There are a lot of myths about online identity theft. The most common myth is the hackers are able to crack in servers and fetch the usernames & passwords of any user. The modern servers are secure enough and can not be hacked by any hacker that easily. It is possible to be safe from identity theft by taking precautions. To bust all myths, following are the 6 most common ways to hack an online identity and tips to be safe from the hackers.
Phishing is a way to acquire sensitive information, such as usernames, passwords, credit card numbers, from a user by presenting a fake website that looks exactly like the original website. Most of the time user has no idea if the site is original or fake unless one notices the URL.
For example you get an email from a friend named Mike with the subject: “Mike has shared a photo with you”. You open the email and you see a link saying “Click here to view this photo on Windows Live Photo Gallery”. You open the link and it takes you to a fake Windows Live Photo Gallery sign in page that requests you to sign in using your Windows Live ID and password. You sign in and as the page is fake, your username and password goes to the hacker and the next page you see is either a page saying “Page Not Found” or “You got owned”.
Whenever you get such an email, always check the URL on the URL bar and see if it belongs to the original site whose credentials you are going to enter.
2) Keylogging & Spyware
Keyloggers are programs installed on a computer that store the keystrokes inputted by the user. It is scheduled and hidden. Every time you turn on your computer, the key logger starts running in the background invisibly and you won’t even be able to notice. The key strokes are logged (stored) in a file and that file is then automatically sent to the hacker when user connects to the internet. The hacker looks in the key logs (the file that stores the keystrokes) and extract the password that you entered to log in at a website.
A key logger can be installed on a computer by running a program that is apparently a safe software but, when executed, invisibly installs the key logger program on your computer. Generally, such a software can be a free game, an executable animation file or any other utility software (like “Cartonize your profile picture”).
Software like key logging is known as “spyware”. Spyware is not limited to just storing key strokes. A powerful spyware can also allow hacker to get full access to the data and storage, take the screenshots or view the live desktop.
Following is an example of keylogger log file.
The super tip for the safety against Key loggers & spywares is to keep your antivirus and antispyware updated. Also do not run programs that you have downloaded from untrusted sources. Whenever you are trying to install a spyware, a good security software(antivirus or antispyware) will notify you immediately about the risk.
3) Secret question guessing
Most of the websites require use to write a secret question and answer that they can use to recover the identity incase they forget the password. If you fill a secret question and answer that that is not so secret, like “My first pet name”, the one who knows your first pet name has no problem to reset your password and steal your identity.
Always fill your secret question that is very secret to you and you are taking it to grave.
4) Cookie sniffing on an unsecured network
Cookie is a file stored on your computer when you login to a website. This file contains the identity data that you use to login. Whenever you access a webpage on a website that requires identity, the cookie is also sent with the request that tells the website to authorize this specific user. For example when you login to Facebook and every time you access the services(like opening a profile or commenting on a photo) the cookie is sent with the request that tells Facebook about your identity.
When you connect to an unsecured network, you are exposed to the risk of cookie sniffing. For example you are connected to a public Wi-Fi network that is unsecure. Any user on that network has the ability to monitor all the data being transferred between the Wi-Fi device and the users connected to it. When the data transferred on a network is captured and monitored, it’s called “Data packet sniffing”. Cookies can be captured by packet sniffing and the hacker can easily attach your cookie with their requests and login to a website using your identity.
The most common software used for packet sniffing is WireShark. There is a another powerful tool that is a Firefox extension and is , surprisingly, very easy to use. It’s called FireSheep. You just have to run it on an unsecure network and it automatically captures the cookies. With a single click, you are able to sign in to the accessed website using someone else’s identity. Following screenshot show’s how FireSheep looks in action.
The safety tip is to avoid connecting to unsecure networks. Here is how an unsecure network is notified on Windows:
[image via Windows 7 help & how to]
If it is necessary to use the internet on an unsecured network, avoid signing in to websites that do not have a security certificate.
Notice the green box with lock icon and reading “Microsoft Corporation [US]”. It represents a security certificate that encrypts the data transfer to enhance security.
5) Telling your friends gone bad and bad boyfriends/girlfriends
Most of us tell their passwords to the people that are very close to our lives. If these people go evil, they can mess up with our online identity. Not everyone is evil this is one of the common cause of identity theft.
Always remember your secret question and answer. At least do not share your secret question and answer with anyone. Immediately change the password when you stop trusting a person who knows it.
6) Letting a stranger machine to remember your password.
Whenever you use a computer that doesn’t belong to you. You may sign in to a website allowing it to remember your password. You might not get a chance to sign-out (for example there is a power failure and the system shutdowns improperly) and you will remained signed in when someone else uses that machine.
Always use private browsing feature of a web browser. Even if the computer is improperly shut down, the browser will never remember your usernames and passwords. In private browsing, the computer forgets all the signed in sessions as soon as the web browser is closed. Following is the guide to access the private browsing mode in 3 famous web browsers:
Google Chrome: Tools > New Incognito Window. Or simply press Ctrl + Shift + N
Mozilla Firefox: Tools > Start Private Browsing. Or simply press Ctrl + Shift + P
Internet Explorer: Tools > Safety > InPrivate Browsing. Or simply press Ctrl + Shift + P