Monthly Archives: June 2018

GUIDANCE ON TECH SUPPORT SCAMS

Tech Support Scams are programs, web sites, or even unsolicited phone calls that try to scare you into calling a remote tech support number so that they can sell you unnecessary services. These scams use scare tactics such as falsely stating that your computer has a virus, that they work for Microsoft or Google and have detected malicious network activity, or that your computer is not properly activated and that you should call a remote tech support number to fix these issues.

Regardless of the method used to scare you into calling a remote tech support company, the goal is the same for these attackers; to scare you into purchasing their services even if you do not need them. Below we describe the various tech support scams and how they attempt to scare you into calling them.

If you have been affected by a tech support scam and have purchased services from them, I strongly suggest you contact your credit card company and dispute the charges.

Tech Support Scam Phone Calls

The oldest type of tech support scam is when a victim receives an unsolicited phone call from a remote tech support company who states that they are Microsoft, Google, or another large company.  The support company will state that they have detected malicious activity coming from your computer and that they are calling to help you resolve the problem.

They then ask you to install remote access software such as TeamViewer, Logmein, or GoToAssist so that they can access you computer remotely.  Once they have accessed the computer, they will show you harmless Windows alerts, but say that they indicate a problem. In some cases, these scammers will install malware or other malicious software in order to make it look like there is a serious problem on your computer.

Now that the scammers have you scared, they try to sell you costly remote tech support subscriptions. It goes without saying that you should not purchase anything from a remote tech support company that calls you of out nowhere.

Tech Support Scam Web Sites

A common tech support scam is when a new browser tab or windows will be displayed while you are browsing the web. This browser window will open to a site that displays fake security alerts, warnings, and errors in order to make you think that there is something wrong with your computer.  To make matters worse, it will use javascript code to display pop-up alerts that you are unable to close without shutting down the whole browser.

It is important to note that when you see a web page stating that your computer is infected, has a crash, or has some sort of security problem, you are not infected! This is only being shown to scare you into calling the listed tech support number.

Fake Tech Support Alert from a Web Site
Fake Tech Support Alert from a Web Site

As already said, these sites use javascript to display a pop-up alert that makes it so you cannot close the browser by clicking on the X in the browser window. Even worse, every time you close the alert, it automatically displays it again. In Chrome, you will be offered the option to not show the alert again, which will help get you out of this endless loop. For other browsers, you will need to use Windows Task Manager to terminate the process associated with your browser.

Tech Support Scam Programs

The last, and possibly most malicious, tech support scams are programs that when installed display fake alerts or messages in order to scare you into calling a remote tech support number. These infections will show screens such as fake Windows crashes, product activation screens, or security alerts about possible viruses.

In some cases, these programs will modify the Windows configuration so that instead of showing your normal Windows Desktop when you login to Windows, you will be shown a a fake Windows crash instead that contains a remote support number that you should call.

Fake Suspicious Activity Alert
Fake Suspicious Activity Alert

These types of tech support scam programs are typically bundled and installed with free programs that you download off of the Internet. Some less reputable developers will create programs and release them for free on the Internet. These programs, though, are not really free as the developers also bundle programs like tech support scams in order to generate revenue from referring sales to the tech support companies.

Therefore, it is important to read the End User License Agreement (EULA) whenever installing a program you download from the Internet. While installing the programs, you also need to pay attention to the prompts regarding what other software may be installed.

GUIDANCE ON SPYWARE

Spyware are programs that monitor a user’s web browsing activity and then report this information to a remote computer without the express permission of the user. This information would then be analyzed by the company to offer new services or advertisements to the end user. This information may also be sold to other companies for market analysis and the creation of targeted advertising campaigns. The term Spyware has also been expanded to include any application that phones home, or transmits data to a remote location, without your express permission or knowledge.

Malicious Spyware has also evolved to transmit personal data such as login names, account passwords, and other personal information to a remote location. This information will then be used for identity theft or other criminal activities. Spyware of this type are typically much more difficult to remove and tend to utilize other malware to protect itself from removal. These types of Spyware are those targeted by anti-spyware and anti-virus program.

The transmission of program usage, errors, and other information is also very common in legitimate applications. Companies, though, package this type of behavior in phrases such as helping them improve the program or to allow them to offer you a better end user experience by transmitting usage information back to them. The difference, though, is that these legitimate applications ask you first and allow you to opt of these types of programs. If you do not allow it, then the programs will not send any information to a remote location.

It is also not uncommon for Freeware programs to include Spyware and Adware in their programs as a way of generating revenue. Therefore, when downloading a program that is considered Freeware you should always read the program’s End User License Agreement, otherwise known as EULA. This license agreement should be shown before you install the software and will state whether or the program will transmit personal information from your computer to a remote location. From the information in the EULA, you can then decide whether or not you wish to install the program.

GUIDANCE ON ROOTKITS

A Rootkit is a program that attempts to hide itself, other files, or computer data so that they cannot be seen on the computer. Rootkits were first created for the Unix operating system where hackers would install a tool set that would replace common operating system files so that the system administrator could not detect their activities. As more advanced techniques were created, rootkits became even more stealthy by installing themselves in such a way that they are able to intercept commands on the operating system so that a user would only be shown what the rootkit wanted the user to see. This includes the ability to make it so files, directories, configuration files, and Windows Registry keys are invisible to a system administrator or user of the machine.

With this said, the success of a rootkit is its ability to remain undetected on a machine. Fortunately, most rootkits are not programmed well and tell-tale signs become apparent leading a user to investigate their machine more closely. With this in mind, anti rootkit programs, or ARKs, were created that allow you to scan your computer for programs that are possibly intercepting instructions on the computer, which is a big sign that a rootkit may be installed. Some of the more popular Windows ARKs are RootRepeal and GMER, which contain a graphical user interface that quickly allows you to scan your computer for potential rootkits. When using these programs, though, you need to make sure you interpret the results properly as false positives are common.

A few years ago, a rootkit was not commonly seen on computers unless purposely planted there by a hacker to hide their activity. As more and more malware is created for the purpose of making money through cyber crime, the criminals need a more advanced way to protect their interests. In many cases, these methods are the use of rootkits to hide the money-making malware and make it difficult for traditional anti-malware and anti-virus program to remove them. Some rootkits are used to generate money on their own by acting as Trojan installers and advertisement engines.

Though the vast majority of rookits are used for criminal purposes, rootkits have been used for what may be considered more legitimate reasons. For example, in 2005 Sony Music decided to use rootkit technology as part of their Digital Rights Management protection. Unfortunately, they did not publicly disclose this technology and when it was discovered that rootkit technology, that could easily have been abused, was in use, security professionals and users were quick to speak out strongly against it. Today rootkit technology is used within legitimate programs such as Alcohol 120% and Daemon tools in order to hide themselves from being seen by anti-piracy programs. Some anti-virus programs also use aspects of rootkit technology in order to protect your computers from viruses.

As you can see, rootkits are a powerful technique that unfortunately are being used more and more by malware to protect themselves. As we analyze new malware that comes out we find that it is now common to find rootkits bundled along with them. Therefore, it is important to be aware of how these files work and that you can discover them using the free ARK scanners described above.

GUIDANCE OF ROGUE PROGRAMS & SCAREWARE

A Rogue Program is a program that pretends to be a legitimate programs, but instead displays false information in order to trick or scare you into purchasing it. Most Rogue programs state that they are legitimate applications, but are typically clones of other lackluster products repackaged under new names and graphics. Most Rogue programs also use highly aggressive sales tactics which include adware, Trojans that display fake security alerts, or claims that they have won awards from major publications and companies. What it all boils down to, though, is that these types of programs are either deliberately deceptive or displaying numerous false positives in order to convince you to purchase their software.

This is because the single most important thing to the creators of Rogue software, is to sell as many copies as they can. That means that the people, or affiliates, who are selling this software can do so by any means. This ultimately leads to deceptive advertising and the use of malware to sell the software.

A common approach by Rogue programs is to display either fake results or exaggerated results when the program scans your computer. When the scan is finished you will be shown a list of legitimate files and Windows Registry keys that are flagged as security threats. In some cases, the Rogue programs actually create the files and Windows Registry keys on your computer so that they can be detected as malware.

Then in order to remove these threats, you must first purchase a license of the software. These fraudulent tactics are used to scare you purchasing this software. Now it should be noted that there is nothing wrong with a program requiring you to purchase it before it will remove any infections. It is wrong, though, to display false information to scare you into doing it.

Another common tactic used by Rogues is to advertise, or even directly install itself, through the use of malware. Rogues programs are typically introduced into your computer when a person visits pornographic or sites that offer copyrighted content.

In some cases you will be infected by just visiting these site, depending on what security updates are installed, and in other cases you must first run an executable. Either way, your computer will have malware installed that displays fake security alerts stating that you have some security risk and must install a piece of software, the Rogue, to remove it.

GUIDANCE ON RANSOMWARE

Ransomware infection is a program that ransoms the data or functionality of your computer until you perform an action. This action is typically to pay a ransom in the form of Bitcoins or another payment method.  When a computer is infected with ransomware the effects can be either a nuisance or devastating depending on what the infection does.  For example, many ransomware just lock you out of your computer, which can easily be fixed with the right tools.  Other ransomware, such as Crypto Ransomware,  are much more devastating as they will actually encrypt the data on your computer and require you to pay a ransom in order to decrypt your files.

Effects of a ransomware infection include:

  • Make it so that you can not execute programs other than ones required to pay the ransom.
  • Terminate any non-essential programs that may be running.
  • Encrypt your data so that you can no longer access it or open it with programs.
  • Remove your ability to browse the Internet other than to locations that will allow you to pay the ransom

Once you pay the requested ransom, the criminals may send you a code that you can input into the Ransomware program that then allows you to use your computer or decrypt your data. In some situations, though, even if you do pay the ransom, the criminals will just take your money and run, with you being left with your problem unresolved.

Though the loss of your data and computer can be devastating, sending the ransom could be even more so. Depending on how the criminals want you to pay the ransom could put you at risk for Identity Theft as the information you send may contain personal information. Therefore, we suggest that you never pay a ransom unless it is absolutely necessary for data recovery. For screenlockers you should never pay a ransom as there are always solutions to remove these infections without paying anything.

Last, but not least, it is important to remember that paying the ransom only continues to fuel the release of new variants of these types of programs.

GUIDANCE ON POTENTIALLY UNWANTED PROGRAMS (PUP)

Potentially Unwanted Program, or PUP, is a piece of software that you agree to install on your computer but, for most people, doesn’t provide any useful service.  These types of programs are typically bundled with free software that you download from the Internet. When installing the free programs you will also be prompted to install these other programs (PUPs) as well.  In many cases the information about these programs being installed will be hidden in lengthy End User License Agreements or in confusing installation scripts.  PUPs are bundled with a developer’s free software because the developer generates revenue for each of these programs that are installed on computer.  In fact, there are some developers that create small free utilities just so they can distribute them with PUPs in order to earn money.

Once installed, many of these programs can be difficult to remove and become more of a nuisance rather than a benefit. Many of them will display pop up ads, nag screens, or other types of alerts that are designed to convince you to purchase the software or perform some other actions. In some cases PUPs can be more damaging to a computer than traditional malware by causing application freezes, crashes, and other instability.

GUIDANCE ON BROWSER HIJACKER

A Browser Hijacker is a program that changes the home page or search settings of a web browser and makes it difficult to change it back.

There are many legitimate programs that make these types of changes as well, but they will allow you to switch back to a different setting if you wish. Browser Hijackers on the other hand will make it difficult for you to switch from the hijacked settings or not let you at all.

There are some hijackers that will modify Windows shortcuts without your knowledge to automatically load a particular web site when you start them. This could cause web sites to launch in programs that normally would not browse the web such as Microsoft Word.

Browser Hijackers are typically bundled with free programs that you download off of the Internet. These programs are free because they include adware programs, including browser hijackers, which generate revenue for the developer when they are installed.

Many hijackers can be removed by simply uninstalling them from the Add or Remove Programs or Uninstall Programs Windows control panel. Some are more tenacious and require anti-virus programs or specialized tools.

GUIDANCE ON ADWARE

A Adware program is one that displays advertisements on your computer or within the program itself. Just because a program is Adware, though, does not make it malicious in nature. In fact there are many legitimate programs, including games, that now display ads on your computer or within the software itself. These types of programs display these ads to generate further revenue for the developers or to promote other software that they may sell. One advantage of a legitimate Adware program is that you can sometimes download the software for free. Instead of the developers charging for the software they will display advertisements within them to cover the costs of development and to generate revenue they would normally get from selling the product. If you then wish to no longer see the advertisements, but would like to continue using the program, you can typically pay a registration fee to the developer. All of these legitimate types of Adware programs will contain an End User License Agreement that will explicitly state if and how advertisements will be shown through the software. When you uninstall these types of Adware, the program will be completely removed and will cease displaying advertisements on your computer. On the other hand, there are Adware programs that are considered malware or Potentially Unwanted Programs (PUP). These are programs that display advertisements on your computer without your permission or the knowledge of what program is generating them. They are also designed to make it harder to uninstall so that they can continue earning revenue through their advertisements. Malware Adware are computer infections that are typically installed on your computer through two methods. The first method is when these Adware programs pretend to be something innocuous so that you will download and install them, but once installed all they do is display ads. The other method is when they are installed without your permission or knowledge through Windows or software vulnerabilities on your computer. Adware of this type are the most difficult to remove and typically use protection mechanisms that make it hard to run security programs to assist in removing them. Adware that are classified as PUPs are typically bundled within other free programs that you download from the Internet. When you install the main program, the adware programs will be installed as well and will display advertisements on your computer. These programs will also not clearly delineate in the End User License Agreement how or when advertisements will be displayed.

Hacker Tools Top 10 – 2016 Update

Nmap (Network Mapper) | Free

Used to Scan Ports and Map Networks – and a whole bunch more!

Nmap is an abbreviation of ‘Network Mapper’, and it’s very well known free open source hackers tool. Nmap is mainly used for network discovery and security auditing. Literally, thousands of system admins all around the world will use nmap for network inventory, check for open ports, manage service upgrade schedules, and monitor host or service uptime. Nmap, as a tool uses raw IP packets in creative ways to determine what hosts are available on the network, what services (application name and version) those hosts are providing information about, what operating systems (fingerprinting) and what type and version of packet filters/ firewalls are being used by the target. There are dozens of benefits of using nmap, one of which is that fact that the admin user is able to determine whether the network (and associated nodes) need patching. Nmap’s been featured in literally every hacker movie out there, not least the recent Mr. Robot series. It’s also worth mentioning that there’s a GUI version of Nmap called ‘Zenmap’. We’d advise you to learn using Nmap (i.e. the ‘command line’) then rotate into Zenmap when you are feeling all confident.


Metasploit Penetration Testing Software | Free & Paid

Vulnerability Exploitation Tool

The Metasploit Project is a hugely popular pentesting or hacking framework. If you are new to Metasploit think of it as a ‘collection of hacking tools and frameworks’ that can be used to execute various tasks. Widely used by cybersecurity professionals and ethical hackers this is a tool that you have to learn. Metasploit is essentially a computer security project (framework) that provides the user with vital information regarding known security vulnerabilities and helps to formulate penetration testing and IDS testing plans, strategies and methodologies for exploitation. There’s a ton of incredibly useful Metasploit information out there and we hope that the books that we’ve chosen go someway to help you on your journey, not least if you are a beginner just starting out and looking for beginners tutorials in how to use Metasploit.


John The Ripper | Free

Password Cracking Tool

John the Ripper (often you’ll see abbreviated as ‘JTR’) wins the award for having the coolest name. John the Ripper, mostly just referred to as simply, ‘John’ is a popular password cracking pentesting tool that is most commonly used to perform dictionary attacks. John the Ripper takes text string samples (from a text file, referred to as a ‘wordlist’, containing popular and complex words found in a dictionary or real passwords cracked before), encrypting it in the same way as the password being cracked (including both the encryption algorithm and key), and comparing the output to the encrypted string. This tool can also be used to perform a variety of alterations to dictionary attacks. If you are somewhat confused between John the Ripper and THC Hydra then think of John the Ripper as an ‘offline’ password cracker whilst THC Hydra is an “online” cracker.


THC Hydra | Free

Password Cracking Tool

We’ve purposely placed THC Hydra underneath John The Ripper because they often go ‘hand-in’hand’. THC Hydra (we’ve abbreviated to simply ‘Hydra’ throughout our site) is a hugely popular password cracker and has a very active and experienced development team. Essentially THC Hydra is a fast and stable Network Login Hacking Tool that will use dictionary or brute-force attacks to try various password and login combinations against an log in page. This hacking tool supports a wide set of protocols including Mail (POP3, IMAP, etc.), Databases, LDAP, SMB, VNC, and SSH. Take a look at John the Ripper as well.


OWASP Zed | Free

Web Vulnerability Scanner

The Zed Attack Proxy (ZAP) is now one of the most popular OWASP projects. The fact that you’ve reached this page means that you are likely already a relatively seasoned cybersecurity professional so it’s highly likely that you are very familiar with OWASP, not least the OWASP Top Ten Threats listing which is considered as being the ‘guide-book’ of web application security. This hacking and pentesting tool is a very efficient as well as being an ‘easy to use’ program that finds vulnerabilities in web applications. ZAP is a popular tool because it does have a lot of support and the OWASP community is really an excellent resource for those that work within Cyber Security. ZAP provides automated scanners as well as various tools that allow you the cyber pro to discover security vulnerabilities manually. Understanding and being able to master this tool would also be advantageous to your career as a penetration tester. If you are a developer then you have it’s obviously highly recommended that you learn how to become very proficient with this ‘hacker tool!’


Wireshark | Free

Web Vulnerability Scanners

Wireshark is a very popular pentesting tool and for over a year it was not included on our list, however, by popular demand we added it in late June 2016. Wireshark essentially captures data packets in a network in real time and then displays the data in human-readable format (verbose). The tool (platform) has been highly developed and it includes filters, color-coding and other features that lets the user dig deep into network traffic and inspect individual packets. If you’d like to become a penetration tester or work as a Cyber Security practioner, then learning how to use Wireshark is a must. There are a ton of resources out there to learn Wireshark, and, of particular interest, there’s also a Wireshark Certification which you can achieve and place on your LinkedIn profile.


Aircrack-ng | Free

Password Cracking Tool

The Aircrack suite of Wifi (Wireless) hacking tools are legendary because they are very effectively when used in the right hands. For those new to this wireless-specific hacking program, Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking hacking tool that can recover keys when sufficient data packets have been captured (in monitor mode). For those tasked with penetrating and auditing wireless networks Aircrack-ng will become your best friend. It’s useful to know that Aircrack-ng implements standard FMS attacks along with some optimizations like KoreK attacks, as well as the PTW attacks to make their attacks more potent. If you are a mediocre hacker then youll be able to crack WEP in a few minutes and you ought to be pretty proficient at being able to crack WPA/ WPA2. For those interested in Wireless Hacking we’d also highly recommend taking a look at the very awesome Reaver, another very popular hacking tool that alas we couldn’t add to our list.


Maltego | Free & Paid

Digital Forensics

Maltego is different in that it works within a digital forensics sphere. Maltego is a platform that was designed to deliver an overall cyber threat picture to the enterprise or local environment in which an organization operates. One of the awesome things about Maltego which likely makes it so popular (and included in the Kali Linux Top Ten) is its’s unique perspective in offering both network and resource based entities is the aggregation of information sourced throughout the web – whether it’s the current configuration of a vulnerable router within a network or the current whereabouts of your staff members on their international visits, Maltego can locate, aggregate and visualize this data! For those interested in learning how to use Maltego we’d also recommend learning about OSINT cybersecurity data procurement.


Cain and Abel Hacking Tool | Free

Password Cracker/ Password Hacking

Cain and Abel (often simply abbreviated to Cain) is a hugely popular hacking tool and one that is very often mentioned online in a variety of ‘hacking tutorials’. At its’ heart, Cain and Abel is a password recovery tool for Microsoft Windows but it can be used off-label in a variety of uses, for example, white and black hat hackers use Cain to recover (i.e. ‘crack’) many types of passwords using methods such as network packet sniffing and by using the tool to crack password hashes. Cain, for example, when used to crack password hashes would use methods such as dictionary attacks, brute force, rainbow table attacks and cryptanalysis attacks.


Nikto Website Vulnerability Scanner | Free

Website Vulnerability Scanner Hacking Tool

Nikto is another classic ‘Hacking Tool’ that a lot of pentesters like to use. Worth mentioning that Nickto is sponsored by Netsparker (which is yet another Hacking Tool that we have also listed in our directory). Nikto is an Open Source (GPL) web server scanner which is able to scan and detect web servers for vulnerabilities. The system searches against a database of over 6800 potentially dangerous files/ programs when scanning software stacks. Nikto, like other scanners out there, also scans for outdated (unpatched) versions of over 1300 servers, and version specific problems on over 275 servers. Interestingly, Nikto can also check server configuration items such as the presence of multiple index files, HTTP server options, and the platform will also try to identify installed web servers and web applications. Nikto will get picked up by any semi-decent IDS tool so its’ really useful when conducting a white-hat/ white-box pentest. Certainly a great tool to learn your skills on when attacking an open box for training.

What To Do When Your Email Gets Hacked

Step #1: Change your password

The very first thing you should do is keep the hacker from getting back into your email account. Change your password to a strong password that is not related to your prior password; if your last password was billyjoe1, don’t pick billyjoe2—and if your name is actually BillyJoe, you shouldn’t have been using your name as your password in the first place.

Try using a meaningful sentence as the basis of your new password. For example, “I go to the gym in the morning” turns into “Ig2tGYMitm” using the first letter of each word in the sentence, mixing uppercase and lowercase letters and replacing the word “to” with “2.”

Step #2: Reclaim your account

If you’re lucky, the hacker only logged into your account to send a mass email to all of your contacts.

If you’re not so lucky, the hacker changed your password too, locking you out of your account. If that’s the case, you’ll need to reclaim your account, usually a matter of using the “forgot your password” link and answering your security questions or using your backup email address.

Check out the specific recommendations for reclaiming possession of your account for Gmail, Outlook.com and Hotmail, Yahoo! and AOL.

Step #3: Enable two-factor authentication

Set your email account to require a second form of authentication in addition to your password whenever you log into your email account from a new device. When you log in, you’ll also need to enter a special one-time use code the site will text to your phone or generated via an app.

Check out two-step authentication setup instructions for Gmail, Microsoft’s Outlook.com and Hotmail, AOL and Yahoo!.

Step #4: Check your email settings

Sometimes hackers might change your settings to forward a copy of every email you receive to themselves, so they can watch for any emails containing login information for other sites. Check your mail forwarding settings to ensure no unexpected email addresses have been added.

Next, check your email signature to see if the hacker added a spammy signature that will continue to peddle their dubious wares even after they’ve been locked out.

Last, check to make sure the hackers haven’t turned on an auto-responder, turning your out-of-office notification into a spam machine.

Step #5: Scan your computer for malware

Run a full scan with your anti-malware program. You do have an anti-malware program on your computer, right? If not, download the free version of Malwarebytes and run a full scan with it. I recommend running Malwarebytes even if you already have another anti-malware program; if the problem is malware, your original program obviously didn’t stop it, and Malwarebytes has resolved problems for me that even Symantec’s Norton Internet Security wasn’t able to resolve. Scan other computers you log in from, such as your work computer, as well.

If any of your scans detect malware, fix it and then go back and change your email password again (because when you changed it in step #1, the malware was still on your computer).

Step #6: Find out what else has been compromised

My mother-in-law once followed the ill-advised practice of storing usernames and passwords for her various accounts in an email folder called “Sign-ups.” Once the hacker was into her email, he easily discovered numerous other logins.

Most of us have emails buried somewhere that contain this type of information. Search for the word “password” in your mailbox to figure out what other accounts might have been compromised. Change these passwords immediately; if they include critical accounts such as bank or credit card accounts, check your statements to make sure there are no suspicious transactions.

It’s also a good idea to change any other accounts that use the same username and password as your compromised email. Spammers are savvy enough to know that most people reuse passwords for multiple accounts, so they may try your login info in other email applications and on PayPal and other common sites.

Step #7: Humbly beg for forgiveness from your friends

Let the folks in your contacts list know that your email was hacked and that they should not open any suspicious emails or click on any links in any email(s) that recently received from you. Most people will probably have already figured out that you were not really the one recommending they buy Viagra from an online pharmacy in India—but you know, everyone has one or two friends who are a little slower to pick up on these things.

Step #8: Prevent it from happening again

While large-scale breaches are one way your login information could be stolen—last month, 500 million Yahoo accounts were hacked and there’s evidence the number could actually be more than 1 billion—they’re certainly not the only way.  Many cases are due to careless creation or protection of login information.

A look at Splash Data’s worst passwords reveals people still choose common passwords and passwords based on readily available information, making their accounts hackable with a few educated guesses. Easy passwords make for easy hacking, and spammers use programs that can cycle through thousands of logins a second to identify weak accounts.

Picking a strong password is your best protection from this type of hacking. It also is prudent to use a different password for each site or account, or, at the very least, use a unique password for your email account, your bank account and any other sensitive accounts. If you’re concerned about keeping track of your passwords, find a password management program to do the work for you.

Limit the amount of personal information you share publicly on social media. Hackers use this publicly available personal information to help answer security questions that protect your accounts.

Bookmark websites that you use frequently to access personal information or input credit card information. This will prevent you from accidentally landing on a site that hackers set up to catch people mistyping the site address.

 

This Is To Alert Users To Be Alerted From Getting Emails Hacked.

Stay Alert Stay Safe.