How modern scamfraudsters steal channels?

Do you know that it is not necessary for them to know your password, but it is enough to steal your token without you knowing about it.

How they do it and how to avoid it in our article series.

1. Phishing. The user is lured to a site that pretends to be real, and they are offered to enter a password that "leaks" to intruders;

2. MALWARE. Such software is placed on hacked sites or sent to insufficiently protected systems;

3. SOCIAL ENGINEERING. Sometimes it is possible to peep the password, and especially gullible users can tell it to the attacker themselves: a whole layer of the Internet fraud system is built on this;

4. PASSWORD CHOICE. With user information that is easy to find on social networks, you can try to guess the password. You can also automatically go through a huge number of options using an associative database or a dictionary attack technique, when non-verbal combinations are excluded, and verbal combinations are modified in the way that the majority likes - replacing letters with similar numbers.

If you see that you are offered to download something, be it pictures, pdf, or some program that performs useful functions, but not from the Microsoft or Google app stores, then most likely you can get your account hijacked!

How to protect yourself and what to do we will tell in the next article.

Russian version