As a freelancer or business owner, you have probably devoted much time and capital to your online presence. Whether you own a website, social media pages, an e-commerce store or more, you probably have a lot invested within the confines of cyberspace.
Be sure that cyber criminals and hackers are also invested in your online presence- and specifically, how they can take advantage of it to benefit their ends.
Your credit card, bank account and legal information is of utmost importance to hackers. Even your very identity can be valuable, because your name, birth date/place and address can be used to unlock secure information on your family, friends and clients.
How can you protect yourself from cyber criminals and hackers? The following three methods are very commonly employed to compromise your cybersecurity and steal valuable information:
Phishing very accurately describes what hackers do to compromise your cybersecurity- the creation and deployment of a “bait” web page that resembles a real one in an effort to get you to interact with it and provide your secure information.
Scammers can easily generate a login page comparable to what you’d see on Facebook, Paypal, etc. and upload it to a free hosting service like ByteHost (or even a paid one like HostGator). This is accomplished by copying the entire page’s code after viewing it through the Inspect Element function. You can access Inspect Element by highlighting some text on a web page and right clicking your mouse.
The sensitive information itself (e.g., password) can be captured and transferred using a few lines of code that ‘live’ on a separate file within the hosting program’s file structure.
With just these two files created and stored on the hosting site, a phishing expedition can involve sending the victim an email that alerts her about a security breach on a given website. The victim is asked to confirm her login at the linked URL in the email. Once she clicks on the stated URL and enters her login token, that information is transferred to the scammer.
To prevent such catastrophes, always check the URL of the site you are about to click on. Budget-conscious phishers will create a URL that contains a subdomain because many hosting sites will provide those URLs for free. Here is one example of an email address from “Facebook,” where Facebook exists in the subdomain area, followed by the hosting program’s domain:
Overall, online security best practice entails never clicking on any URL in your email but going to the website independently and verifying the “security risk.” Alternately, you can call the company to verify the issue.
You might assume that password hacking involves the deployment of sophisticated algorithms and software programs. The truth is that most passwords are just guessed correctly because the hacker knows a few facts about you, such as your city and date of birth, your last name, your hobbies, and your personal sayings.
Most people use a simple and memorable password for the majority of their accounts. In fact, it’s a common joke among hackers that half the passwords in the world are “Password123.”
Even if you think your password is indecipherable, there are number generators that can crack a password fairly quickly if it’s six characters or fewer in length. This is often termed a brute force attack on a password.
Hackers who don’t want to work that hard simply obtain computed hash tables of passwords. Hashes are created during the encryption process when a user enters a password into a site. Hash values will contain the coding for just about every possible password and can be input automatically into the text field.
To protect yourself from password hacking, create a random password that contains both letters and numbers as well as capital letters. Ensure that your password is at least 8 letters long.
Ideally, you should use a password that is longer than 8 letters/numbers and contains two long words strung together in a nonsensical way. A password like ‘Plut0niumP3nguin4572’ would be one example of a secure password.
It goes without saying that you should change your password often and should not ask browsers to remember your password while you are stationed at a public computer. Even if your password is ‘encrypted,’ which usually involves seeing it as a sequence of bullet points or asterisks, it can easily be deciphered by going into Inspect Element and replacing the code ‘password’ with ‘text’ in the password box area.
Try finding out what your own password is on your computer at home. I’ve included some screen shots of a Facebook account wherein I simply replaced one word in the Inspect Element area to retrieve the password ‘password123.’
Keystroke loggers are software programs that operate in the background and, as their name suggests, collect your secure information such as passwords, log-in keys, pages browsed, etc. Every few hours to days, the programs mail a report of this secure information to the interested party; i.e., the person who installed the keystroke logger.
How do keystroke loggers even get on your computer in the first place? If you have handed your computer to a friend of a friend, or to an unknown repair shop, you may be carrying around a keystroke logger on your laptop.
Another popular place for hackers to install these loggers is on public computers, after which they collect information from a wide range of people and see what valuable tidbits sift out. This form of hacking by social engineering is quite popular on school campuses, public libraries, etc.
Finally, a hacker can install a keystroke logger on his own computer and then socially engineer a situation where you end up using that computer to log into your social media accounts, email, bank account, etc.
It’s nearly impossible to scan a list of computer programs and find a keystroke logger because the program file name/record self-deletes. Likewise, a savvy hacker could just rename the file to something innocuous such as “committee_meetings_2016.”
Your best bet with keystroke loggers is to avoid accessing sensitive information on public computers or computers that aren’t under your complete (solitary) control. If you do end up using a shared computer, change your passwords immediately once you get home.
The Bottom Line
Cybersecurity is a growing concern for bloggers, freelancers and website owners. You can improve your own cybersecurity by not providing sensitive information at third-party and public computers, by creating a long and hard-to-guess password, and by inspecting emails and their links before opening them.