As a follow up to our mobile phone glossary, we have created a list of different terms you need to look out for when it comes to the security of your PC / laptop or tablet. As more and more people are connected to the internet, cyber-attacks have become much more common, so read on to learn more about some of the different ways with which a hacker can compromise your gadget.
Phishing
A type of social engineering attack used mainly to steal user data. The attacker impersonates a trustworthy source and manipulates the user into opening an email, instant or text message. Once the user clicks, malware is then installed on their phone, tablet or laptop.
-
Spear Phishing
This method is more targeted as it specifically aims to attack employees in various organisations by sending them emails which express urgency and request immediate response. -
Whaling
Another type of targeted email attack, this time addressed to CEOs or CFOs within a company. The email would contain deceptive information about the organisation facing legal action against it and would prompt the reader to click on the link included to find out more. The link would request to add private company data such as ID Tax and bank accounts to enable the sender to then compromise it. -
Smishing
This type of attack is executed through text messages, where the sender impersonates a staff member from a banking institution. The receiver is told that their bank account has been compromised and is asked to verify his/her bank details by following the link provided. If the receiver clicks and inputs the data, it enables the attacker to take control of their bank account. -
Vishing
The attacker strikes through a voice call, hence the /v/ instead of /f/ in the term. Attackers can call and pretend to be Microsoft representatives who detected a virus on your computer. They then ask you to pay for an anti-virus program. Instead of an anti-virus, they install a bot which tracks your internet activity with the intention of stealing your personal data and passwords. -
Search Engine Phishing
Also known as SEO positioning or SEO Trojans. Hackers use search engine results as their primary method to get preys. For example, they can manipulate their way to becoming the top hit of a Google search result. The link takes the user to the hacker’s website which could resemble a well-known site.
Malware
A type of unwanted software program which is installed without the user’s permission. It is used to infect computers and phones with viruses, adware, spyware, keyloggers etc. Malware can also be transmitted through USBs, hard drives and spam.
-
RAT (Remote Access Tool or Remote Access Trojan)
A form of malware which completely blocks the user’s access to the whole system. Once the hacker takes over, he can have full administrative control. RATs and legit programs behave in a similar way as they perform similar work. This allows them to be undetectable and hard to remove. -
Rootkit
Type of malware that can remain undetected for extremely long periods of time. They can be installed through emails, unauthenticated websites, infected hard drives and more. A rootkit allows the hacker to have full control of a user’s system without the user being aware. The only way to remove a rootkit is by rebuilding the infected machine. -
Adware
A type of malware (software program) which displays advertisements in the form of pop-ups. Adware is not always malicious as it can also be legitimately downloaded. - Legitimate Adware
This is usually downloaded with the user’s consent in return for discounts or a free software. The ads that they receive that contain it help to cover the software development costs or allow the developer to offer the program for free. If users wish to have an ad free version of the software, they would have to download its paid version. Alternatively, if they wish to have the software for free, they would need to download the ad supported version. - Malicious Adware (Spyware, PUPs, MitM & Ransomare)
This form of adware uses manipulative methods to gain users’ consent and it’s usually difficult to refuse or prevent its installation. It populates a user’s device with a large number of advertisements which do not allow the user to easily escape from clicking. -
Spyware
A type of malicious adware which spies on the user’s browsing activity to collect their personal information and sell them to third parties. Spyware’s legitimacy lies behind the intention of its author as it can also be used for legitimate purposes to create tailored ads for users while they are browsing. -
PUPs (Potentially Unwanted Programs)
This form of adware uses manipulative methods to gain users’ consent and it’s usually difficult to refuse or prevent its installation. It populates a user’s device with a large number of advertisements which do not allow the user to easily escape from clicking. -
MitM (Man in the middle)
A type of eavesdropping attack which allows hackers to interrupt the data transmission through a communications journey, to position themselves as a legitimate source. Once the hacker is in between, they can alter the data before it reaches the recipient. -
Ransomware
Locking a user out of their own machine, usually a computer. Hackers then tend to blackmail the user so that they can transfer them money and restore access.
Spoofing
Hackers use spoofing as a masking technique to fool users into thinking that they are a legitimate source.
Email Spoofing
Emails that are crafted to look like they come from a legitimate source. They usually require a response from the recipient. The header of the email is altered so that it resembles the wording of a legitimate website.-
IP Spoofing (IP - Internet Protocol, IP Packets & DDoS attacks)
IP Internet Protocol is the unique identity of devices which are capable of connecting to the Internet.
An IP packet is a small segment of a larger message which is broken down in packets of data which travels through wires, cables and radio waves of the internet before they are then reassembled as a one completed message by the recipient’s computer.
Data is not transmitted in one piece. The internet is organised in IP packets which are essential for data transmission. Each packet contains an IP header which carries information about its source and its destination. IP spoofing occurs when hackers interfere with this process by altering the source IP address through modifying the packet. This helps hackers to conceal their identity while committing the attack. -
DDoS Attack
This stands for a Distributed Denial of Service Attack, and it is a type of IP spoofing which aims to slow down or crash a server with the help of a spoofed IP address. This form of attack aims to stop a website’s normal functioning and hackers would often request payments in order to restore the service.
Cloaking
This is a search engine optimisation technique which is used to manipulate Google’s search results. Google and the user should normally see the same results. When cloaking takes place, the results that are shown to the user are different from the ones that the Google bot can see. Cloaking is used when hackers wish to distort page rankings of websites and get an advantage for their own content.
Proxy Hacking/Hijacking
A proxy is a server that acts as an intermediary between the user and the websites he/she visits by ensuring that your browsing experience remains safe and private. Proxy hacking occurs when authentic web pages are cloned or copied into another server that the hacker has control of. The motive is usually to exploit a competitor’s site by adding multiple advertisements and infecting it with viruses.
A good way for identifying potential harmful websites, is by looking at the website’s security framework, also known as HTTPS/SSL/TLS. HTTP(S) stands for Hypertext Transfer Protocol (Secure) and it ensures safer browsing by:
- Controlling how data is transmitted on the web.
- Adding a layer of encryption.
- Using SSL (Secure Sockets Layer) and TLS (Transport Kayer Security) protocols to further encrypt your identity.
- SSL creates an encrypted link between a web server and a web browser.
- TLS secures the data agsinst hackers.
Does airplane mode prevent hacking?
Yes and no. Airplane mode temporarily disables wireless signal transmissions to and from your phone. It stops the cellular communication with other networks, including Wi-Fi, Bluetooth and GPS. Airlines request passengers to turn airplane mode on so that the phone’s signals do not interfere with the plane’s navigation equipment. Airplane mode temporarily isolates your gadgets from the communication networks and hackers are unable to attack them at the time when they are disconnected. If your gadgets have security vulnerabilities, they are still open to being compromised by malicious attacks.
Find out more about how you can protect your gadgets from hackers.