NEXT Academy is Southeast Asia’s leading school for aspiring entrepreneurs, freelancers, software engineers, and digital marketers

How to Not Get Hacked Online

Do you think you are safe from hackers? This comprehensive guide will help to prevent you from getting hacked online.

by NEXT Academy

You probably have heard the news about people getting hacked.

News about how people lost their entire savings in their bank, news about how their laptops get hacked and they need to pay ransom to unlock their laptop, news about how their personal social media account is being hacked.

This could happen to everyone, including you.

It's time to know what you can do to prevent this from happening to you!

Not-So-Fun Facts of Hacking Trends Globally

What do you have that can be hacked?

13 types of hackes

things to do to protect yourself

According to Safety Detectives, our home networks and businesses
are ill-prepared for a cyberattack!

52% HACKING

28% MALWARE

32% PHISHING / SOCIAL ENGINEERING

4.1 billion records of Data Breaches in first half of 2019

Verifications.io → 763 million users
Canva → 137 million users

34% of data breaches involved internal actors

94% of malware is delivered via email

Malware disguised as harmless .doc, .dot, .exe
Today most popular, malwares are being disguised as Word doc files because people do not suspect “.doc” files

Checking file type is important. From the onset, it might look like a PDF file, e.g. “invoice.pdf”, but when you check file type, it is in fact a “invoice.pdf.exe” file.

$6 trillion annual cybersecurity damage by 2021 (Cybersecurity Ventures)

Ransomware damage costs rise to $11.5 billion in 2019,
a victim every 14 seconds (Cybersecurity Ventures)

65% of groups used spear-phishing as the primary infection vector (Symantec)

IoT devices experience an average of 5,200 attacks per month (Symantec)

90% of remote code execution attacks
are associated with crypto-mining (CSO Online)

How prone are you to be hacked?

Check out this quiz to find out!

what do you have that can be hacked?

Here are our everyday items that can be hacked. It could be due to technological oversight or human error or negligence which gave hackers a chance to attack you.

Look at which of these you own and read more on how you can get hacked!

Document in your laptop

1. your files & folder in your computer

Imagine trying to log into your computer one day and you can’t access your files. A red screen appears and said “Ops! Your files have been encrypted. Send 2 Bitcoins within 24 hours before we delete ALL your files.”You would need to pay them USD14,000 (by Dec 2019 price) to get your files back, in fact, there is no guarantee that you can get it back!

Globally, there are 204 million ransomware attacks in 2018 alone.

Why

The purpose is to extort money from you.
These people are financially motivated.

How

These hackers take advantage of human negligence by getting you to download software. It could be as simple as emails. For example, you received an email from a legit looking source with a file attached to it and the words "invoice.doc". You download and open it, and it turns out to be some sort of ransomware that locks down your entire computer.

Recent Case

In February 2019, medical records from Melbourne Heart Group got hacked and locked out of. The ransom was paid but not all of the records were recovered.

How To Protect Yourself

  • Do not install software from untrusted sites and/or emails.
    People could potentially send it via messaging apps too!
  • Beware of file types
  • Have a back up
  • Patch the operating system, software, and firmware to reduce vulnerabilities
  • Install Anti-Virus & Firewall Software

Back to What Do You Have That Can Be Hacked?

2. your computer OR LAPTOP

There are generally a few ways hackers could cause harm to you via your computer :

  • Controlling your computer remotely
  • Recording your screen and what you are typing
  • Cryptojacking your computer's processing power

Malware

One fine day, your computer is doing things it shouldn't be doing: accessing files it shouldn't be accessing without you touching your keyboard or mouse. Is there a ghost?! Or, someone is controlling your computer remotely.

Not just that! The hacker could also stay behind the scene silently, record what is on your screen and also record what you are typing. With this, your passwords and security information can easily be exposed.

Why

These people target high-profile individuals or organisations to steal information or take control of the computer. It's the 007 style of espionage in the cyber world!

How

You could download a malicious software unknowingly by downloading a seemingly innocent looking document, open it and that's how the nightmare starts.
Phishing and spear-phishing could be involved in this process. Sometimes, there’s even assistance from internal employee(s).

Recent Case

In 2016, Malaysian immigration officers were caught sabotaging the computer system to allow the syndicate remote access and control over the system

In 2017, HP was found with hidden keylogger software pre-installed. Although it may be disabled, a hacker could enable it and record everything you type.

How To Protect Yourself

  • Do not install software from untrusted sites and/or emails.
    People could potentially send it via messaging apps too!
  • Beware of file types
  • Patch the operating system, software, and firmware to reduce vulnerabilities
  • Install Anti-Virus & Firewall Software

Your Computer's Processing Power

You noticed that your computer is performing slower, lags in execution and crashes quite a bit.

Hmm… maybe the computer is old or out-dated? Or is it? You could have been cryptojacked and hackers are using your computer processing power to mine cryptocurrencies behind the scenes without you knowing it.


Why

These hackers are doing it for money!
The more cryptocurrency a hacker has, the more he is worth.

How

According to CSO, "Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on their computers, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser."

It is hard to say how many computers are infected.

Recent Case

Facexworm: Malicious Chrome extension is a malware that first discovered by Kaspersky Labs in 2017. It is a Google Chrome extension that uses Facebook Messenger to infect users’ computers. Initially Facexworm delivered adware. Earlier this year, Trend Micro found a variety of Facexworm that targeted cryptocurrency exchanges and was capable of delivering cryptomining code. It still uses infected Facebook accounts to deliver malicious links, but can also steal web accounts and credentials, which allows it to inject cryptojacking code into those web pages.

How To Protect Yourself

  • Maintain your browser extension (e.g. Chrome extensions)
  • Install ad-blocking or anti-cryptomining browser extensions
  • Be alert with phishing attempts
  • Install Anti-Virus & Firewall Software (these days they have added crypto miner detection to their products)

Back to What Do You Have That Can Be Hacked?

Learn to code to understand how computer works and how it affects cybersecurity

3. Wireless Network (WiFi)

You are in a mall and decided to do some work over the public wifi network. You noticed at times the network seemed to have problems. But it is still ok. You continue browsing some websites, logged in to check out some stuff.

The sites you are browsing are HTTP (insecure) websites instead of HTTPS (secure) websites. Read more on What is Websites, Web Apps & Mobile Apps

Days later, you found out that someone has been trying their luck to access your Instagram account! What is happening here?

Why

Wifi hackers can access information from HTTP insecure sites that are being sent and received by people in the wifi network.

Not just that, once they have access to your wifi network, they can jam the network. This could prevent any devices connected to wifi from transferring information, such as your CCTV or your alarm. Some people hack the wifi to gain free internet as well.

How

  • Man In The Middle (MITM) attack. The middleman between your device and the router, accessing information you send through and fro the network. From here, they get login credentials from HTTP insecure websites. They would then use the same information to try and login to other services, such as your social media accounts.
  • Bruteforce. For WPA/ WPA2 passwords, they could just try different combinations of password until they hit the right one.
  • Analyze Traffic. They analyze traffic through a network and determine the WiFi password based on information gathered from the traffic (For WEP passwords)

Recent Case

Aditya shared about how he hacked into his neighbour’s WiFi and harvested login credentials from the HTTP websites his neighbor browsed.

How To Protect Yourself

  • Use HTTPS, not HTTP. If there is a need to use HTTP websites, make sure the username and passwords are different from your important credentials
  • For your Wifi password, set stronger password with WPA/WPA2, not WEP

Back to What Do You Have That Can Be Hacked?

4. your SOCIAL MEDIA ACCOUNT

There are generally 2 ways of using your social media account:
• Hacking your actual account
• Creating a FAKE account that looks like you

  • Controlling your computer remotely
  • Creating a FAKE account that looks like you

Hacking Your Actual Account

Your friends contacted you that your social media account, say Facebook, has been doing unscrupulous things.
Before you wonder what you can do about it… let's talk about how we can prevent this from happening.

Why

They use your account to spread malicious software to your friends. Sometimes they act as you and ask for money from friends.

How


Phishing. Hackers send an email that looks exactly like a Facebook email. There they will ask victims to click on the button. Upon clicking, they lead you to a FAKE Facebook site and ask you to key-in your username and password. All your details would then be recorded.

Keyloggers. You previously installed malware (malicious software) without knowing and they recorded your keystrokes to your usernames and passwords.

How To Protect Yourself

  • Verify authenticity of emails, email addresses and links before opening it
  • Be wary of the information that you're providing to another party
  • Only access private accounts and data on your own devices
  • Do not share devices with other parties
  • Setup 2FA (2-factor authentication) for your accounts
  • Be careful of downloading software, it could be a malware
  • Make sure your antivirus and firewall is up-to-date

Creating a fake account that looks like you

Friends and family have been asking you, why do you have a separate social media account.
Aside from that, another friend informed you that there is a profile with a different name that has your pictures on it.

Why

These people wants to hijack your identity to do unscrupulous things behind your back. Your friends and family would mistake this fake identity as yours and may be tricked by them

How

These hackers will just take whatever information they see on your social media and replicate it. People who often put up "public" posts will need to be careful.

Recent Case

Quite a number of influencers have gotten their accounts replicated.
A friend had her face being used to scam people for money.
How she found out about it? The victim's friend bumped into my friend coincidentally and he confronted her. They found out that her profile has been replicated. (I guess that's what happens when you are just too pretty)

How To Protect Yourself

Be careful with what you share on social media.
You really don't need the whole wide world to see all your information about you, e.g. your friends, your family, your favourite food place etc. With all this information, they can do a lot more harm than just posing as you.

Back to What Do You Have That Can Be Hacked?

5. your BANK ACCOUNT

There are multiple ways to go about hacking your bank account, their goal is to phish for your username and password:

  • Phishing directly via a fake website
  • Indirectly via your other exposed username and password from other services through phishing or data breach
  • Social engineering

Phishing

You received an email from your bank asking you to login. In the email was an unsuspecting button which was supposed to link you to the bank's website. You clicked on it, key-in your username and password.

In less than 5 minutes, you got an SMS alert saying that you have successfully transferred out $2000 to another person. You got shocked and you tried to stop it. In the end, you became $2000 poorer and you can't do much about it.

Why

They are financially motivated to do this.

How

Phishing Modus Operandi

  • Spray and pray generic greeting sent to the masses
  • A FAKE email address disguised with a legit looking name
  • A FAKE link
  • Request for personal information
  • Create a sense of urgency to make you take an action without thinking

Same Username & Password Exposed in Other Places
Hackers are great recyclers. They recycle, reuse and repeat your usernames and passwords across important services. 

Recent Case

There are so many people who fell for it that banks put alerts on their websites. Hackers will send out FAKE emails and lead you to FAKE websites. You innocently put in your core details and that's how they use your exact details to log into your real account almost real-time.

There is an example given where a person used the same username and password across all services and he lost $7000 after the hacker hacked into his accounts.    

How To Protect Yourself

  • When you receive an email from the bank, never click the links from the email.
    Always do it MANUALLY
  • Check the email address & link URL
  • Never access bank URL if it's HTTP, not HTTPS
  • Please use different passwords for important services

Social Engineering

You received a call from a lady. She said she's from the bank and "there was an attempt to use your card in Miami, Florida. Was this you?" You said no.

She mentioned that she will use the pin to block the card and that you will receive an SMS. You received the SMS and gave her the pin. The call went on and she asked you for more confidential details.

The next day, you realise that all your money is gone.

Why

They are financially motivated to do this.

How

  • Phone number may be masked
  • Caller claims to be from the bank
  • Create urgency
  • Talk to you as a friend while getting you to expose confidential information

Recent Case

Here's a story on how a guy almost fell into the scammer's trap.
Fortunately he felt suspicious and hung up immediately.

How To Protect Yourself

  • Banks will never call you and ask for your bank account details
  • If a bank personnel call you, get their names and choose to call back the bank via the legit call centre number

Back to What Do You Have That Can Be Hacked?

6. your credit & debit card

There are multiple ways to go about hacking your credit or debit cards.
Here are the 2 most common ways:

  • Credit card skimmers
  • Naivety and negligence

credit card skimmers

You went to an ATM to get some cash out with your debit card. After happily getting $50 you went off for your shopping. Later you came back to get extra cash but realised that you have lost $1000.

Why

For the money they never needed to work their arse off to earn

How

Devices used to read the content of a credit card and is attached to the ATM. You may notice that the place where you put your card in seemed to be bulkier and raised though it looks camouflaged.

How To Protect Yourself

Just double check places where credit cards/ debit cards are inserted.
If it looked raised, you can alert the bank. 

naivety and negligence

You got a credit card, you happily post a picture of it on social media.

Why

For the money they never needed to work their arse off to earn

How

Naivety. Yup. Nuff said

How To Protect Yourself

  • Never disclose your 3-digit security code to anyone
  • Handle your own cards when paying at brick and mortar stores to ensure people don't record down your credit card number, 3 digit security code and expiry date

Back to What Do You Have That Can Be Hacked?

7. Your Webcam & Mobile Phone Camera

People these days use their laptops and phones in bedrooms, toilets, office and much more. I am sure our laptops have "seen" a lot of things. But are you certain that there are no hackers looking at you through your webcam?

Why

To spy, blackmail and/ or gain access to private and confidential information

How

The software you download into your computer may have malicious code in it and the hackers would access your system and enable your webcam.

For phones, you may innocently download mobile apps and give permission to camera, voice and even GPS. Some apps may be running in the background even though you think you closed them. And they will be recording you.

Recent Case

In February 2019, medical records from Melbourne Heart Group got hacked and locked out of. The ransom was paid but not all of the records were recovered.

How To Protect Yourself

  • Do not install software or apps from untrusted sites
  • Install and update anti-virus and firewall software
  • For your laptop, put a sticker over your camera
  • For your phone, please be aware of the permissions you are providing to the app
  • Delete what you are not using would be a good practice

Back to What Do You Have That Can Be Hacked?

8. Your phone number

There was a huge data breach and you are affected. Luckily, you have 2FA enabled. You should be safe right? 

Suddenly you couldn't use your phone number. After you recover your number, you got alerted that $50,000 was transferred. You realised that many of your account's passwords have been changed too.

What happened?

Why

To get two-step authentication code and log into accounts that are tied with a phone number

How

These fraudsters go to your service provider, act as you and get a brand new SIM card for your registered mobile number. Once swapped, they can easily get your SMS alerts with 2FA in it.

But before that, they would need to know some of your crucial information such as username and password.


Recent Case

Here's a story on how someone almost lost $71,000 because of Sim Swap attack.

How To Protect Yourself

  • Make sure your existing username & password are not exposed
  • Pay attention to the data breaches and also be careful of phishing or social engineering techniques
  • This entirely depends on the telco person, as the attack's aim is to get him/her to switch the sim card for the attacker
  • Consider obtaining a universal second-factor (U2F) device like YubiKey or Thetis

Back to What Do You Have That Can Be Hacked?

9. Your HOME DEVICES

Imagine someone controlling your CCTV or your Amazon Echo to spy on you and disrupt your life. The things that are meant to give you convenience or protect you are used against you.

Why

To spy, blackmail and/ or gain access to private and confidential information

How

There are many techniques for this. 

  • Device vulnerabilities - devices may have loopholes which hackers can exploit
  • Bruteforce - if the devices have no limit on how many times a person can key in the password, the hacker can try nonstop
  • Data breach and exposed from other parties - your username and password were exposed elsewhere and hackers use them to hack your devices

Recent Case

An example of device vulnerability is Amazon Echo where hackers can use lasers to speak commands into it. 

Recently, there was an incident where the hacker hacked into a family's Ring CCTV camera and terrorized the kids by watching them, talking to them and "playing" with them

How To Protect Yourself

  • Make sure your existing username & password are not exposed. Pay attention to the data breaches and also be careful of phishing or social engineering techniques
  • Always update your devices to patch vulnerabilities and be up-to-date on hacking news
  • Put in stronger name and password

Back to What Do You Have That Can Be Hacked?

Type of Hackers

1. phishers

Just like fishermen, they throw their nets far and wide to catch whatever fish that falls into its trap.

They pose as your bank to send out urgent emails and innocent victims would click into the fake link to log into the bank. These phishers would then use this information to log into the real bank account.

Read Your bank account

Go to Type of Hackers

2. Spear-phishers

Spear-phishers are similar to fishermen who use spears to hunt specific fish.

These hackers will identity a target, likely a weak target that has access to the company they want to penetrate. They look for all the information they can find online on this person (e.g. your social media accounts) and start to befriend the victim. The victim would then let their guard down.

The "new friend" would phish for information and could also send malware over to the victim. Once the victim fall into this trap, the spear-phisher would then access the company's system and/ or spread malware to all the victim's colleague.

Go to Type of Hackers

4. System burglars

The goal is to break into your computer system and take control of it. It could also get information from you.

Malware is most commonly used to do this, be it to remotely control your computer or to use keylogger to get everything you are typing via your keyboard.

Read Your computer/ laptop

Go to Type of Hackers

5. The Espionage / Spy

We watch a lot of 007 James Bond movies. Now just imagine going up against James Bond.

These hackers breaking into your system to get sensitive or confidential information. Can you imagine how often big companies need to fight against hackers?

Read Your computer/ laptop

Go to Type of Hackers

6. Cryptojackers

What's better than cash? Untraceable money (well, almost).

Setting crypto miners is expensive and time consuming. Why not just write some code so that anyone who executes the code unknowingly would offer up their computer processing power to help the cryptojackers mine.

Read Your computer's processing power

Go to Type of Hackers

7. Unlawful posers

These hackers love to pose as other people and steal identities. Be it by hacking into your real account or duplicate another account that looks like you.

They would pose as you to do unscrupulous things without you knowing.


Read Social media account

Go to Type of Hackers

9. Man-in-the-middle

He is the hidden hand in the middle. You don't know that he was there but he's looking and recording everything you send or receive through the internet.

Read Wireless network

Go to Type of Hackers

11. The opportunist

These are smart people prying on victim's stupidity or naivety. For example, some victims posted all their credit card information online! Nuff said.

Read Your credit & debit card

Go to Type of Hackers

things to do to protect yourself

Sometimes, we might not be able to prevent hacking completely. But, there are definitely some preventive steps that you can take to protect yourself from hackers. Here are some ways to prevent you not being hacked:

  • Be wary of scams

  • Password for your email should be different from the rest
    (eg. Gmail password should be different from Facebook, Instagram, etc.)

  • Use strong password

  • Cover webcams when not in use

  • Keep your devices locked when not in use

  • Use two factor if available

  • Be aware of informations that you post on social media

  • Pay attention to URL of the sites that you're visiting
    If you have a business website, read on how to secure your business website

  • Do not share your login details with others

  • Read permissions before granting

Ready to learn coding?

Take the first step in learning. You miss 100% of the shots you don't take.
Enroll Now