How to stop getting hacked

19 Apr 2017

Recently, I’ve noticed some of my friends getting hacked on Facebook and other platforms. So, I’ve compiled a list of possibilities based on my own experiences:

1. Let’s say you are reading an article from a malicious site. The author could create it so that it opens a tab automatically with a fake Facebook login page with the url facebook.com/APP_ID/…. . This Facebook hack is most often implemented using this Facebook developer app method.

1. The Facebook user gives vast permissions to a Facebook app which allows the developer to submit posts and read/send messages. The Facebook user probably didn’t read the permissions they were giving to the app and just pressed “allowed”.

Screenshot of the Facebook Write Post Permission

Screenshot of the Open Facebook General Permissions Page

If you think you’ve fell for one of these traps, do the following:

1. Change your password!
2. Revoke the app’s access through this method.

I myself have been hacked many times on the web. Through the past few years, I’ve been trying to learn how black hat hackers operate by delving through the black hat forums. I’ve also had the opportunity to learn a lot about system securities and Cisco networking through the Cyberpatriot program.

Thus, based on my experience, I thought of three key tips that will help any web user learn how to protect themselves from hackers:

1. Always make sure to check the url when you are logging into something if you are on a public network (ex: Starbucks Free WiFi). A dead giveaway is if the site doesn’t have the secure green lock in the left of the url box which means it’s not encrypted with HTTPS or SSL. If you don’t use a secure protocol like HTTPS or SSL, that could lead to a potential hack through data interception. Hackers use networking tools like Wireshark and Network Miner to read through the data transmitted on a current router. HTTPS or SSL would encrypt this data to prevent people to see sensitive data. If you are interested in the finer details of this, check out this article by Case Western University on identifying insecure website.

Screenshot of the URL bar of a site which uses HTTPS and SSL

Screenshot of the URL bar of a site which doesn’t use HTTPS or SSL

1. Double check what permissions you give sites. For example, a common thing teens use is Facebook friendship apps like this “Who will you marry?” site. This gives them access to potentially a lot of data that they can mine which could enable them to guess your password. For google apps, there are permissions that allow the app to take total control of your account (send/read emails). So, be careful!
2. Don’t trust anybody on the web! The most common tactic by hackers is social engineering. They usually first gain your trust and gains some personal information which then allows the hacker to get access to your account(s) through methods like bruteforcing.
3. Don’t run any suspicious exe or packages on your computer without running it through antivirus. I recommend Malwarebytes and AVG.