If you have never suffered an attack of this type, it is possible that all this may sound like a legend to you. But the truth is that the number of user accounts damaged by this type of theft over a week is large enough to scare anyone who sees it. More than 250,000 email accounts appear on the black market every week. And it is that, sometimes, we make it so easy With so many of our habits it is no wonder these thefts continually occur day after day. In our days, thanks to the continuous growth of social networks, this type of practice only increases due to the amount of personal data that, without realizing it, we pour into them.
Long ago, the preferred target for cybercriminals was Hotmail email and messaging accounts, but over time everything changes, and now the priority target is social networks, with Facebook and Instagram in the lead, closely followed by Twitter . We are going to tell you about the most common methods and what we can do to avoid them, or at least try.
OSINT as a method to enter your accounts
The cybercriminal in question will try to access your data using the passwords obtained with a small track your activity. This social media makes it extremely easy, since sometimes our passwords are the name of a close relative, such as a partner or children, the name of our pet, a date set for us, etc. This type of thing is what can be obtained by collecting data within social networks, since it is practically visible by just following one of these accounts.
Facebook, the great goal. Facebook has once again been the most used social network in the year that has just ended, 2020. Without a doubt, has a lot of information about us and our relatives. Many times we think that, because a website is so well known or does not ask us directly for our bank details, it cannot be potentially dangerous, and that is not true, also thanks to Facebook games we can add our bank details to the equation of theft which can get us a pretty nasty scare.
With this type of data, cybercriminals, or buyers of this type of account, can carry out a identity fraud to, for example, request a bank loan with our names, or impersonate us to make some type of illegal purchase.
Instagram is another giant, has a number of personal documents both written and graphic that many times we can think that they are not so important, but they can be worth the same, make identity theft much easier. Sometimes there have also been cases of blackmail, the cybercriminal would publish private content if their demands were not acceded to.
Twitter seems harmless, because we only go in to make a small comment or see who has said what at any time. But the real danger of Twitter is that it is a giant channel of information, Every day they try to steal the accounts with the most followers for promotional or advertising purposes since large numbers of people can be reached in an extremely short time.
What we advise you to avoid this type of problem is to be extremely scrupulous with the data that you publish on your social networks, that you refrain from unnecessary excesses of information, that when choosing a password, it is a secure password that does not It can be discovered through social engineering because someone checks your networks and scrutinizes your life, and above all, that you change your password from time to time to one that is even more secure than the previous one.
Using the same password for everything, bad idea
In this section there is not much to say. And to some it will seem crazy, but this happens, and it happens continuously. For making access to social networks, email accounts, messaging accounts less complicated … We use the same password for all of them and that’s a huge mistake, since the moment they have access to an account, the rest will fall due to a domino effect, being totally at the mercy of the cybercriminal in question and what they want to do with each of our accounts.
The solution is simple, use a different password for each access, and do not do the typical thing to change a letter or a number, quite different keys. Create a password that is totally different and secure for each account, use uppercase and lowercase, use numbers and to complicate it even more, use some weird character like the at or the umlaut.
Using public Wi-Fi networks without a password, another big mistake
The owner of the network, or practically anyone, can intercept network traffic by instantly obtaining our passwords with a simple traffic analysis program, this act is known as sniffing. In this country, using an open network with the aim of obtaining user data through sniffing is a practice is totally illegal, but it does not mean that it is not used, so we must pay special attention to do not use these “free” networks, or if you need forced access to the Internet and have no other way, do not connect to any of our social networks so as not to have any type of problem.
Simulated email attack, full-blown phishing
Many times we receive emails from our bank, our telephone operator, or any other important entity in which reflects that there has been some kind of problem and that a review of our data is necessary to solve it. Sometimes these emails are so heavily worked that they are exactly the same as the one used by the entities in question. This link takes us to an equally worked page where we are asked to confirm the data, and when entering them, it will give us the message that the problem in question has been solved and that we can use the service normally, well, we have just given our account to another person.
Absolutely no entity will ask us for our password to access our account, it is possible that at some point they ask us for other data because they update their security policies or some other management of this type, but they will never ask us for our password.
To avoid this type of problem, we have it easy, if they ask us for a password on something, we close immediately. Another essential clue to detect a simulated email attack is the Return address, If, for example, our bank has to communicate something to us, it will do so through a simple and easily recognizable address, however, the addresses from which these types of emails arrive are very strange addresses and it is easy to see that they are not reliable.
Keylogger or Keystroke Analyzer
This type of program they are usually undetectable since they can enter your computer through some mail of doubtful origin, this type of program it will record every keystroke and save it to a file which will automatically be sent to the sender. This presents the threat clearly, everything that is typed with the keyboard will be from another person, keys, passwords, private numbers, conversations, everything.
Given this, it is best have a good antivirus and antimalware installed and scan your computer periodically. We have given you specific measures for each case, but the truth is that there are measures that work in all cases. It is best to use common sense to know what to make public and what not, and have our team protected with security measures such as an efficient antivirus which is capable of dealing with threats without problems.