The figure of the "hacker" is often associated with a character with bad intentions who steals or threatens theft of passwords and personal accounts. Even though there are people in the world capable of doing anything with a computer, in 99% of cases it is difficult to deal with cybercriminals, especially if you adopt a prudent attitude. The theft of passwords and accounts is based almost exclusively on the naivety of the victims who, often due to carelessness or little technical skill, let themselves be fooled by opening themselves an easy passage to overcome. Once someone finds the password of an online account, they can use it to spy on the accounts (if you think of Email or Facebook) or, worse, to change information or exploit the account for advertising or commercial purposes. To understand how to defend yourself and how not to fall into the most common traps, it is important first of all to know which methods and techniques are most used to steal passwords on the internet .
In this guide we have collected the most common techniques that can be used by a hacker, with advice on what to do to avoid falling into these traps.
Article Index
- Simple passwords
- Hacking sites
- Fake emails
- Unprotected web pages
- Keylogger
- Other useful tips
Simple passwords
If we use a very simple password, it will be guessed in a few minutes by the hacker, who can have a database of common passwords. In fact, the hacker tries all the most common passwords starting from his database and, once he has found the right one, he can access the account he has targeted in a very simple way.This is a dictionary attack bruteforce technique, one of the most used to find the simplest and most common passwords that users can use. This vulnerability is even more serious if we have used the same password on multiple different sites : once a password is discovered on one site, it can also be tested on others that it is suspected of being linked to our person or our accounts.
For this reason, we always recommend choosing a robust and possibly different password for each account we create, so as not to compromise all our sites. We recommend reading our guides on the subject on how to test the security of a password and How to choose a secure password for any account .
Another option is to use a password manager or a program that hides all the different access keys used behind a single master password, which will become the only one to remember from memory.
Hacking sites
Another technique with which hackers can get hold of our passwords does not concern our PC or our network in particular: the hacker or a group of hackers can decide to attack a site and to force access to the database with all passwords, email addresses and data of registered users. In this way the site is compromised and our password to access it gets hold of the attackers, who can use it to access our account or they can sell it on the black market to make money.The speech is similar to that of the first chapter: if we have used the same password on different sites, if one of them is compromised all the other sites will also be compromised. To avoid this, we recommend changing the access passwords to the most used and sensitive sites (home banking, e-commerce etc.) at least once a year, so as to cancel the effects of hacking on a compromised site (of which probably we don't know anything yet).
If, on the other hand, the owners of the compromised site notice the damage, they will often send an email to all registered users to notify them of what happened and to change the password immediately: when we receive this type of email, we make sure that they are authentic then we proceed to the exchange immediate password (the faster we are, the less risk we will run).
To find out if our passwords are compromised, we can carry out a check on the HaveIBeenPwned site, where it will be sufficient to enter the email that we use most often on the sites to see if we have already been compromised in the past.
Fake emails
One of the most used techniques involves the use of counterfeit emails, with logos and symbols very similar to those of legitimate sites. By hanging up on the speech made in the previous chapter, the hacker could send us an email disguised as a secure and famous site (PayPal, Amazon, bank site etc.) explaining an alleged hacker attack that put our personal data or ours at risk money, with tones that are often too sensational.The aim is to generate fear : in panic we will click on the link in the email, which will take us back to a page where you can enter your old password. After entering the requested data, the page "will disappear" and will no longer be accessible: we have just fallen victim to a full-blown phishing attack . Recognizing fake emails may require a lot of experience or a good computer knowledge, but sometimes even a bit of healthy cunning is enough : if we receive the email from a bank on which we do not have any type of account, how can the accounts be compromised and put alleged money at risk "> best anti-spam services to protect corporate and web email.
Unprotected web pages
Fortunately, this type of attack is falling into disuse, but until a few years ago it was one of the most popular and easy to complete. Web pages without encryption (starting with HTTP ) provide their content in clear text on the Web, therefore when we connect to them all data can be intercepted with a network sniffer or intercepting Web traffic ( Man-in-the-Middle attack ).If we insert a password in an unencrypted page, it will be easily intercepted by a hacker, without necessarily being a master of the sector: programs for snorting packages are accessible and often offer simple interfaces, so that they can also be used by who does not know anything about computer science.
To avoid this type of attack, make sure to use only sites with encrypted and secure access (Web pages that start with HTTPS ): in this way all the data exchanged between the browser and the website will be encrypted and difficult to intercept. All the most famous sites have already switched to HTTPS, but to force access to secure pages on all sites we recommend reading our guide to navigate in https on all banking sites, shops, Facebook and others, with a secure connection .
Keylogger
In this case the hacker uses a special program hidden on the victim's computer to steal passwords and data; the keylogger records all the keys typed on the keyboard and sends the data captured externally to the hacker's website. With deception (via fake emails) or with direct access to the PC to be compromised, the hacker can intercept all the victim's data without his being aware of it.Some advanced keyloggers are available as small devices that are interposed between USB or PS / 2 port, so as to intercept data at the hardware level : they are very difficult to locate and practically impossible to stop, but require physical access to the computer in order to recover the data.
To protect ourselves from software keyloggers, we need to install a good antikeylogger, like the ones seen in the best free Anti-keylogger guide against malware spying on your computer . If we don't want to install other programs, it can be useful to use the on-screen keyboard when typing passwords, so as to prevent the capture by keyloggers: below we find the article on how to use the virtual on-screen keyboard to write protected by keylogger and password theft .
Other useful tips
Other general tips to protect our passwords are:- Use an updated antivirus on your computer, such as those recommended in our best free Antivirus for PC guide .
- Use a VPN when we connect to public networks and hotspots; the best VPNs to try we can find them in the article best free VPN services and programs to surf safe and free.
- Create a secure Wi-Fi network at home, as described in our guide, secure your home Wifi connection and protect yourself from network intrusions .
All the tips seen in this guide can make it very difficult for hackers to access our data and passwords, but let's remember that a really good hacker enters everywhere without problems: the only thing we can do is slow him down enough to make the "game" inconvenient (the classic " the game is not worth the candle ").
READ ALSO -> Guide to online security against hackers, phishing and cyber criminals
