Perhaps the most common types of cyber attacks is also the most easily preventable one. The password attack is the first step of gaining access to someone’s accounts and files. The standard Password Attack is the use of social engineering to make use of your context clues to guess your password. If you are always dressed in Raiders football gear in every picture on your social media pages, the first guess at your password will be “raidernationxxxx” where your birth year fills in for xxxx. You would be surprised at how often this works. Brute Force Dictionary attacks is the use of software to bang away at your password using common dictionaries to break passwords without those recommended special characters.
The best practice to avoid being the weak link in a Password Attack is to use strong passwords and to change them often.
Another easily avoided human error-reliant cyber attack is the downloading of Trojan Horses and Viruses. A vast majority of virus downloads comes in the form of hastily clicked links and the use of unauthenticated data. Unauthenticated data is a nice way of saying “pirated files”. The download files included in your advance copy of the popular movie, or that latest music by your favorite artist often contains an unseen hitch hiker. Viruses are pesky and troublesome costing you lots of time and occasionally money, but the Trojan Horse is the software file that you downloaded one thing and got another. Once you open it up, it digs down deep into your system and sits there feeding your records out to its owner.
These attacks are easily avoided by staying away from “quick and easy” file sharing systems and only getting your software downloads from well-known and reliable outlets.
Slightly more difficult to protect against is the Phishing Attacks and all its variants. Phishing is the act of the scammer or hacker requesting the information from you. They’ll never do it directly of course. You’d know to distrust an e-mail that simply said “please send me your user name and password”. But if you got an e-mail from your bank that said your account was being closed, click here and log in”, well, that seems more reasonable. But that link was to the scammer’s site and the second you typed in your login information, they had it too. Spear phishing is when they target you specifically with some personal information garnered from outside sources to make the e-mail more believable and therefore make you more susceptible to clicking their link.
The easiest way to avoid being phished is to never click on an un-requested link. If your bank, ISP, phone company, etc ever sends you an e-mail and link, close the e-mail and open your browser to enter through your already known good link.
Harder to protect against are the cyber attacks that aren’t reliant on you making a mistake. Man in the Middle attacks occur when the attacker taps into the communications between your device and the server. This doesn’t happen as often at your home because you are a single target and the reward vs risk is low. But where is will happen incredibly often is at those free public wifi sites like in coffee shops and fast food restaurants. There the hacker can sit among you as just another consumer and be perusing all your data through the compromised Internet connection. Another popular spot for Man in the Middle attacks is in hotels chains. There the wifi is also commonly free or password easily obtained and guests spend more time doing more “business” than sitting at the local fast food joint.
To keep from being caught by the Man in the Middle, try to avoid using public and free wifi, keep updated protection on your machine, and if you must do business over an unreliable connection, be sure the website is secure; look for the S in HTTPS.
No matter how vigilant you are in protecting yourself against cyber attacks, there are so many evolving traps out there that we will eventually fall victim to one at some point. The most common attack that is entirely out of your hands is the Drive-By Attack. This is where the hacker uses the vulnerability of a website you visit to redirect you to an unsecured page or run a script directly from that web-site’s deficient code. This has the nefarious advantage of being completely invisible to you while also being completely infeasible for you to protect against.
There is no way to protect yourself 100% against all forms of cyber attacks but if you use common sense, update your virus protection software, and stay aware enough that you’ll notice any unusual activity your device may be running in the background, you can stay ahead of the threats.