We all know that friend that lost their Instagram account.
We all know someone can get hacked, maybe you've been hacked before. We would like to show you how to get hacked in some simple steps. First off visit our dummy website, a Netflix clone: https://digitize-africa.co.ke/netflix-hack-cyber-security . Seen it? Pretty convincing right? I can make a clickable link like: netflix.com to make it seem a little more convincing.
So what have we just seen? That is a copy of a Netflix homepage that I made by using some low quality images that were found on Google images search, it's nothing special. but I can make it do anything. In this case, I am using it as an educational tool. But I could turn it into a `pharming` and `phishing` tool with ease. In this blog, we are going to explore some ways in which we could help get you hacked. Let us get on to our first step on the journey to getting hacked
Ignore the Devil in the Details
We all know the devil is in the details, hackers almost never get things right. Their work will be riddled with errors, typos, broken links/images,weird pop ups, all that. If you are looking to get hacked don't let these little errors make you question whether you are on a legitimate page. They probably would want to send you to a website with the URL slightly altered to misguide you. Something like netfl1x.com, retflix.com maybe even netflix.africa. Even I get confused looking at these. Make sure to not double check the URL with the actually company. Any company with a half decent customer relations approach will try respond to all emails or at the very least share information on forums and share relevant content. One sure way to get on your journey to get hacked is to not do a bit of research and maybe contacting the support teams when you see something weird.
What do these guys want now
Never stop and question why Netflix is sending you unsolicited emails. Never mind if Netflix is trying to reaching out to you from Nigeria through a gmail account. It doesn't need to be a g-mail account, something like `firstname.lastname@example.org` works well, `email@example.com` works too. You will probably need to go into your spam folder and find these emails after getting through the multiple warning messages. Now go on and download what they have attached for you in that email, click on those links in the email and fill whatever sensitive information is needed. Again do not question why they need that password you felt like you weren't ever supposed to share. Why do I need to reset my password? Who is asking me to reset my password.
Does anyone remember the twitter hack that just happened recently? The one that had Obama, Jeff Bezos along with multiple other twitter accounts with large followings shipping out posts asking people to donate bitcoins to an anonymous bitcoin wallet? Well this is sort similar to how the hack worked, but with a lot more social engineering involved. Basically they reach out the twitter staff members and try to trick them into going into a dummy website and give their sensitive data that will allow them access into their staff accounts and systems.
So now these hacks may be obvious to all of us? Less than 1% of people who face these threats may fall victim to this. But twitter employs over 3000 staff members, so with that statistic some people may fall for it. The hackers only need one person, preferably with an account with special privileges to fall for this attack.
Turn a blind eye
Any decent website explorers (chrome,Firefox etc) has inbuilt security systems. Look up at the URL bar, you should see a padlock or a shield. If so you are on a secure connection to the website. That is not what we are after here. These security systems work in the background in ways we can only hope to understand. All I can tell you is that we need to ignore these warning that pop-up. When chrome warns you the form you just filled on `netfl1x.com` just exposed your password, do not panic and go reset your Netflix password. Go on by your day instead, the hacker will reach out to you shortly. Note that some hackers do create their own pop-ups, they don't usually look consistent with the browser theme. They're a lot more intermittent on how they present themselves
Ok but seriously
But on a serious note, just as it cost you money to sign up with Netflix, it will also cost the hacker money to try and get something out of you. Look at it this way. With the money I used to set up a Netflix clone, i could have simply paid for my own account. It doesn't make sense to spend $100 dollars and put in effort to try and steal someones Netflix account. I could just pay that $15 subscription fee instead. This should give you an idea of how to invest in your cyber security. What do you have to lose? What does someone else have to gain? I have 300 followers on my Instagram, no one would spend their money to try and steal my account. But if I had 500k followers on my social media platform. People would want to steal my account. What would they have to gain? They could sell off both accounts, but who would buy an account with 300 followers? But the demand and premium for the latter would be high. But that is just one aspect, they may want little details which fit into a larger picture. Maybe they want to get into your account to get your credit card info. Long story short, if you are just careful, it wont make financial sense for an distinguished hacker to attack. We don't need anything too special unless you have a lot to lose. Just keep yourself educated and we will all be alright.