hacking | Technology Bloggers

In the analogue world, we identify ourselves by our national identity card which consists of basic information such as name, address, date of birth, and a unique ID number.

However this cannot be done in the digital world. Whenever you go online, even your name is not commonly used for identification. What commonly used is the username and password and these two are the basic criteria of a one-factor authentication.

The one-factor authentication is also known as ‘something you know’. Today we have more than one factor when it comes to authentication and it is applied by using a software or hardware device as part of your authentication. This make up the second factor and it is known as ‘something you have’. There is also third factor which is still not popularly used is the third factor or also known as ‘something you are’.
The reason of having so many factors in authentication is that the one-factor authentication is not sufficient for a sensitive transaction’s security. It is vulnerable to the traditional ‘Brute-Force’ attack that it is still useful today simply because computers today are extremely fast and it can even be done not only using CPU but also GPU.

The other weakness of one-factor authentication is that it is extremely vulnerable to ‘Password Reuse’ attack. There are not many users who change their password frequently or use different password for different online account. As a result, any username and passwords that are hacked can be possibly used from time to time on different website.

So now, do you perform your online banking transaction with just username and password? Think twice before you put your online banking account at risk.

Even for certain two factor devices, they are vulnerable to phishing attack. With the increasing cybercrime rate, we should focus more in our IT security. Especially for online banking account users, do think of your safety if you are still with one-factor authentication on that.

Phishing had been widely used at least half a decade ago but it still remains as one of the popular method to scam internet users. Just recently, thousands of Tumblr bloggers were affected by a phishing attack which caused their credentials such as username, passwords, and email addresses to be stolen. Many of us might still be wondering why there are so many victims out there even though we had been taught from time to time to stay aware of a phishing scam. There are five reasons here why phishing is still a popular trick and below are the reasons.

#1 – It tricks the victim with fear.

One of the most common method is to trick the victim by sending them an email and tell them that their internet banking account is being compromised and need to click on a link to resolve the issue. Once the user followed the link, the user will be redirected to some forged website that looks similar to the banking website which requires the user to input his/her username and password. Once that form is sent, all the data will be transmitted to the attacker controlled server. Users who have a large amount of cash in their banking account will be scared to see this mail and some of them will follow the mail to avoid their account being compromised.

#2 – It tricks the victim with special interest.

Some scammers use the scenario such as winning lottery or viewing adult material to create a temptation for the victim to click on a link that redirects to the phishing site. Just recently, Tumblr bloggers were asked to re-verify their accounts by entering the username and password in order to continue and view the adult content. At times, it is not always money related issue can relate to phishing scam, but also special interest as mentioned can relate to a phishing scam.

A typical scam: a persuader is put out, but just as you grip hold of it, the trap snaps shut on you

#3 – It is not a rocket science technology.

Phishing attack involves creating a forged website and it might be difficult to certain people. However if it is to compare to hacking a banking server, creating a forged website is not that complicated. Therefore many novice or intermediate scammers will choose to use the phishing method over any other method in their hacking project. In short, phishing is not mainly about technical skills but it is also about how good the hacker in luring his victim into a trap.

#4 – It can be launched via many types of communication channel.

Phishing can happen not only by simply building a forged website and anticipate for the victim to come to you. It can also involve sending emails to the victims to lure them to the forged website. Besides that, a phishing scam uses as well the manipulation of a URL and post it as a comment or forum to trick them to the forged website. Apart from using the computer knowledge to lure the victim, phishing can also be done via phone calls. The conclusion is this type of scam can be done via multiple channels and multiple techniques.

#5 – Compromising one account is not the end.

After stealing one’s credentials is not the end, but it can be the beginning. Why is it so? Internet users nowadays have many online accounts for instance Facebook, Twitter, and LinkedIn. In common, most users will use the same username and password for each of the account so that remembering them is not an issue. Hence this can lead to the users’ credentials that had been stolen can be used as well for other accounts by the scammers.

In conclusion, phishing can be an old technology but it is not an out-dated technology. There are still countless internet users who fell for this old technology. To have a better IT security, we should always stay focus and caution when using the internet and pay extra attention when something unusual occurred.

Technology Bloggers

Championing responsible innovation in partnership with the Bassetti Foundation