Not all cyber crimes require master hacking skills and sophisticated software, but it doesn’t mean they are less dangerous or harmful. In fact, some hackers manage to access sensitive information and seize millions of dollars from naive victims with minimum effort. Here are top 5 easy (but serious) cyber attacks that lazy hackers like – learn how to recognize and avoid them.
1. The fake browser locker
So it goes like this: you are browsing the web, and suddenly your browser is locked. Now instead of the content of a website, you see a blue page warning that your computer is infected.
Although this page may look similar to Windows Blue Screen of Death (BSOD), which appears when the system crashes, it is nothing but a lazy scam, based on very simple entry-level code. It simulates your device having a breakdown so that you panic and call a fake help center. As Microsoft states on its Malware Protection Center blog, “Real error messages from Microsoft do not include support contact details. Instead, they will provide you with an error code and instructions to search for more information.”
What can you do about it? If you encounter the blue screen, try force quitting the locked browser, but never ever call the number provided.
2. Macro malware
Malicious code is usually hidden in MS Word or Excel documents that are often sent as “secure” email attachments. If you try to open this kind of document, you will be nicely asked to enable macros so that the content of this document can be displayed. Once you do this, a malicious macro will infect your device with malware.
What can you do about it? It’s simple as that: don’t enable macros, no matter how nicely a pop-up message asks you. Furthermore, do not open or download any attachments from an unknown sender.
3. DDoS attacks
One day your security staff receives an email saying that a massive DDoS (Distributed Denial of Service) attack will hit the company’s websites if a Bitcoin ransom is not paid to the hackers in a given amount of time. With DDoS bots on sale, these cyber attacks don’t require much knowledge or hacking skills and are quite common.
Sometimes hackers can launch a “demo DDoS” to prove they are serious, but most of the time they simply send threatening emails and expect recipients to believe. While most of the targets do not fall for this scam, there are still many victims who agree to pay the extortion fee.
What can you do about it? Don’t pay. Even though not all the threats are empty and some hacker groups actually follow on their intentions, paying the ransom won’t help you. What is more, there’s no guarantee they won’t come back again. Instead, prepare to handle DDoS attacks and consider implementing DDoS protection.
4. SQL (Structured Query Language) injection
The SQL injection is a type of attack when a malicious SQL statement is inserted into an entry field for execution. Instead of entering user’s login and password, the hacker inserts a manipulated SQL command, which tricks an unsecured database to approve unauthorized login. With the doors wide open, the attacker now has access to sensitive data that is stored in the database and can even modify or delete its records.
This old hacking technique was first discussed around 20 years ago and any cybersecurity expert should know how to avoid it. Therefore, it’s strange how hackers still manage to pull it off successfully.
What can you do about it? Ssince this is a well-known attack, you can find a comprehensive guide on how to avoid it.
5. Corporate phishing
Business email compromise (BEC) is a type of scam where a hacker impersonates a foreign supplier or an executive and tricks a company into transferring their funds to a fraudulent bank account.
These attacks usually begin with a cyber criminal phishing a company’s executive to get access to their inbox. Some diligent hackers will also do some research on the company and its employees to make their fake emails more convincing. Apparently, this lazy hacking scheme is working better than you could expect: according to the Federal Bureau of Investigations, BEC schemes have already cost victims more than $5 billion since 2013.
What can you do about it? Teach your staff how to spot and avoid phishing. Be suspicious of email messages that urge to make a transfer quickly. Secure your accounts with two-factor authentication. If you receive an unusual request, it’s always better to double check.
In most of cases reliable security tools can help, such as a VPN, which encrypts your internet traffic so that no hacker can access your sensitive information. Combined with awareness and common sense, it makes a powerful security shield from nefarious criminals and other major online threats.
Did you find these tips useful? Let us know in the comments below.