Top five ways people are getting hacked

Identifying the top five ways people are getting hacked right now has been tough because each industry has its own unique weaknesses that can be used to steal user credentials. For instance, in the retail sector, most users are affected by card skimming or POS attacks. On the other hand, these kinds of hacks are not common in healthcare.

The Verizon 2016 Data Breach Investigations Report (DBIR) was released earlier this year. The insights it offers are based on research from 67 organizations in 82 countries, covering over 100,000 security incidents and analyzing 2,260 breaches. From this report and other relevant sources, I have compiled the top five ways users are getting hacked (in no specific order).

1. Password Reuse

We recently wrote about protecting users from password reuse attacks – that’s when hackers use exposed credentials from a breach (like the LinkedIn one), to attempt to hack into other services in the hope the user has re-used the same username/password combination in other places. In many cases, they have.

Make sure you have a unique and strong password for each login. It makes it harder for you to remember each one, so you should use a password manager. But the main objective is that it also makes it much harder for a hacker to get in.

2. Brute force attack

63% of confirmed data breaches involved leveraging weak, default or stolen passwords.

It takes less than a second to crack a simple password like ‘12345’ or ‘password’, so it’s no surprise that password hacking is one of the top ways people get hacked. Even Mark Zuckerberg recently proved he’s not above using a simple password like ‘dadada’ (and not just on one site, he reused it across a few).

When it comes to passwords here are two good resources: 5 tips to create strong passwords and this cool app to test your password strength.

3. Social Engineering techniques – phishing, spear phishing, vishing, whaling, and privilege misuse.

Almost a third (30%) of phishing messages were opened…And 12% of targets went on to open the malicious attachment or click the link.

Social engineering is a very common way for your users’ credentials to be compromised at the moment. You may receive an email from what seems to be a service provider you use or a colleague you trust, asking you to click a link and login to your account, or asking for private information. It seems totally legit, so you hand over your credentials and: Account Compromised!

4. Physical Theft – work, car, and home

39% of theft is from victims’ own work areas, and 34% from employees’ personal vehicles.

Not a high tech hack by any means but still ranking up there in the top five ways you can accidentally hand your login information over to the wrong people. Especially if you keep your passwords on a post-it note next to your PC.

5. Downloading malware – email attachments, websites serving up drive-by downloads, emails linking to pages with drive-by code installs

30,000 websites are infected with malware every single day – Forbes

If you download malware via an email attachment, a link in an email, or by visiting the wrong website, you could end up with Ransomware, a key logger, or malicious code installed on your device. Best way to avoid this situation is to check with the person who sent the email that the link or attachment is okay before you open/click it, and don’t download anything from a website you don’t trust. (Just don’t download anything.)

So there you have it! Hopefully you’re following best practices, and none of the above is news to you. But share this with your colleagues, friends, and family, who may need a friendly reminder. And tell us your own experiences with online safety in the comments below!