stroke of the keys. By doing so, a keylogger is able to access login information, credit card numbers, and much more. The potential risk from keyloggers is immense, and one of the main reasons people find their information being stolen.
To prevent keyloggers, always make sure to download from reputable sources. In addition, run a virus and malware scan once a week. You can set up the scan to run automatically during the night when you are asleep. If any keyloggers are detected, remove them, then immediately change your passwords to all accounts. If you’ve used your credit card online or entered your bank account number, contact the bank immediately and inform them of potential misuse of the information. Tell them to contact you if any is detected.
Malicious elements have always existed on the internet, and to go online is to put yourself at risk. However, common sense and awareness of what you’re doing online goes a long way towards preventing incidents like these from occurring. Pay close attention to where you enter your information and you’ll be ahead of the game – these threats rely on people not paying attention to their actions.