Internet is everywhere and used for everything online starting from browsing at home, checking emails to product search, online banking and what not. Hackers use vulnerabilities to get access to the private data to launch cyber-attack on other users. Insufficient security mechanism and application vulnerabilities motivate the hackers apart from monetary benefits. From the research conducted on the pattern on cyber-attack it was found that 30% of all attacks are on the Computing services. 14% on retail industry, 9% on Health sector, 8% on media and entertainment and around another 8% on financial service sector. It is believed that there are half a million cyber-attack attempts in the world every minute.
Secure browsing means paying attention to many different controls and Vulnerability in the web browser. Information security vulnerabilities are weaknesses that expose an organization to risk. Understanding your vulnerabilities is the first step to safeguard against internet threats. Usually these vulnerabilities come from Cookies and plug-ins.
There are two type of cookies – first party cookie and third party cookie. First party cookies are placed by the site you visit and is frequently used to remember your login information for fast access to your account details. Third party cookies are placed by other sites for affiliate marketing purpose.
Plug-ins constantly contains security flaws and is therefore frequently updated. Some of the most commonly used plug-ins is Flash Player, Java.
Flash-player is a widely spread freeware which is used for programming and displaying multimedia and interactive contents. Due to its high reach, flash player is a popular target for attackers which results in constantly new security holes.
Fake Websites looks similar to the actual websites including those with login forms. It is not possible for a victim to differentiate between a fake and regular site only by the look and feel of a website which prompt many user to submit their user id & passwords and as a result login credentials are sent to the hackers automatically which can take over your online account. After that you can image what they can do.
Always be alert to ensure that you are on the correct website when entering you online banking and other financial credentials. Financial service sector i.e. Bank employee will never ask you about your online banking user id and password details.
Fortunately there are a lot of easier ways to identify fake websites:
Check the web address (URL) and look for suspicious spellings in the domain name. For example bankofJapan.com might show BonkofJapan.com on Web browser (notice alphabet o instead of a in bank). It is advised to always go to the original website directly instead of clicking the URL link in some other website. Secondly, never click on the suspicious links.
Financial sector website normally has integrity protection like a site lock or using https for login and payments. Always use the latest version of web browser
As I mentioned earlier there are various vulnerabilities in the compromised websites
A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. It is piece of code which is placed in the path of execution of another program. When the user starts the original program, than the virus executes itself. After that it replicates on its own and infect other programs, libraries and the boot sector by replacing executable files with the virus infected files. Since a virus is spread by human action so people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.
Get Norton Security Software for 3 devices just $29.99 (Original Price $69.99)
Worms: Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. A worm does not need a host file to spread. It spreads itself automatically by replicating over the computer network including internet.
Trojan Horse: If does not replicate itself. It pretend to be another program. When user open that file, they do not know that they are executing a malicious program. So in contrast to a work or a virus, the Trojan horse has to be executed by the user actively.
Phishing is part of social engineering where a scammer pretends to be a legitimate person and sends out a message that tries to trick a victim into revealing personal or financial information. Usually in phishing attacker send messages via email or social networking sites. Those messages contain a link that will take the victim to a fake website after clicking on them. Those fake sites look like original and encourage the victim to enter their personal data which is then used by the hackers for hacking.
Web Certificates are used to certify the authenticity of web site that will be surfed. You might have noticed https protocol at the beginning of a web address which means your communication to the web server is encrypted and no one can intercept your message via man-in-middle attack. If the server has the highest level of authentication than the address bar in the browser will turn green which means its trustable websites because the verification process to confirm the authenticity and ownership is very strict and accurate.
Fake websites usually use expired security certificates or certificate from different website. You can check fields like ‘valid from’ and ‘valid to’ after clicking on Site lock in address bar and view certificate. Subject field will show the source of certificate .i.e. website it belongs to.