How Do Hackers Steal Personal Data From Your Devices?

Technology is a powerful tool. It keeps us connected to the world around us, helping us stay on top of current events, banking and admin, providing us with access to a wealth of information. But did you know that the very technology we rely on so heavily can also make us easy targets for hackers? 

Hackers have highly diverse motives. Some are just tech-savvy thieves with money as their motive, but that’s not always the case! There are those hackers who are out to pull publicity stunts or fight for a worthy (or not so-worthy) cause, while others simply want to practice their hacking skills because they’re curious or just want to have fun. 

Whatever the motivation, the reality is that hackers can potentially steal your personal information or even take control of your device using malware or other methods.

If you’re not careful, your personal data could be at risk. So, how can you protect yourself from hacker attacks? Read on to learn more.

Hacking Techniques – How Can Your Device Be Hacked?

There are a number of ways in which your devices can be hacked. Let’s go through a few of these techniques.

Social Engineering

Social engineering is a tricky one! Hackers can manipulate you by posing as someone you know and compelling you to take action if they want to steal information from your account. A good example is when hackers send out links in the guise of hacked social media profiles, appealing for you to urgently sign-in or risk losing personal photos/videos stored on the platform. 

These targeted emails tend to have more success at fooling people than traditional junk mail because it doesn’t require much effort to convince people.

Keylogger

This application secretly spies on its victim, capturing every keystroke they type, including passwords for websites or sites from within programs like Microsoft Word. Basically, Keyloggers record everything you enter via your keyboard! 

It’s important to remember that a computer-based Key Logging Device (KLD) can be introduced via software (through a link that you click on) or through hardware devices placed into the computer (if the hacker has physical access). 

Public Wi-Fi Eavesdropping

Wi-Fi eavesdropping is the act of stealing information from those who connect to an unsecured public Wi-Fi network. Some hackers will name their hotspots after companies or shopping malls to make the connection seem secure, and because it’s free and feels safe, people are fooled! 

A free Wi-Fi connection with no password should always make you suspicious. If you’re caught by this technique, everything you do could be easily monitored – including getting hold of your passwords for online banking accounts, credit card numbers, contact information, and more. 

Browser Hijacking

Did you know that hackers can install malware right into your Internet browser without you knowing? 

This often happens when people click on unknown links or download apps from third-party stores that seem safe, which are infected with viruses that redirect traffic to sites controlled by cybercriminals. These criminals want access to all of your personal information so they can steal money from accounts, like credit cards or access your contact list to infect your connections.

IP Spoofing

Over 30 000 IP spoofing attacks take place every day around the world! 

IP addresses are used for location services, web browsing, and other online activities. These are unique numbers that appear on your computer screen when you visit websites or connect with friends through social media platforms, like Facebook and Instagram. What makes them so important is that this single piece of information instills trust in the system – without which there would be no way to determine whether incoming messages are coming from somewhere else within your own network (in which case we might not receive any updates), nor to ensure safety against possible attacks.

Domain Name System (DNS) Spoofing / Poisoning

A domain name is simply a website name, such as ‘www.google.com’ and the term ‘spoofing’ has to do with impersonation. In this case, a hacker’s computer impersonates a legitimate computer on a network.

Essentially, a hacker intercepts your search for a legitimate site, with a domain of their own and a copy of the site you intended to visit. Once you have landed on the page, they harvest your access information as you attempt to log in. 

The result of DNS poisoning is that any information you send is routed through the hacker before it gets to the web. This allows them to steal your passwords and access your accounts. 

Session Hijacking

In this case, hackers want to steal your cookies. While it sounds funny, ‘cookies’ refer to your personal information stored temporarily in your computer’s internet browser cache and are deleted after you leave the site. 

Once a hacker gets hold of your information, they can take over your browsing session. 

SIM Swap Fraud

Although this does involve stealing information from your device it does give thieves access to opportunities to override protective measures you have in place to keep your money safe. With a simple phone call, a hacker can pretend to be you and request your network provider to transfer all your information to their new control card. Once they have access to both accounts, they can retrieve the date of birth and personal identification numbers (PINs) associated with each account.

So, how do they get your information? Well unwittingly, we give it to them. That’s why it’s so important to be careful about what you share on social media. You could very well be giving hackers everything they need to impersonate you and get access to your SIM card, which they use to bypass 2FA and get the OTP(one time pin) code sent to their phone number. 

When the hacker has the verification code, they can link a new account to your investment, crypto wallet, or trading app, and wire funds out. They can also use the funds in your account to buy worthless shares from other scammers, thus enriching them and impoverishing you.

Tips To Stay Safe

1. Look for spelling or grammar errors in emails or information sent to you, especially when it’s meant to be from supposedly trusted sources.
2. Don’t click on links straight away – rather hover your mouse over the link to see if it matches the expected website address. 
3. Use legitimate next generation computer security software, and don’t click on anti-virus pop ups.
4. Make sure your security settings and systems are up to date.
5. Before you download an app – 
   • Check the permissions first
   • Look at the reviews and ratings
   • Don’t go via a third party app store
6. Don’t share sensitive information over a phone call or SMSs. 
7. If you receive an SMS requesting information, never call the number supplied, but rather use a number you have already, or get the number yourself so that you can verify that the request is legitimate. 
8. Be careful where and how you store information – it’s better to have some sort of encryption and authentication. 
9. Don’t leave devices unlocked and unattended.
10. Use strong passwords and do not update these regularly  That may sound counter intuitive but regularly updating your password is the best way to make sure you use bad and easily cracked passwords, rather use good password software and only update passwords as and when necessary. As a side note, don’t write your passwords down somewhere they can easily be found. Ideally, use a password manager with 2 Factor authentication.
11. Don’t connect to open, insecure or public Wi-Fi networks.

As the saying goes, prevention is better than cure. Unfortunately, in most instances, people only really take action once they have experienced the pain and frustration of being cyber attacked.

Talk to us today about making sure that you’re safe online – don’t wait until the cybercriminals have already caused havoc.