How to Not Get Hacked Online

Do you think you are safe from hackers? This comprehensive guide will help to prevent you from getting hacked online.

By NEXT Academy

You probably have heard the news about people getting hacked.

News about how people lost their entire savings in their bank, news about how their laptops get hacked and they need to pay ransom to unlock their laptop, news about how their personal social media account is being hacked.

This could happen to everyone, including you.

It’s time to know what you can do to prevent this from happening to you!

Not-So-Fun Facts Of Hacking Trends Globally

Not-So-Fun Facts Of Hacking Trends Globally

Read More

What Do You Have That Can Be Hacked?

What Do You Have That Can Be Hacked?

Read More

Things To Do To Protect Yourself

Things To Do To Protect Yourself

Read More

Not-So-Fun Facts Of Hacking Trends Globally

According to Safety Detectives, our home networks and businesses are ill-prepared for a cyberattack!

52% HACKING

28% MALWARE

32% PHISHING/ SOCIAL ENGINEERING

4.1 Billion Records Of Data Breaches In First Half Of 2019

Verifications.Io → 763 Million Users
Canva → 137 Million Users

34% Of Data Breaches Involved Internal Actors

94* Of Malware Is Delivered Via Email

Malware disguised as harmless .doc, .dot, .exe
Today most popular, malwares are being disguised as Word doc files because people do not suspect “.doc” files

Checking file type is important. From the onset, it might look like a PDF file, e.g. “invoice.pdf”, but when you check file type, it is in fact a “invoice.pdf.exe” file.

$6 Trillion Annual Cybersecurity Damage By 2021 (Cybersecurity Ventures)

Ransomware Damage Costs Rise To $11.5 Billion In 2019,
A Victim Every 14 Seconds (Cybersecurity Ventures)

65% Of Groups Used Spear-Phishing As The Primary Infection Vector (Symantec)

IoT Devices Experience An Average Of 5,200 Attacks Per Month (Symantec)

90% Of Remote Code Execution Attacks
Are Associated With Crypto-Mining (CSO Online)

How prone are you to be hacked?

Check out this quiz to find out!

What Do You Have That Can Be Hacked?

Here are our everyday items that can be hacked. It could be due to technological oversight or human error or negligence which gave hackers a chance to attack you.

robot
person-warning

Look at which of these you own and read more on how you can get hacked!

1. Your Files & Folder In Your Computer

Imagine trying to log into your computer one day and you can’t access your files. A red screen appears and said “Ops! Your files have been encrypted. Send 2 Bitcoins within 24 hours before we delete ALL your files.”You would need to pay them USD14,000 (by Dec 2019 price) to get your files back, in fact, there is no guarantee that you can get it back!

Globally, there are 204 million ransomware attacks in 2018 alone.

Why
The purpose is to extort money from you. These people are financially motivated.
How
These hackers take advantage of human negligence by getting you to download software. It could be as simple as emails. For example, you received an email from a legit looking source with a file attached to it and the words "invoice.doc". You download and open it, and it turns out to be some sort of ransomware that locks down your entire computer.
Recent Case
In February 2019, medical records from Melbourne Heart Group got hacked and locked out of. The ransom was paid but not all of the records were recovered.
How To Protect Yourself
  • Do not install software from untrusted sites and/or emails. People could potentially send it via messaging apps too!
  • Beware of file types
  • Have a back up
  • Patch the operating system, software, and firmware to reduce vulnerabilities
  • Install Anti-Virus & Firewall Software
Previous
Next

2. Your Computer Or Laptop

There are generally a few ways hackers could cause harm to you via your computer :

  • Controlling your computer remotely
  • Recording your screen and what you are typing
  • Cryptojacking your computer’s processing power

Malware

One fine day, your computer is doing things it shouldn’t be doing: accessing files it shouldn’t be accessing without you touching your keyboard or mouse. Is there a ghost?! Or, someone is controlling your computer remotely.

Not just that! The hacker could also stay behind the scene silently, record what is on your screen and also record what you are typing. With this, your passwords and security information can easily be exposed.

Why
These people target high-profile individuals or organisations to steal information or take control of the computer. It's the 007 style of espionage in the cyber world!
How
You could download a malicious software unknowingly by downloading a seemingly innocent looking document, open it and that's how the nightmare starts. Phishing and spear-phishing could be involved in this process. Sometimes, there’s even assistance from internal employee(s).
Recent Case
In 2016, Malaysian immigration officers were caught sabotaging the computer system to allow the syndicate remote access and control over the system ‍

In 2017, HP was found with hidden keylogger software pre-installed. Although it may be disabled, a hacker could enable it and record everything you type.
How To Protect Yourself
  • Do not install software from untrusted sites and/or emails. People could potentially send it via messaging apps too!
  • Beware of file types
  • Patch the operating system, software, and firmware to reduce vulnerabilities
  • Install Anti-Virus & Firewall Software
Previous
Next

Your Computer’s Processing Power

You noticed that your computer is performing slower, lags in execution and crashes quite a bit.

Hmm… maybe the computer is old or out-dated? Or is it? You could have been cryptojacked and hackers are using your computer processing power to mine cryptocurrencies behind the scenes without you knowing it.

Why
These hackers are doing it for money! The more cryptocurrency a hacker has, the more he is worth.
How
According to CSO, "Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on their computers, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser."It is hard to say how many computers are infected.
Recent Case
Facexworm: Malicious Chrome extension is a malware that first discovered by Kaspersky Labs in 2017. It is a Google Chrome extension that uses Facebook Messenger to infect users’ computers. Initially Facexworm delivered adware. Earlier this year, Trend Micro found a variety of Facexworm that targeted cryptocurrency exchanges and was capable of delivering cryptomining code. It still uses infected Facebook accounts to deliver malicious links, but can also steal web accounts and credentials, which allows it to inject cryptojacking code into those web pages.
How To Protect Yourself
  • Maintain your browser extension (e.g. Chrome extensions)
  • Install ad-blocking or anti-cryptomining broser extensions
  • Be alert with phishing attempts
  • Install Anti-Virus & Firewall Software (these days they have added crypto miner detection to their products)
Previous
Next

Learn to code to understand how computer works and how it affects cybersecurity

3. Wireless Network (WIFI)

You are in a mall and decided to do some work over the public wifi network. You noticed at times the network seemed to have problems. But it is still ok. You continue browsing some websites, logged in to check out some stuff.

The sites you are browsing are HTTP (insecure) websites instead of HTTPS (secure) websites. Read more on What is Websites, Web Apps & Mobile Apps

Days later, you found out that someone has been trying their luck to access your Instagram account! What is happening here?

Why
Wifi hackers can access information from HTTP insecure sites that are being sent and received by people in the wifi network.

Not just that, once they have access to your wifi network, they can jam the network. This could prevent any devices connected to wifi from transferring information, such as your CCTV or your alarm. Some people hack the wifi to gain free internet as well.
How
  • Man In The Middle (MITM) attack. The middleman between your device and the router, accessing information you send through and fro the network. From here, they get login credentials from HTTP insecure websites. They would then use the same information to try and login to other services, such as your social media accounts.
  • Bruteforce. For WPA/ WPA2 passwords, they could just try different combinations of password until they hit the right one.
  • Analyze Traffic. They analyze traffic through a network and determine the WiFi password based on information gathered from the traffic (For WEP passwords)
Recent Case
Aditya shared about how he hacked into his neighbour’s WiFi and harvested login credentials from the HTTP websites his neighbor browsed.
How To Protect Yourself
  • Use HTTPS, not HTTP. If there is a need to use HTTP websites, make sure the username and passwords are different from your important credentials
  • For your Wifi password, set stronger password with WPA/WPA2, not WEP
Previous
Next

4. Your social media account

There are generally 2 ways of using your social media account:
• Hacking your actual account
• Creating a FAKE account that looks like you

  • Controlling your computer remotely
  • Creating a FAKE account that looks like you

Hacking Your Actual Account

Your friends contacted you that your social media account, say Facebook, has been doing unscrupulous things.
Before you wonder what you can do about it… let’s talk about how we can prevent this from happening.

Why
They use your account to spread malicious software to your friends. Sometimes they act as you and ask for money from friends.
How
Phishing. Hackers send an email that looks exactly like a Facebook email. There they will ask victims to click on the button. Upon clicking, they lead you to a FAKE Facebook site and ask you to key-in your username and password. All your details would then be recorded. ‍

Keyloggers. You previously installed malware (malicious software) without knowing and they recorded your keystrokes to your usernames and passwords.
How To Protect Yourself
  • Verify authenticity of emails, email addresses and links before opening it
  • Be wary of the information that you're providing to another party
  • Only access private accounts and data on your own devices
  • Do not share devices with other parties
  • Setup 2FA (2-factor authentication) for your accounts
  • Be careful of downloading software, it could be a malware
  • Make sure your antivirus and firewall is up-to-date
Previous
Next

Creating A Fake Account That Looks Like You

Friends and family have been asking you, why do you have a separate social media account.
Aside from that, another friend informed you that there is a profile with a different name that has your pictures on it.

Why
These people wants to hijack your identity to do unscrupulous things behind your back. Your friends and family would mistake this fake identity as yours and may be tricked by them
How
These hackers will just take whatever information they see on your social media and replicate it. People who often put up "public" posts will need to be careful.
Recent Case
Quite a number of influencers have gotten their accounts replicated. A friend had her face being used to scam people for money. How she found out about it? The victim's friend bumped into my friend coincidentally and he confronted her. They found out that her profile has been replicated. (I guess that's what happens when you are just too pretty)
How To Protect Yourself
Be careful with what you share on social media. You really don't need the whole wide world to see all your information about you, e.g. your friends, your family, your favourite food place etc. With all this information, they can do a lot more harm than just posing as you.
Previous
Next

5. Your Bank Account

There are multiple ways to go about hacking your bank account, their goal is to phish for your username and password:

  • Phishing directly via a fake website
  • Indirectly via your other exposed username and password from other services through phishing or data breach
  • Social engineering

Phishing

You received an email from your bank asking you to login. In the email was an unsuspecting button which was supposed to link you to the bank’s website. You clicked on it, key-in your username and password.

In less than 5 minutes, you got an SMS alert saying that you have successfully transferred out $2000 to another person. You got shocked and you tried to stop it. In the end, you became $2000 poorer and you can’t do much about it.

Why
They are financially motivated to do this.
How
Phishing Modus Operandi
  • Spray and pray generic greeting sent to the masses
  • A FAKE email address disguised with a legit looking name
  • A FAKE link
  • Request for personal information
  • Create a sense of urgency to make you take an action without thinking
Same Username & Password Exposed in Other Places
‍Hackers are great recyclers. They recycle, reuse and repeat your usernames and passwords across important services.
Recent Case
There are so many people who fell for it that banks put alerts on their websites. Hackers will send out FAKE emails and lead you to FAKE websites. You innocently put in your core details and that's how they use your exact details to log into your real account almost real-time. ‍ There is an example given where a person used the same username and password across all services and he lost $7000 after the hacker hacked into his accounts.
How To Protect Yourself
  • When you receive an email from the bank, never click the links from the email. Always do it MANUALLY
  • Check the email address & link URL
  • Never access bank URL if it's HTTP, not HTTPS
  • Please use different passwords for important services
Previous
Next

Social Engineering

You received a call from a lady. She said she’s from the bank and “there was an attempt to use your card in Miami, Florida. Was this you?” You said no.

She mentioned that she will use the pin to block the card and that you will receive an SMS. You received the SMS and gave her the pin. The call went on and she asked you for more confidential details.

The next day, you realise that all your money is gone.

Why
They are financially motivated to do this.
How
  • Phone number may be masked
  • Caller claims to be from the bank
  • Create urgency
  • Talk to you as a friend while getting you to expose confidential information
Recent Case
Here's a story on how a guy almost fell into the scammer's trap. Fortunately he felt suspicious and hung up immediately.
How To Protect Yourself
  • Banks will never call you and ask for your bank details
  • If a bank personnel call you, get their names and choose to call back the bank via the legit call centre number
Previous
Next

6. Your Credit & Debit Card

There are multiple ways to go about hacking your credit or debit cards.
Here are the 2 most common ways:

  • Credit card skimmers
  • Naivety and negligence

Credit Card Skimmers

You went to an ATM to get some cash out with your debit card. After happily getting $50 you went off for your shopping. Later you came back to get extra cash but realised that you have lost $1000.

Why
For the money they never needed to work their arse off to earn
How
Devices used to read the content of a credit card and is attached to the ATM. You may notice that the place where you put your card in seemed to be bulkier and raised though it looks camouflaged.
How To Protect Yourself
Just double check places where credit cards/ debit cards are inserted. If it looked raised, you can alert the bank.
Previous
Next

Naivety And Negligence

You got a credit card, you happily post a picture of it on social media.

Why
For the money they never needed to work their arse off to earn
How
Naivety. Yup. Nuff said
How To Protect Yourself
  • Never disclose your 3-digit security code to anyone
  • Handle your own cards when paying at brick and mortar stores to ensure people don't record down your credit card number, 3 digit security code and expiry date
Previous
Next

7. Your Webcam & Mobile Phone Camera

People these days use their laptops and phones in bedrooms, toilets, office and much more. I am sure our laptops have “seen” a lot of things. But are you certain that there are no hackers looking at you through your webcam?

Why
To spy, blackmail and/ or gain access to private and confidential information
How
The software you download into your computer may have malicious code in it and the hackers would access your system and enable your webcam. ‍

For phones, you may innocently download mobile apps and give permission to camera, voice and even GPS. Some apps may be running in the background even though you think you closed them. And they will be recording you.
Recent Case
In February 2019, medical records from Melbourne Heart Group got hacked and locked out of. The ransom was paid but not all of the records were recovered.
How To Protect Yourself
  • Do not install software or apps from untrusted sites
  • Install and update anti-virus and firewall software
  • For your laptop, put a sticker over your camera
  • For your phone, please be aware of the permission you are providing to the app
  • Delete what you are not using would be a good practice
Previous
Next

8. Your Phone Number

There was a huge data breach and you are affected. Luckily, you have 2FA enabled. You should be safe right? 

Suddenly you couldn’t use your phone number. After you recover your number, you got alerted that $50,000 was transferred. You realised that many of your account’s passwords have been changed too.

What happened?

Why
To get two-step authentication code and log into accounts that are tied with a phone number
How
These fraudsters go to your service provider, act as you and get a brand new SIM card for your registered mobile number. Once swapped, they can easily get your SMS alerts with 2FA in it.

But before that, they would need to know some of your crucial information such as username and password.
Recent Case
Here's a story on how someone almost lost $71,000 because of Sim Swap attack.
How To Protect Yourself
  • Make sure your existing username & password are not exposed
  • Pay attention to the data breaches and also be careful of phishing or social engineering techniques
  • This entirely depends on the telco person, as the attack's aim is to get him/her to switch the sim card for the attacker
  • Consider obtaining a universal second-factor (U2F) device like YubiKey or Thetis
  • Delete what you are not using would be a good practice
Previous
Next

9. Your Home Devices

Imagine someone controlling your CCTV or your Amazon Echo to spy on you and disrupt your life. The things that are meant to give you convenience or protect you are used against you.

Why
To spy, blackmail and/ or gain access to private and confidential information
How
There are many techniques for this.

  • Device vulnerabilities - devices may have loopholes which hackers can exploit
  • Bruteforce - if the devices have no limit on how many times a person can key in the password, the hacker can try nonstop
  • Data breach and exposed from other parties - your username and password were exposed elsewhere and hackers use them to hack your devices
Recent Case
Here's a story on how someone almost lost $71,000 because of Sim Swap attack.
How To Protect Yourself
  • Make sure your existing username & password are not exposed
  • Pay attention to the data breaches and also be careful of phishing or social engineering techniques
  • This entirely depends on the telco person, as the attack's aim is to get him/her to switch the sim card for the attacker
  • Consider obtaining a universal second-factor (U2F) device like YubiKey or Thetis
  • Delete what you are not using would be a good practice
Previous
Next

Types Of Hackers

1. Phishers

Just like fishermen, they throw their nets far and wide to catch whatever fish that falls into its trap.

They pose as your bank to send out urgent emails and innocent victims would click into the fake link to log into the bank. These phishers would then use this information to log into the real bank account.

Read Your bank account

Go to Type of Hackers

2. Spear-Phishers

Spear-phishers are similar to fishermen who use spears to hunt specific fish.

These hackers will identity a target, likely a weak target that has access to the company they want to penetrate. They look for all the information they can find online on this person (e.g. your social media accounts) and start to befriend the victim. The victim would then let their guard down.

The “new friend” would phish for information and could also send malware over to the victim. Once the victim fall into this trap, the spear-phisher would then access the company’s system and/ or spread malware to all the victim’s colleague.

Go to Type of Hackers

3. Extortionist

The people want money and they want to extort you. One way is through ransomware. It will lock down your files and folders. They will only give you back access when you pay them bitcoin.

Another way, is that they get access to your information via webcam, CCTV or files in your computer and blackmail you.

Read Your files & folders in your computer
Read Your webcam & mobile phone camera

Go to Type of Hackers

4. System Burglars

The goal is to break into your computer system and take control of it. It could also get information from you.

Malware is most commonly used to do this, be it to remotely control your computer or to use keylogger to get everything you are typing via your keyboard.

Read Your computer/ laptop

Go to Type of Hackers

5. The Espionage / Spy

We watch a lot of 007 James Bond movies. Now just imagine going up against James Bond.

These hackers breaking into your system to get sensitive or confidential information. Can you imagine how often big companies need to fight against hackers?

Read Your computer/ laptop

Go to Type of Hackers

6. Cryptojackers

What’s better than cash? Untraceable money (well, almost).

Setting crypto miners is expensive and time consuming. Why not just write some code so that anyone who executes the code unknowingly would offer up their computer processing power to help the cryptojackers mine.

Read Your computer’s processing power

Go to Type of Hackers

7. Unlawful Posers

These hackers love to pose as other people and steal identities. Be it by hacking into your real account or duplicate another account that looks like you.

They would pose as you to do unscrupulous things without you knowing.

Read Social media account

Go to Type of Hackers

8. The Evil-Gelist

These hackers love to spread their malicious software (malware) to extort money, cripple systems or to steal information.

Read Your files & folders
Read Your computer/ laptop

Go to Type of Hackers

9. Man-In-The-Middle

He is the hidden hand in the middle. You don’t know that he was there but he’s looking and recording everything you send or receive through the internet.

Read Wireless network

Go to Type of Hackers

10. The Evil Techie

He is quite a genius, but not for good.

He tinkers with hardware to skim credit cards or to leverage on your devices vulnerabilities and to use it against you!

Read Your credit & debit card
Read Your home devices

Go to Type of Hackers

11. The Opportunist

These are smart people prying on victim’s stupidity or naivety. For example, some victims posted all their credit card information online! Nuff said.

Read Your credit & debit card

Go to Type of Hackers

12. The Peeping Tom

Some people are just obsessed. They love to spy and peep but they have no guts to do it publicly.

What they do if hack into your webcams and CCTV, what’s better than to watch a free show?

Read Your webcam/ mobile phone camera
Read Your home devices

Go to Type of Hackers

13. The Swappers

These guys know that our mobile phones are our lifeline. It’s not just to make calls and send messages, we use it to get our secure pin for our banks and payments.

The swappers would swap your mobile identity to intercept all important pin messages and log into all your accounts.

Go to Type of Hackers

Learn to code to understand how computer works and how it affects cybersecurity

Things To Do To Protect Yourself

Sometimes, we might not be able to prevent hacking completely. But, there are definitely some preventive steps that you can take to protect yourself from hackers. Here are some ways to prevent you not being hacked:

  • Be wary of scams

  • Password for your email should be different from the rest
    (eg. Gmail password should be different from Facebook, Instagram, etc.)

  • Use strong password

  • Cover webcams when not in use

  • Keep your devices locked when not in use

  • Use two factor if available

  • Be aware of informations that you post on social media

  • Pay attention to URL of the sites that you’re visiting
    If you have a business website, read on how to secure your business website

  • Do not share your login details with others

  • Read permissions before granting

Ready to learn coding?

Take the first step in learning. You miss 100% of the shots you don’t take.