Beware Of These Devious Online Threats

Staying safe online requires the right security tools. It also requires the right knowledge of common threats. Knowing how criminals typically attack your computer educates you on how to prevent those attacks. Roger A. Grimes at Computer World published his list of the most devious attacks currently being used and how to protect yourself from them.

• Fake WAPs

There a plenty of public places where people typically use free, public WiFi. Unfortunately, networks in places like coffee shops, libraries and airports are also common targets for hackers. They’re able to set-up fake wireless access points, or WAPs, that fool users. Users connect using a network with a believable name, but are actually giving a criminal access to all the data they transmit. This is an easy way for hackers to steal passwords, banking information and more. To protect yourself, be extremely wary of public WiFi. Don’t enter any financial information or visit any sites that require a password.

• Cookie Theft

Cookies have been used by websites for years to make your browsing experience faster and more convenient. These text files store information so you don’t have to log-in every time you visit the same site, or otherwise streamline your experience. That information is dangerous if stolen, however. Hackers use a number of methods for stealing cookies. When they’re successful, they’re able to immediately gain access to certain sites and sometimes even gain payment information. Make sure that if you have cookies enabled, you’re only using HTTPS websites that use the latest encryption methods.

• Tricky File Names

This is not only a common attack method, but also a simple one. Hackers use some social engineering to gain more downloads of malicious files and tempt more users to open those files. No one would want to download ‘malware.exe’, but when the file name is something more salacious or relevant to the user, many can’t resist. Some even use false file extensions to confuse users. The full file name may be ‘image.jpeg.exe’. The file is an executable application, not an image, but ‘.jpeg’ fools many users. To protect yourself, don’t download files that sound too good to be true and only download from trusted sources. If you aren’t expecting a file to be emailed to you, don’t open any attachments. Also, be sure to scan anything you download with your antivirus program before you open it.

• Tampering With Hosts

Windows users have a DNS-related file named ‘Hosts’ in their ‘Drivers’ folder. Typically, there’s no reason for a normal user to interact with ‘Hosts’. It contains domain names that a user has visited and links them to their IP addresses. This is a way around having to contact DNS servers and perform recursive name resolution every time a popular site is visited. But, this opens the door for hackers to enter their own malicious entries into ‘Hosts’. By changing the IP addresses linked to common domain names, a hacker can redirect users to a spoofed version of a legitimate site. These malicious sites usually look very similar to the original, but are used to steal your data. This is a difficult attack to spot. If a site looks different than usual, avoid it. Don’t enter any information on a site that looks different than you’d expect. If you suspect you’re being maliciously redirected, examine your ‘Hosts’ file.

These are only a small collection of ways criminals can steal your data and infect your computer. For help improving your security, or fixing the effects an attack has had on your system, call Geek Rescue at 918-369-4335.