8 Common Hacking Techniques That Every Business Owner Should Know About
All it takes is for one of your employees to click on an innocent-looking link in an email to download a malicious program that could have a detrimental effect on your business.
The following is a list of hacking techniques that you and your employees should know about and take every possible step to avoid.
Phishing is the most common hacking technique. All of our inboxes and text messaging apps are filled with phishing messages daily. These are messages that are disguised as either as an organization (Amazon, Netflix, etc.) or a person that you trust and will, in most cases, tell a story to trick you into clicking on a link or opening an attachment.
Typically they will:
- Inform you that someone has been trying to log into your website and you should update your credentials
- Claim that there’s a problem with your account or your payment information (see Amazon example below)
- Ask you to confirm some personal information
- Include a fake invoice
- Inform you that you are eligible to register for a state or federal refund
- Offer you free stuff
- Sent from one of your friends with an obscure link (see example below)
To protect yourself and your business:
- Never click-on any links in emails and tests unless you were expecting them
- Always confirm the validity of the email with the sender before you click on a link or download a file
- Always check the sender’s email address because this will help you identify a phishing email. In the Amazon example below, the email address is firstname.lastname@example.org. This is not an official @amazon.com email address.
- Report phishing emails to the Federal Trade Commission at email@example.com
Phishing Example from a Known Business: Amazon
Example of a Phishing Email Impersonating a Friend.
Bait and Switch Attack
Using trusted marketing methods such as paid-for advertising on websites, attackers can trick you into visiting malicious sites. When websites sell advertising space, it can be purchased by rogue attackers. The bona fide advertisement can be replaced with a ‘bad’ link that can be used to download malware, lock up your browser, or compromise your systems.
Alternatively, the advertisement may link to a legitimate website, but it will be programmed to redirect you to a harmful site.
A key logger is a small piece of software that, when downloaded into your computer, will record every keystroke. The key logger will capture every keystroke on the keyboard, every username, password and credit card number, etc., exposing all of your data and personal information.
Denial of Service (DoS\DDoS) Attacks
A Denial of Service attack is a hacking technique designed to flood your web server with a myriad of requests to the point that it overloads the web server resulting in a website crash.
To do this, hackers will deploy botnets or zombie computers that have a single task, flood your web site with data requests.
This method tricks you into clicking on something different from what you thought you were clicking. The clickjacking element could be a button on a web page that, when clicked, performs another function, allowing others to take control of the computer. The host website may not be aware of the existence of the clickjacking element.
A hacker can use software to impersonate a wireless access point (W.A.P.), which can connect to the ‘official’ public place W.A.P. that you are using. Once you get connected to the fake W.A.P., a hacker can access your data.
To fool you, the hacker will give the fake W.A.P. an apparent genuine name such as ’T.F. Green Aiport Free WiFi.’
The cookies in your web browsers (Chrome, Safari, etc.) store personal data such as browsing history, username, and passwords for different sites we access. Hackers will send I.P. (data) packets that pass through your computer, and they can do that if the website you are browsing doesn’t have an SSL (Secure Socket Layer) certificate.
Websites that begin with HTTPS:// are secure, whereas sites that start with HTTP:// (no ‘S’) do not have SSL and are NOT considered secure.
Viruses and Trojans
Viruses or Trojans are malicious software programs that, when installed on your computer, will send your data to the hacker. They can also lock your files, spread to all the computers connected to your network, and perform many other nasty actions.
Protect Your Business With Cyber-Liability Insurance
As you can see, it is all too easy to have your business systems inadvertently compromised. Cyber-Liability Insurance can protect your business and can be tailored to the needs of each business, but finding the correct type of Cyber Liability Insurance for your business can be difficult and time-consuming. OceanPoint Insurance has a dedicated team of experienced professionals who specialize in Cyber Liability Insurance and can do the heavy-lifting for you. Our team will work with you to understand your business and then select the best coverage to fit your needs and budget Request a quote today!