Hackers use three common methods to acquire people's computer passwords:
2) Social Engineering AttacksSocial engineering is the modern con game: the hacker manipulates you to divulge your password by using some kind of convincing personal contact. This personal contact might involve direct face-to-face communications, like a pretty girl with a clipboard doing interviews in a shopping mall. Social engineering attacks might also occur over the phone, where a hacker will masquerade as a bank representative calling to confirm your phone number and bank account numbers. The third and most common social engineering attack is called phishing or whaling. Phishing and whaling attacks are deception pages masquerading as legitimate authorities on your computer screen. Phishing/whaling emails will often redirect the victim to a convincing phishing website, where the victim types in their password, believing the website to be their actual bank or online account.
3) Administrator Back Doors
This kind of attack is akin to stealing the building master keys from the building janitor: the perpetrator accesses the system as if they were an entrusted employee. In the case of computer administrators: special all-access accounts allow the user into areas where only trusted network administrator should go. These administrator areas include password recovery options. If the hacker can enter your system with the administrator's account, the hacker can retrieve passwords of most anyone on that system.
- Brute Force ('Dictionary') Repetition
- Social Engineering (commonly: phishing)
- Administrator Back Doors
2) Social Engineering AttacksSocial engineering is the modern con game: the hacker manipulates you to divulge your password by using some kind of convincing personal contact. This personal contact might involve direct face-to-face communications, like a pretty girl with a clipboard doing interviews in a shopping mall. Social engineering attacks might also occur over the phone, where a hacker will masquerade as a bank representative calling to confirm your phone number and bank account numbers. The third and most common social engineering attack is called phishing or whaling. Phishing and whaling attacks are deception pages masquerading as legitimate authorities on your computer screen. Phishing/whaling emails will often redirect the victim to a convincing phishing website, where the victim types in their password, believing the website to be their actual bank or online account.
3) Administrator Back Doors
This kind of attack is akin to stealing the building master keys from the building janitor: the perpetrator accesses the system as if they were an entrusted employee. In the case of computer administrators: special all-access accounts allow the user into areas where only trusted network administrator should go. These administrator areas include password recovery options. If the hacker can enter your system with the administrator's account, the hacker can retrieve passwords of most anyone on that system.
No comments:
Post a Comment