How to Not Get Hacked Online? Cybersecurity Attacks Safety - Tips from a Hacker
1,146 views
Wait, is this logic right? •
Aug 02, 2023
Slog Reference: Dont get Hacked
Description
How do they hack your email, passwords, bank accounts and more? Find out in this episode by one of the best cybersecurity experts in India.
With nearly 3.5 lakh viruses coming out every day to harm you in every possible way, you need to know some of the most commonly used attacks by hackers and online security tips to stay safe from such attacks.
Learn how to keep your Email, Social Media, Bank account and other information safe online from a cybersecurity expert in this Episode of FutureIQ.
Hope you enjoyed FutureIQ by Navin Kabra and Shrikant Joshi. Do hit us up on Twitter:
@ngkabra http://twitter.com/ngkabra
@shrikant https://twitter.com/shrikant
Listen it on the podcast provider of your choice: https://tapthe.link/FutureIQRSS
Watch other episodes of The FutureIQ podcast: https://www.youtube.com/playlist?list=PLAppTB0r5_TaYueZ0adD42Wiw5X-wTE4v
Chapters:
00:00 Introduction
00:11 Common hacks
05:15 The problem
06:40 Long passwords
07:35 Storing passwords
08:40 Companies that send you password
10:10 Password guidelines
11:10 Password managers
14:25 Ways you can get hacked
15:07 2FA
17:44 Protecting Emails
19:10 Twitter hack
21:00 Anecdote
23:33 Antivirus software
26:50 How to be safe?
30:40 SIM Swaps
#futureiq #cybersecurity
With nearly 3.5 lakh viruses coming out every day to harm you in every possible way, you need to know some of the most commonly used attacks by hackers and online security tips to stay safe from such attacks.
Learn how to keep your Email, Social Media, Bank account and other information safe online from a cybersecurity expert in this Episode of FutureIQ.
Hope you enjoyed FutureIQ by Navin Kabra and Shrikant Joshi. Do hit us up on Twitter:
@ngkabra http://twitter.com/ngkabra
@shrikant https://twitter.com/shrikant
Listen it on the podcast provider of your choice: https://tapthe.link/FutureIQRSS
Watch other episodes of The FutureIQ podcast: https://www.youtube.com/playlist?list=PLAppTB0r5_TaYueZ0adD42Wiw5X-wTE4v
Chapters:
00:00 Introduction
00:11 Common hacks
05:15 The problem
06:40 Long passwords
07:35 Storing passwords
08:40 Companies that send you password
10:10 Password guidelines
11:10 Password managers
14:25 Ways you can get hacked
15:07 2FA
17:44 Protecting Emails
19:10 Twitter hack
21:00 Anecdote
23:33 Antivirus software
26:50 How to be safe?
30:40 SIM Swaps
#futureiq #cybersecurity
Related Slog Matches
Dont get Hacked
65.27
Vector
Transcript
just last week one of my friends a fairly important person had his Twitter account hacked and the hacker used it to send links to cryptocurrency scams to all his contacts not just friends but professional contacts right this is a serious problem now another example is I think of myself as a very security Savvy person and yet when I go to have ibeenpond.com and I put in my email address there I see that my password from 24 different websites has leaked out there it is in the hands of hackers right so neither I nor my friend suffered any serious consequences but you know it could have happened we were that close and this can happen to you also
and today to talk about how not to get hacked how to keep yourself safe we have Rohit srivastava in the studio he is one of the top cyber security experts at ID Security Experts in the country uh welcome Rohit and great to have you good to be on the show yeah so let's start with some of these hacks right what is the most common way in which people get hacked okay uh you initiated the whole conversation from uh have I been upon yeah I'll take that as a interesting uh station of conversation right now yeah what happened is uh this is created by uh well-known security researcher out there okay where he got collection of databases from different
hacks okay and believe me here is billion plus passwords in his database oh not the actual password the encrypted password where he looks at what you do is when you put in your email address yeah it looks that whether in any of the breeds your password was hacked or not okay what does that mean that an attack has happened and on that particular attack your password or your other information got leaked out or not so let's take one example from your 24 yeah it could be LinkedIn it could be zomato it could be uh I think big basket so I mean bitly is one of those email shortness shortening shorteners I used to use long ago that
is one of them discuss discuss for comments oh God Domino's Pizza okay so and in each of them it has written that what all data has lost yeah so think of it your Linden was hacked or rather attackers had broken into the LinkedIn database they didn't hack my LinkedIn no they had LinkedIn servers and down the whole database yes each and every one I think 2008 or 99 yeah so yeah I mean basically whoever was on LinkedIn on that date everyone's information all this information was out and in the hands of random hackers okay now you understand a lot of audience would understand the whole cryptography of the passwords are cryptic and they're encrypted and stored and has been stored
yeah there are ways you can but if it is encrypted then decrypted or is there a has you have method of getting the actual text out of it right not breaking the hash but doing some kind of attack on it right that LinkedIn database is available with uh Troy hunt who's the owner of this website yeah plus a lot of attackers hmm now if you give me your email address yeah I can search your email ID in my LinkedIn database and get to know your LinkedIn password so if you are a hacker and you have that database you can just check anyway is this a search it's just a look up look up oh my God sorry sir and I found and I
found your password is l i yeah and then something okay fair enough l i could be the password part of the password or Ally will be linked in right then another hat happens another breach happens say Twitter yeah and I see your password is TW and the same thing then you know now I know yes if I have to break into Instagram it has to start with IG and then the string correct if I have to break into your Facebook it will be FB and then something well actually I would say that most people don't even bother with that a lot of people just use the same things password everywhere that's called as password reuse yeah so if and
uh we have used this as an example in a lot of corporate awareness examples as well right yeah talking to board of companies yeah when we did it yeah I asked them one simple question what is the probability that your LinkedIn password and your office email password is same and a lot of people were like suddenly worried uh okay why because people perceive limit as oh it's a pretty professional Network it is my work email and Linkedin password could be same yeah or similar right now you see how the attacks is happening right people are trying their different ways of protecting it like most of the carpets have started using the two-factor authentication on the official email
address people have started preventing or rather making it more difficult for these kind of attacks to happen yeah but still [Music] ever be a bridge or were you part of most people wouldn't know I'll take a few name in India yeah zomato was one oh yeah dunzo was one um big basket yeah zoom car all of us have accounts on all of these uh apps and these are not my primary important account which I would be very careful for right so I would go ahead and use the same password on an easier one right and every time I repeat that yeah that's where the bridge percolates down to other attacks which is happening okay and that's the part of the problem so
these are the data breaches which happens right you may or may not know about it right it's not a part of your daily routine to keep knowing what all thing got had today right exactly what all data breaches have happened yeah but then going to this site and then we spoke about have I been born yeah you go to have I been Pawn put in your email address you can actually subscribe to it oh so whenever every time there's a new bridge in which your email address is reflected right you get an email and then what it means is that you should go and change change that particular password or wherever you have used that password you change it to all
the websites right so but you know that's just a lot of websites to keep track of and passwords uh you know but again people have gone into habit like you I know you have a very long password right yeah people have started creating long passwords right because the idea is that small passwords are easy to break break yeah is the keyword who's breaking your password oh yeah okay so they're just stealing the password from the website database is available and I know your 70 character password why would I bother to spend my Computing resources no need to it is copy paste it is yeah so there was a very popular photograph on social media few days ago if you have
a eight character password it will take one day to break if you have 10 character password will take four days the five days of the break whatever the sequence correct so go ahead 14 plus character it will take right yes nobody break your password that way okay attackers do not use that method anymore it's just not cost effective it's not just cost effective the passwords are dumb somewhere all you have to do is copy paste right while looking at your password yeah have you ever seen your password in plain text somewhere written in a plain text somewhere the whole password no write it down on a notepad or somewhere yeah the way you look at it
you'll feel scary about it oh yes hang on how my password is visible to me right exactly yeah people have habit of storing their password on notepad or Excel file people have oh people are smart they put their file in an ex passwords in an Excel file and the password protect the Excel file you know what if you upload the encrypted Excel file the password Excel file there are online services to break the Excel password which may take somewhere between 15 second to 15 minutes to 15 hours depending on the password but Excel password can be broken and a lot of people are using the previous versions of excel so it's even easier with time things are getting
secure but yes so you're storing your password in an Excel file yeah is risky right in fact writing down your password anywhere is risky so it's the biggest pop if you ever see your password in plain text anywhere no but suppose my get a shot suppose my bank I mean I forget my password and my bank sends back a mail saying this is your password bank is sent to the password the text or the password in the email yeah that is the day when you go ahead and close the account in that particular bank and move on to the next okay explain why yeah the passwords in any of these services are kept in a hash format let's go little
technical yeah it is hashing not encryption okay because for encryption there is decryption but for hashing there is no dehashing so so so they never actually store your password as it is then run out the company officially they should never no decent company no decent company ever saves your plain text password in the database so they always save it in a manner it's doing some munging to it hashing hashing and they store the hash thing and there is no way to get back your password from that tag so it is a one-way road yeah okay but if they have sent you the password in plain text and not only Bank any website if you don't
send your password in plain tag that means fire that company they have kept your password in plain text or they have kept an encrypted password yeah but that is decryptable that means if the database is linked the password can be decrypted so basically you are saying that anyone if you ever get your original password back from some company that has incompetent people and do not trust that's the last day of using their service okay makes sense the idea is or rather the best possible rule is yeah every website should have a different password correct each password should be long yes and no password should be reused correct fair enough yeah now the point is when you go to
sign up to a website yeah the website says minimum eight character yeah minimum 10 characters yeah hang on why are you looking at the minimum look at the maximum huh some pass there are some site and even there are some banks which is not more than 14 characters yeah but wherever it is allowed go 30 character go 40 character hmm because you don't have to type it because you don't have to remember it how do we achieve that stage that we don't have to remember it yeah you know the whole point of having short password is that quickly I have to type it so many times and I want to do it quickly I don't want to be typing 30
characters every time so what is the solution so the solution is available this is called as a password manager okay that this is a software or an app this is a software an app yeah there are free versions there are paid versions most of the antiviruses now have started bundling a password manager into that Security Suite okay what you can do is install any of those uh there are one which are available on multiple device so my phone and my iPad and my laptop same password database is synced okay which is on the cloud yeah and whenever I have to enter a password all I have to do is click it select the account which
I want to login click the password is auto filled into the field oh so it copy itself okay so if I'm not typing yeah if I'm not remembering while limit myself to eight character why not 30. right just just let it be as big as possible and yeah so but I mean it just this seems like you know Chrome uh asks me if I want to remember this password or save it in their thing shouldn't I be using that that seems much more convenient yes why not at least it's 100 times better than you writing in an Excel file or a diary you know there are physical Diaries available in shopping malls which are called as password diary you can
actually write down your words oh my God okay but never ever buy those yeah the idea is having a password manager to make it life easy yeah no but most of the browsers why would I use a password manager instead of just doing it in Chrome so Chrome the Chrome's password saving mechanism is Google's password manager oh okay it is password okay well what we recommend is not to use that in your work environment okay why because of work computer is not your computer it is controlled by the organization it is controlled by the administration your personal passwords will end up there and that's and can go into a gray area Okay on a personal devices go ahead either
use Chrome or browse Firefox all of them have coming up with their password managers right okay there you can go ahead and lock the password manager as well why would I do that so that anybody else at any point of time if using your machine shouldn't be able to log into a bank and be able to log into your password manager and look at all the passwords oh okay looking in the plain text oh okay okay but I strongly recommend people not to use the browser password manager yeah there's a reason because then convenience is also a matter if you use a specific application as a password manager only then you are giving that one task to that one
particular application so there are dedicated password so basically a master of is better than a jack of all trades which is what Chrome is why because in your interesting browsing Behavior you might go ahead click somewhere and which may cause something I don't know but which may cause something in general with mattress of password better to be extra safe extra safe because they are the key to the kingdom passwords I mean passwords is just one way people hack into your devices what are other ways even if the password is gone what next yeah it becomes the questions right now and I've demonstrated this in multiple cases I have and because this video I don't want to because video can
be paused yeah but I've actually picked up my phone opened up my password manager showed my password to people okay this is my password a few while ago I was saying you should not seeing your password right but if my password is really long and strong and that complex yeah sequence of character it's not like a word or anything yeah so then you can actually do that yeah but why did I dare to do because to the account which I show yeah is protected by a two-factor Authentication okay a two-factor authentication is very commonly in India known as OTP okay people remember it very easily that's an OTP one time password okay one time password how it is different
from a password so let's take an example of a bank yeah you have a bank account number right I want to transfer you money you will give your bank account number two right yeah something which you have shared all right how do you log into your bank account you never use your bank account number to login to the right banking yeah you use something called as customer ID or crn number right yeah some ID yeah which you never share with anyone correct yeah you know this idea okay so something you know yeah then you know the password something you know is a username and password right yeah that's the first factor of authentication right and something I
know I'm very likely going to store somewhere and that can get stolen by somebody can get so you need a different way of the second method that's why it is called as two-factor authentication the second factor of authentication is something you have okay what do you have you have a phone okay yeah you have a SIM card number right huh you have a mobile phone which is most of the time with you yeah on this there would be a number generated either generated right or sent as an SMS OTP correct so okay so if I don't have the phone I cannot use the OTP so somebody who manages to steal my password still it's you are not useful
until they steal what I have my phone has okay so that's a two-factor authentication all right yeah there is a third Factor as well or rather Beyond two everything is called as multi-factor authentication okay the next part of authentication is who you are okay what does that mean your thumbprint [Music] phase biometric yeah is something you are okay that okay so breaking that is even more difficult right yeah so you are just adding a layer of protection okay on your thing which you want to protect yeah something you know something you have and something you want yeah my bank has otps right but most of my other accounts don't have otps why not Google gives you
for free Instagram gives you for free WhatsApp gives you for free Facebook gives you for free all the popular account give this service most accounts I mean more and more accounts these days allow you to enable two-factor authentication Factor authentication and I should be doing that free of cost okay free of course you don't have to pay for it okay so it's an additional security feature available free of course all you're doing is not using it my bank has my money and it is very important to me so I do two-factor authentication for that my Gmail doesn't have any money right I just use it for email so why can I mean you know I will not enable
two-factor authentication for that is there a problem with that do you have an insurance yeah you have a bank account yes you have various Services yeah which email ID have you given into them okay but what is the same ID right yeah but what does that have to do with anything if this ID is lost yeah access to this ID is lost when you're not aware about it because attacker has the password you have the password you are continue using it attacker is also using that donate you a lot of people have habit of storing a lot of information on their Google drivers that is with attacker yeah and then they can go to the bank do the social
engineering with them yeah to the insurance company or someone yeah to pretend to be you they're impersonating you in that case that means oh wait a minute so what also if I say forgot password on the bank website they're going to send an email email which is coming onto your email account and which I've done protect using two-factor authentication and I'm an attacker yeah I'll do a forget password yes the moment it comes I'll click on the link and delete that email you will not even know that there's an email of that kind of so okay in fact you know I won't even realize that my account is hacked that attacker is just checking those mails
regularly regulations no now I remember that there was a famous Twitter hack where uh a lot of celebrities Twitter accounts got hacked and if I remember right the way it was hacked was that the forget password email was like Gmail or something that email had a backup email which was Hotmail and the Hotmail was not protected the Hotmail that person had forgotten he had an account and so that account got deleted and the hacker was able to create a saving account with the same username which is possible no I none of us really think I mean you think about okay I'm going to protect my Gmail but that has a backup email and nobody bothers with what that backup email is
so now you get into the backup email use that to reset the password of the Gmail user to reset the password of the bank and now you're in trouble or Twitter or Facebook whatever exactly so it's not only money which is at the risk right now or reputation online reputation everything is online because everything is connected right and most of the time people have one or two email address and they are managing their life with tackle right yeah and in fact I mean if your authentic account is uh in the hands of a hacker they can use that to social engineer you [Music] sending this link here would have verified it I can go ahead and click on
it and now they lost money because they thought your account wasn't saying it yes so all of them are interconnected hence protecting all your accounts is important and easy and easy you are not saying cheap I'm saying free ah these are all three so just basically you have to give up a little bit of the convenience to be able to sleep well I'll tell you a very interesting story which has happened to me yeah one of the universities yeah I went there I had something urgent to be done so I had to log on to my email account I hadn't had any other Computing device then there yeah so I use one of the University Computer to log in put in my
username password I took the OTP entered that logged into it then log out cleaned camera two days later I get an SMS that this is your OTP I said I never asked for it okay then I started looking back where did I logged in huh and I remember it was a university PC where I logged in okay I did not change my password I first went to University spoke to them and get all the machine sanitized and I'm not changing our password even till the evening because I know my account is protected by the two-factor authentication okay they are more at risk yes yeah the ones who didn't have two Factor yeah no they their machine was infected that's why my
password leaked out a few years ago it was a stat that what are the total number of new virus coming every day take a guess like three four three and a half lakh new ones lack every day viruses different kinds of viruses some difference are not very different very old one just do a little bit here and there so that oh my God stop getting detected and new variant is out oh my God just do a little bit of mutation okay and this is not detected by antivirus so coming back to this University case yeah because it was expired a few days ago yeah the definition was not uploaded okay so a malware came in order to the computer
sitting there okay looking for everybody typing a username and password see if there is a virus in the computer won't the computer crash no not necessarily it was a era when Juarez used to cause those trouble okay idle wait for the right time and then act so you could have a virus on your device for months months and not even notice it it's just sitting there in the background virus can see what I'm typing yes they can it's an application running on your system okay and it can see everything because it is malicious we call them malware but it is aware it's a software yeah basically any device if the antivirus is not up to date could have a virus in
there which is watching everything I type I'm sending credit card numbers passwords and so on to a hacker yes you know one of the biggest fact hmm you require an antivirus for an Android phone as well and no I don't know anybody who has antivirus for the phone that's the problem most of the people do not have an antivirus phone their Android phone so with there are virus viruses or Windows machines so no no no they are not uh they're they're on Linux people have this belief that business do not get virus Linux has viruses Mac machine sells viruses Android phones have a lot of viruses my phone doesn't have an antivirus and the virus can sit there and watch
everything it can see otps yes phone okay so that sounds very dangerous very recently A Bank sent out a awareness material to all the customers that how do attacker work the whole motorcycle was described by the bank to people people who didn't understood but that's a separate story attacker will create an app which is a SMS Reading Writing app okay which work like an SMS Reading Writing app and stay on the phone okay but they cannot put in directly yeah so they will do a social engineering tell you that oh you have uh offer or your phone is your kyc is expiration whatever method yeah you have to install this so where do you install it or then there
are ways by which it can be downloaded right once you install it there's an application working on your phone the work of this application is read SMS send it to this guy read SMS send it oh and this includes all OTP SMS so wait now what sounds very dangerous to me is that on my mobile I open the bank uh uh website web page I type in my username I type in my password that there is two-factor authentication here so I wait for an OTP and all of those if there is a virus on my phone it can read all of those including the everything OTP next time yeah because your phone is infected with this malware yeah and your
username and password is only known to the attacker yeah you would enter username password and in his database which is getting updated every yeah millisecond yeah sees the OTP comes in types in the OTP and he's into your account okay that's your bank for your banking is happening on the phone and this is important so this Bank when they send an awareness they were about the UPI because if you have installed say Beam app on this phone yeah that's your official UK application you use right yeah an attacker can install Google pay on a different phone and have the same account configured here okay I mean to configure the account all it that is needed is otps right you need
to send an SMS to the bank yeah that I'm configuring it here right and receive Bank says I will accept only the SMS from the number which is registered with your bank correct yeah but that's on this phone that's not on my phone how do I send that okay so as the malware to send the message oh so my it's from my attacker device to your device your device to bank bank sensor response take the response back under OTP gets entered here so you must have a completely unrelated phone has my GPA config and the transaction can happen Okay this all of this just sounds quite nasty to me so I'll tell you something right do you
actually use uh Bank websites on your phone yes I do okay so how do you protect my phone number which is there with the bank yeah is not the number you guys know or anybody knows so it's not this it's not this number then my number I have a separate phone okay for OTP that's it that's it only used for OTP that's known to the bank in my bank file yeah any column that is coming from bank right and most of the time it's a Spam right of course because Bank sell your data to other people and somebody else is calling right my otp's are going there okay but what if that has a virus but
that's a idle phone not used for any other purpose it's an old phone which I retired from this thing a dubbo phone no not a buffer phone there's no apps no nothing okay blank and I'm not even browsing on it okay so what are the channels of malware coming in just a malware can come if the malware has broken into the bank system and picked up my number and using some methods and that seems very fun okay as it is a stock phone okay just a stock phone whatever apps were there all right default it's there okay and I'm not using it for any other purpose problem yeah when I go to any of the shop till some
time and because see protection always catches up the fraud correct yeah so now UPI apps have gone ahead that they will not allow UPI to work on a phone where that particular is not there yes yes I was lucky enough to be using since long yeah now I can't yes so what I've done I have got a payment bank account these are the low value accounts you can have now a separate bank account separate bank which is doesn't have your primary money it is just an account used only for little payment so you can transfer money to transfer manually there's no automated way of taking money from a bank so you always keep only a
limited amount of money and that and that's the max you can lose that's the max I can lose okay and yes I use that phone or that app on this phone and I use that for all of us now when I'm going lower balance I manually transfer some money here yeah that's the reason these Banks were created payment Bank Airtel payment Bank paytm payment Bank jio payment Bank a lot of payment Banks were created for this property it's a payment Bank yeah you have to do a quick payment with this correct yeah so actually uh I've known Rohit for a long time and these things that he told me uh I know this is what
Rohit recommends so about two years ago I went ahead and did this for my family the two things I did was one a completely different phone for the otps from the important bank accounts which is not used anywhere nobody knows that number other than my family and my bank and second is a separate bank account for every family member which is not connected to the main bank accounts it's all automated yeah yeah I mean which is only used for payments on which at any time only has a small amount of money right it does increase the work a little bit uh but very quickly we have all gotten used to it and now we feel much
safer especially is the peace of mind as well it increases the peace of mind we are not worried and yes I mean although I pretended that this doesn't have antivirus it does have antivirus because I listen to Rohit it does take some time right I heard this from Rohit four years ago but I implemented it only two years ago it took me two years to push myself to do it but I'm glad I did it and you should also do that and it's very very important it's very any Computing device in your hand you should have a protection antivirus yes and why do I have this separate phone yeah because there was a very big news
and I was a big attacker used to do something called a Sim swap okay they would talk to the Telco right the Telecom company yes they would get your aadhaar card people have there are a lot of ways by which people have linked their other card information correct yeah they would get a pan card number and other stuff right they will pretend to be you to the Telecom company yes and get a separate SIM card saying that old SIM card is lost or gone in the rain no I still actually remember reading this uh in a Pune newspaper where a person's uh an IIT Professor oh my God actually lost because of the Sim swap right so when I started this whole
idea of a different phone it was during that time yeah although that's very difficult today to do Sim swap yeah because if you go to change your sim card today yeah you will be having you have to give a thumbprint to authenticate aadhaar and a video and all of stuff happens right but previously it was a case so and Sim swap yeah has been a big attack method for a lot of people yeah doing the OTP so basically they managed to get your sim card basically your number on their phone without you even realizing so you realize that your phone is not working something is wrong oh you will probably take two days to go fix it
because it takes just the phone is important for everyone yes few hours yeah but that is enough further attack right yeah and that's how Sim swap happens and that's why I started this method of keeping a different phone actually if I remember I remember uh the news article where the swim swap I mean Sim stopped working at evening and the person went the next day but overnight the money was like 40 plus yeah so that has happened and that's the reason I started but now I'm the other thing is that okay Sim swap has become more difficult so same swap when it was easier people got breezed yeah and then the telecom companies came up with
methods and processes to make it difficult right so now it doesn't happen something else is happening correct that's why you want to be one step ahead that's why I be extra safe yeah initially it seems like a little bit more work but you get used to it very quickly human beings are very adaptable and after that things are smooth so I would recommend you do this user password manager use two-factor authentication and if possible use a separate phone for your bank account it doesn't cost a lot um stay safe right don't be hacked this is Rohit srivastav and I am Naveen Cabra this is future IQ thanks thank you thank you for watching till the end if you
liked this episode check out these others you might like them also and please share with your friends I'm sure they will also like these thank you