How to get hacked
SEE ALSO :Britam now unveils cyber risk cover3. Spidering Savvy hackers have realised that many corporate passwords are made up of words that are connected to the business itself. Studying corporate literature, website sales material and even the websites of competitors and listed customers can provide the ammunition to build a custom word list to use in a hack. Really savvy hackers have automated the process and let a spidering application (similar to those employed by leading search engines to identify keywords) collect and collate the lists for them. 4. Cracking security questions Very many people use first names as passwords, usually the names of spouses, children, other relatives or pets, all of which can be deduced with a little research. When you click a ‘forgot password’ link, you’re often asked to answer a question or series of questions. These answers can often be found on your social media profile, which is how US politician Sarah Palin’s Yahoo account was hacked. 5. Phishing Why bother going to the trouble of cracking a password when the user will happily give it you? A phishing email leads an unsuspecting reader to a faked log-in page associated with whatever service it is the hacker wants to access, requesting the user to put right some problem with their security by inputting their user name and password. 6. Simple passwords Don’t use personal information, like your age, birth date or favourite colour, as a password, and don’t keep it simple. When 32 million passwords were exposed in a breach in 2010, almost 1 per cent of victims had ‘123456’ as a password. The next most popular ones were ‘12345’, ‘111111’, ‘princess’ and ‘abc123’. 7. Offline cracking It’s easy to imagine that passwords are safe when the systems they protect lock out users after three or four wrong guesses. However, most password hacking takes place offline, using a set of hashes in a password file that has been ‘obtained’ from a compromised system. Often the target in question has been compromised via a hack on a third party, which then provides access to the system servers and those all-important user password hash files. 8. Social engineering An alternative to traditional hacking, this is the act of manipulating others into divulging confidential information. A favourite of the social engineer is to call an office posing as an IT security tech guy and simply ask for access passwords. You’d be amazed at how often this works.
Do not miss out on the latest news. Join the Standard Digital Telegram channel HERE.