{"id":412605,"date":"2022-03-06T00:00:00","date_gmt":"2022-03-05T21:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/"},"modified":"2022-03-06T00:00:00","modified_gmt":"2022-03-05T21:00:00","slug":"how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/","title":{"rendered":"#How Attackers Actually \u201cHack Accounts\u201d Online and How to Protect Yourself"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2f20649eae5\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2f20649eae5\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/#%E2%80%9CHow_Attackers_Actually_%E2%80%9CHack_Accounts%E2%80%9D_Online_and_How_to_Protect_Yourself%E2%80%9D\" >&#8220;How Attackers Actually \u201cHack Accounts\u201d Online and How to Protect Yourself&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/#Reusing_Passwords_Especially_Leaked_Ones\" >Reusing Passwords, Especially Leaked Ones<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/#Keyloggers\" >Keyloggers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/#Social_Engineering\" >Social Engineering<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/#Answering_Security_Questions\" >Answering Security Questions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/#Email_Account_and_Password_Resets\" >Email Account and Password Resets<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/buradabiliyorum.com\/en\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/#What_Password_%E2%80%9CHacking%E2%80%9D_Isnt\" >What Password \u201cHacking\u201d Isn\u2019t<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CHow_Attackers_Actually_%E2%80%9CHack_Accounts%E2%80%9D_Online_and_How_to_Protect_Yourself%E2%80%9D\"><\/span>&#8220;How Attackers Actually \u201cHack Accounts\u201d Online and How to Protect Yourself&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<!-- UNCACHED CONTENT --><br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" data-pagespeed-lazy-srcset=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2013\/08\/silly-hacker-stock-photo.jpg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.howtogeek.com\/wp-content\/uploads\/2013\/08\/silly-hacker-stock-photo.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2013\/08\/silly-hacker-stock-photo.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"650\" height=\"300\" border=\"0\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>People talk about their online accounts being \u201chacked,\u201d but how exactly does this hacking h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>en? The reality is that accounts are hacked in fairly simple ways \u2014 attackers don\u2019t use black magic.<\/p>\n<p>Knowledge is power. Understanding how accounts are actually compromised can help you secure your accounts and prevent your passwords from being \u201chacked\u201d in the first place.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Reusing_Passwords_Especially_Leaked_Ones\"><\/span>Reusing Passwords, Especially Leaked Ones<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Many people \u2014 maybe even most people \u2014 reuse passwords for different accounts. Some people may even use the same password for every account they use. This is extremely insecure. Many websites \u2014 even big, well-known ones like LinkedIn and eHarmony \u2014 have had their password databases leaked over the past few years. Databases of leaked passwords along with usernames and email addresses are readily accessible online. Attackers can try these email address, username, and passwords combinations on other websites and gain access to many accounts.<\/p>\n<p>Reusing a password for your email account puts you even more at risk, as your email account could be used to reset all your other passwords if an attacker gained access to it.<\/p>\n<p>However good you are at securing your passwords, you can\u2019t control how well the services you use secure your passwords. If you reuse passwords and one company slips up, all your accounts will be at risk. You should use different passwords everywhere \u2014 a password manager can help with this.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Keyloggers\"><\/span>Keyloggers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Keyloggers are malicious pieces of software that can run in the background, logging every key stroke you make. They\u2019re often used to capture sensitive data like credit card numbers, online banking passwords, and other account credentials. They then send this data to an attacker over the Internet.<\/p>\n<p>Such malware can arrive via exploits \u2014 for example, if you\u2019re using an outdated version of Java, as most computers on the Internet are, you can be compromised through a Java applet on a web page. However, they can also arrive disguised in other software. For example, you may download a third-party tool for an online <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a>. The tool may be malicious, capturing your game password and sending it to the attacker over the Internet.<\/p>\n<p>Use a decent antivirus program, keep your software updated, and avoid downloading untrustworthy software.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2013\/08\/key-logger.jpg?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"650\" height=\"433\" border=\"0\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Social_Engineering\"><\/span>Social Engineering<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Attackers also commonly use <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social<\/a> engineering tricks to access your accounts. Phishing is a commonly known form of social engineering \u2014 essentially, the attacker impersonates someone and asks for your password. Some users hand their passwords over readily. Here are some examples of social engineering:<\/p>\n<ul>\n<li>You receive an email that claims to be from your bank, directing you to a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/11288\/what-is-typosquatting-and-how-do-scammers-use-it\/\">fake bank website with a very similar-looking URL<\/a> and asking you to fill in your password.<\/li>\n<li>You receive a message on Facebook or any other social website from a user that claims to be an official Facebook account, asking you to send your password to authenticate yourself.<\/li>\n<li>You visit a website that promises to give you something valuable, such as free games on Steam or free gold in World of Warcraft. To get this fake reward, the website requires your username and password for the service.<\/li>\n<\/ul>\n<p>Be careful about who you give your password to \u2014 don\u2019t click links in emails and go to your bank\u2019s website, don\u2019t give away your password to anyone who contacts you and requests it, and don\u2019t give your account credentials to untrustworthy websites, especially ones that appear too good to be true.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" style=\"background-image: none; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-width: 0px;\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2013\/08\/phishing-email.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"650\" height=\"462\" border=\"0\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Answering_Security_Questions\"><\/span>Answering Security Questions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Passwords can often be reset by answering security questions. Security questions are <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/general\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"General\" target=\"_blank\" rel=\"noopener\">general<\/a>ly incredibly weak \u2014 often things like \u201cWhere were you born?\u201d, \u201cWhat high school did you go to?\u201d, and \u201cWhat was your mother\u2019s maiden name?\u201d. It\u2019s often very easy to find this information on publicly-accessible social networking sites, and most normal people would tell you what high school they went to if they were asked. With this easy-to-get information, attackers can often reset passwords and gain access to accounts.<\/p>\n<p>Ideally, you should use security questions with answers that aren\u2019t easily discovered or guessed. Websites should also prevent people from gaining access to an account just because they know the answers to a few security questions, and some do \u2014 but some still don\u2019t.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Email_Account_and_Password_Resets\"><\/span>Email Account and Password Resets<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>If an attacker uses any of the above methods to gain access to your email accounts, you\u2019re in bigger trouble. Your email account generally functions as your main account online. All other accounts you use are linked to it, and anyone with access to the email account could use it to reset your passwords on any number of sites you registered at with the email address.<\/p>\n<p>For this reason, you should secure your email account as much as possible. It\u2019s especially important to use a unique password for it and guard it carefully.<\/p>\n<p><img decoding=\"async\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2011\/06\/passwordbreach.jpg?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"What_Password_%E2%80%9CHacking%E2%80%9D_Isnt\"><\/span>What Password \u201cHacking\u201d Isn\u2019t<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Most people likely imagine attackers trying every single possible password to log into their online account. This isn\u2019t happening. If you tried to log into someone\u2019s online account and continued guessing passwords, you would be slowed down and prevented from trying more than a handful of passwords.<\/p>\n<p>If an attacker was capable of getting into an online account just by guessing passwords, it\u2019s likely that the password was something obvious that could be guessed on the first few tries, such as \u201cpassword\u201d or the name of the person\u2019s pet.<\/p>\n<p>Attackers could only use such brute-force methods if they had local access to your data \u2014 for example, let\u2019s say you were storing an encrypted file in your Dropbox account and attackers gained access to it and downloaded the encrypted file. They could then try to brute-force the encryption, essentially trying every single password combination until one works.<\/p>\n<p><strong>RELATED:<\/strong> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.cloudsavvyit.com\/11288\/what-is-typosquatting-and-how-do-scammers-use-it\/\"><strong><em>What is Typosquatting and How Do Scammers Use it?<\/em><\/strong><\/a><\/p>\n<hr\/>\n<p>People who say their accounts have been \u201chacked\u201d are likely guilty of re-using passwords, installing a key logger, or giving their credentials to an attacker after social engineering tricks. They may also have been compromised as a result of easily guessed security questions.<\/p>\n<p>If you take proper security precautions, it won\u2019t be easy to \u201chack\u201d your accounts. Using two-factor authentication can help, too \u2014 an attacker will need more than just your password to get in.<\/p>\n<p><small>Image Credit: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"http:\/\/www.flickr.com\/photos\/robbie73\/4853086176\/\">Robbert van der Steeg on Flickr<\/a>, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"http:\/\/www.flickr.com\/photos\/81239734@N00\/1371044712\/in\/photolist-369XPW-4A5gfe-4LQSHt-5kAHPG-5Q3VH4-5UkE4a-5ZYD3p-5ZYGBH-75Q6r9-7gZCzX-7mfN1j-7tjSxP-7toPNS-8gBf2f-86TLSP-8f9eEm-9rjpMD-dAPegg-8frBss-9oyWtm-amuyaP-dxdmTX\">asenat on Flickr<\/a><\/small><\/p>\n<\/div>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/169847\/how-attackers-actually-hack-accounts-online-and-how-to-protect-yourself\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;How Attackers Actually \u201cHack Accounts\u201d Online and How to Protect Yourself&#8221; People talk about their online accounts being \u201chacked,\u201d but how exactly does this hacking happen? The reality is that accounts are hacked in fairly simple ways \u2014 attackers don\u2019t use black magic. Knowledge is power. Understanding how accounts are actually compromised can help you&#8230;<\/p>\n","protected":false},"author":1,"featured_media":412606,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2013\/08\/silly-hacker-stock-photo.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-412605","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/412605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=412605"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/412605\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/412606"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=412605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=412605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=412605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}