Seven new dangerous hacking tricks. Seven new dangerous hacking tricks Hacker tricks
Spear Phishing is a form of phishing that has a specific goal. In the past, this hacker trick was used to trap as many users as possible. Spear phishing, on the other hand, attempts to use as much personal information as possible in an email.
For example, spammers scour open services such as Facebook and other online data sources to be able to address recipients by name. Combined with the seemingly genuine design of the banks, these types of messages make the user confident in the legitimate origin of the document and persuade the user to click on the phishing link attached to the email.
The more accurate the information about the victim, the more insidious the attacks become. If a phishing scammer, for example, knows the victim's work responsibilities in his company, he sends him a message with a corresponding invitation to a conference.
If malicious code is sent as an attachment, attackers increasingly rely on infected documents. However, they prefer to use “zero day” exploits. Documents pass through most spam filters and then gain extensive access rights through security vulnerabilities.
Precautionary measures: Install updates regularly and always check the origin of third-party data.
2 Attacks on Smart TV
Modern Smart TV systems display the Internet content of providers through the HbbTV (Hybrid Broadcast Broadband TV) platform. However, unlike browsers, they do not have equally developed security systems.
The user cannot determine whether the content coming to his TV device through HbbTV is legitimate or has been tampered with. For example, hackers can, by intercepting Wi-Fi signals, redirect broadcasts to unwanted content, create fake subtitles, and even generate cryptocurrencies.
Content Spoofing, that is, the replacement of legitimate content with manipulated content through a MITM (Man in the middle) attack, is also possible. Some smart TV manufacturers do not use SSL encryption in the software of their devices, which greatly simplifies the task of hackers and allows them to replace content directly during broadcasting.
Precautionary measures: Use the latest firmware of the manufacturer of the television device from its official website.
3
In clickjacking, website content is invisibly mixed with elements of another website. One of the most impressive examples of clickjacking: using this method, attackers gained access to users’ web cameras and microphones.
To do this, the criminals loaded the settings page of the Adobe Flash browser plugin into an invisible floating frame. While the visitor was clicking seemingly harmless buttons on the page, he was first confirming each Flash animation's access to the computer's webcam and microphone.
Precautionary measures: protection is offered by the latest versions of browsers. They read page headers and block suspicious frames.
4 Sound viruses
It sounds like something out of a sci-fi movie: audio viruses use low-frequency sound signals to steal information, and they don't require your PC to be connected to the Internet.
The signal generated by the malware is sufficient for contact to reach 20 m in a straight line, which was established during an experiment by researchers at the Institute for Communication, Information Processing and Ergonomics of the Frauenhofer Society (FKIE: Institute for Communication, Information Processing and Ergonomics).
At the same time, using an audio signal, they created a wireless self-organizing network (ad-hoc). Then, using a keyboard logger, the intercepted data was “jumped” to PCs located in neighboring office premises. For this purpose, a program was used that was originally developed for communication under water.
But, apparently, the method works not only in the laboratory. Thus, security consultant Dragos Ruiu recently reported unusual behavior of his laptop. The system he had just set up suddenly updated the BIOS. She then began transferring data, continuing the process even after Rui turned off the network card and Bluetooth.
The device did not allow booting via CD-ROM, and it canceled configuration changes. Soon other laptops nearby exhibited similar behavior.
Precautionary measures: To stop the infection, it is enough to turn off the sound card and microphone, since the virus spreads through low-frequency sounds.
5
The unpleasant thing is that through a remote connection, hackers gain access to the laptop’s webcam and film intimate details from the life of their victim. The introduction of software “bugs” into the user’s camera is called camfecting.
To connect to the camera, the hacker first infects the victim's computer with the appropriate malware. Most often this happens with the help of a Trojan. It is either sent as an attachment (via phishing), or launched as a Drive-by-Download, or included in infected video files.
Precautionary measures: Avoid opening attachments, use firewalls and antivirus programs, and use a secure wireless network.
6
Watering Hole attacks directly manipulate legitimate websites, such as online stores or banks. This exploits security vulnerabilities, such as outdated server operating systems, and injects codes into web pages.
This can be Drive-by-Download, that is, a download that is installed when the resource is called. Attackers choose the web server to manipulate depending on the target of the attack. For mass attacks, they prefer to infect popular sites that can be accessed by as many users as possible.
In targeted attacks, for example, for the purposes of economic espionage, resources that the victim considers safe (the website of a business partner of the attacked company, etc.) are attacked. Thus, in 2013, unknown persons infected the computers of Facebook and Apple employees through their developer’s resource. But the majority of such attacks, about a quarter, use porn sites.
Precautionary measures: Web resource owners must take measures to protect against Watering Hole attacks. For example, use the “Server Hardening” procedure to remove components from the OS that are not critical for completing tasks.
In the future, administrators should always keep programs and web applications, such as forum software, up to date. In addition, strong and individual passwords for users are important.
7
AR (Augmented Reality) devices, such as Google Glass, which enhance users' perception of useful information, are increasingly being targeted by hackers. Cameras become the target of the attack: in particular, hackers can intercept images while entering PINs or passwords and use them for their own purposes.
Glass and its analogues also provide detailed information about daily activity. Experts from the antivirus company Trend Micro believe that augmented reality devices will become the most desirable targets for obtaining personal data in the coming years.
Precautionary measures: Always keep your device firmware up to date.
Photos in the article: manufacturing companies; kubais, Anterovium, ad_stock/Fotolia.com
Your password is up to 10 characters long and contains letters of different case. But you're still easy prey for hackers. Read the article, we’ll tell you how scammers get into your personal data and money.
Leave your contact and we will advise you
Submit your application
You have your own website, which brings in 500 thousand rubles per month. The subscriber base exceeds 1,000,000. A tidy sum has accumulated in the accounts of one of the popular electronic wallets and a bank card. Now imagine losing all of this in a matter of seconds. How? One click on a phishing link in an email!
Agree when you receive a letter that« your WebMoney account is blocked », the last thing you'll think about is what was written in the address barv2-mail.ru, not mail.ru. Cybercriminals play on your emotions and fears. The content of the letter encourages haste.
What other tricks do hackers use to trick you into phishing emails? See below.
Example 1 – Techniques for hacking email accounts
When you log into your email account, you see a message about profile blocking.
When the button is pressed"refute the complaint" , you will be taken to a fake Gmail site where you will be asked for your password.
There are hundreds of variations of such letters about a problem with an email inbox: undelivered message, password hacking, spamming, blacklist, low memory. Hackers skillfully disguise messages under the design of Gmail, Mail.ru and Yandex.Mail.
Example 2 – Letter from Roskomnadzor
Hackers send letters on behalf of government agencies.
The letter states that several steps must be taken to identify the user. In fact, these are instructions for providing hackers with access to the site.
Please note: the greeting in the letter is impersonal, the title is alarming, and the signature to the letter lacks contact information.
Example 3 - Letter from the Arbitration Court
Another type of letter from authorities.
Example 4 - Traffic police fine
The Russian State Traffic Safety Inspectorate has sent you a fine. The letter offers to pay for it with a 50% discount in the first 20 days.
Everything seems to be correct. Only you don’t have a car, and you don’t have a license.
Such letters are sent out en masse. If a person wants to check what kind of fine they are talking about and clicks on the link, they will be taken to a phishing page where they will be asked for their login and password.
Example 5 - Letter from Sberbank
The text of the letter informs about the debt. In fact, the letter again contains a link to a keylogger.
Example 6 - VAT refund
You recently returned from the USA with a large purchase. Now you want to return the money that was spent on paying taxes when purchasing goods. To do this, contact the tax office or banks. Or don't you want to waste time on this? Then there are hackers at your service who are ready to help you return VAT without leaving your home. To do this, just indicate in your response letter the address, number and series of your passport, TIN, etc. But no one will return your money, as well as the confidentiality of your data. Now hackers can easily get to your bank account.
Example 7 - Email with QR link
You receive a tempting offer– install a useful program.
Actually QR code - the road to a fraudulent site. Be vigilant and do not click on suspicious objects in emails.
Example 8 - Substitution of advertising banners
This is one of the simplest phishing methods. You may receive an offer to place an advertisement on the site. One click on the banner and you will be redirected to the organization’s fake website. Here you will be asked for your credentials again.
Example 9 - Letter on behalf of Amazon
A new type of phishing is emails from Amazon. Hackers on behalf of an online store send notifications about a non-existent problem with an order. To solve the problem, scammers offer to update your personal data using a link in the letter, otherwise your account will be blocked.
If you click on the link, you will be taken to a fake Amazon.com site. Here you will be asked to enter your personal data and bank card details. After you press the button"Save and Continue" , scammers will redirect you to the real siteAmazon.com. This way they will eliminate any suspicions.
Example 10 - Letter about winning a lottery
You receive a letter saying that you have won 1 million rubles, a car or another valuable prize. Euphoria will give way to panic when you remember that you did not participate in any lottery.
To lull your vigilance, hackers specifically send such letters on behalf of well-known brands: Google or Microsoft.
Example 11 - Letter from a popular community
A notification from"In contact with" about a new message. The letter says that a certain user left you a personal message on the site. In order to read it you are asked to follow the link.
When you click on the link, a window pops up asking you to allow access to your email account. Everything looks quite logical and the hand itself reaches for the button"Allow." Learn to control your impulses so as not to lose your e-mail.
Example 12 - Email from a Friend
In spear phishing, the hacker already knows some information about you: your name and address. The greeting in the letter will be personalized:"Hello, Dima."The message also mentions your« mutual friend » or your last purchase in an online store. The hacker lowers your guard. You are sure that your friend definitely sent the message and you can easily provide the scammer with the information he is interested in.
Example 13 - Letters from charities
Phishing sites often hide under the guise of charity. A letter has arrived in your inbox purporting to be from"Rusfond". The message asks for assistance in treating a 10-year-old child. Fundraising, of course, is carried out via the link in the letter. If you enter your credentials, you will again be hooked by scammers.
Example 14 - Letter from a lawyer
Nigerian letters- a common type of fraud.Distribution of such messages began in the mid-1980s. in Nigeria. The plots of fraud are varied: letters on behalf of the president or official asking for help in banking transactions, letters offering money. But the oldest way- letter from a lawyer.You receive a message on behalf of a distant relative's lawyer. The message tells you that your relative died in a plane crash. Now you are entitled to a substantial inheritance. But to get it, the lawyer requires your bank card details.
Example 15 - Malicious PDFs
PDF files are presented as important documents that need to be read urgently. An open PDF file injects a virus onto your computer. Next, the virus steals your confidential data and disrupts the functioning of your computer. Malicious programs can also be attached to other files: jpg, doc, docx, excel, rar.
Example 16 - Smishing
You receive an SMS. In it you are invited to watch a provocative video with your participation. You follow the link in the SMS. Next, to continue watching the video, you are asked to log into Facebook. Your phone number has already been entered as a login. Fraudsters have made a phishing site again to steal your password.
Example 17 - Vishing
This is a voice phishing technique. In the evening you receive a message:“5,000 rubles have been debited from your account. If you have not performed this operation, call this number" . Another trick of cybercriminals. At this number, the answering machine dictates instructions that you need to enter a PIN code and account number.
And don't forget to enable two-factor authentication. Find installation instructions here: "Yandex.Mail", Mail.ru, Gmail.
Order a reputation management service
Submit your application
If you use Wi-Fi with a password all the time, that means you're safe, right? Wrong! Hackers want you to feel safe, so you will be more vulnerable to their attacks. Below you will find secrets that hackers hope you won't find out about, otherwise they won't be able to penetrate your secrets.
1. WEP encryption will not protect your wireless network. It's easy to hack in a few minutes, so you'll only be given a false sense of security
Even an inexperienced hacker can break WEP encryption in minutes, rendering it useless as a security mechanism. Many people use a router for many years, but do not even think about changing the password after some time and upgrading WEP to the more powerful and secure version of WPA2. 
Updating your router to WPA2 is a fairly simple process. To do this, you just need to follow the instructions that can be found on the official website.
2. Using a MAC filter on your router to prevent unauthorized devices from connecting is ineffective
Any IP equipment, be it a computer, a game, a printer or something else, has a unique MAC address in its network interface. Many routers allow you to allow or deny network access based on the device's MAC address. The wireless router checks the MAC address of the network device requesting access and compares it with a list of denied and allowed addresses. This does seem like a good security mechanism, but the problem is that hackers can create a fake MAC address that matches the allowed list.
All they have to do is use a wireless interception program and see which MAC addresses are traversing the network. They then set a MAC address that matches those allowed to enter the network.
3. Disabling your wireless router's remote administration feature can be a very effective measure to prevent hacking.
Many routers have an option that allows you to control them using a wireless connection. You get access to all the routers' security settings and other features without having access to the computer that is connected to the router via cable. Although it is very convenient to have the ability to administer the router, such a feature opens an entry point for a hacker who can easily get to the security settings. 
In addition, many people never change the factory password on their router, thereby “helping” the hacker’s work. Therefore, it is recommended to disable the remote control feature so that only those who have physical access to the network can access the router settings.
4. If you use Hotspots for public use, you can easily become a target for a hacker attack
Hackers often use tools like Firesheep or AirJack to get into the communication line between the sender and the recipient during a conversation for which you are using a wireless connection. Once they get on your line of communication, they have the ability to obtain your account passwords, read your emails, and also view your messages. Hackers also use a tool like SSL Strip, which allows you to gain access to secure sites you visit using your passwords. 
Therefore, it is advisable to use a VPN to protect your data if you are connected using Wi-Fi. Since VPN provides additional security and is very difficult to hack. Unless the hacker is very persistent, he will most likely try only once and move on to easier targets.