They can steal your passwords through very varied methods. Hackers could sneak in a Trojan to record everything you do, send you an email with malicious files, or use brute force to guess it, among other techniques. However, there is a trick they can use that you may not expect. In fact, they want precisely that: to make you think that it is not dangerous and to fall into the trap without questioning what is happening.
It’s about sending you a message, but through a family member or friend. The idea is that you trust that message and you can fall into the trap. They could steal your access codes, ask you for personal information or ask you to perform any action, such as installing a program or downloading a document with which to have more control.
Message from a known person
But what exactly does this technique consist of? The attacker has previously been able to take the account control from a friend or family member. It can be your Facebook account or any other social network, email or even your WhatsApp and similar applications. This way, they will be able to access the contacts and see which ones are trustworthy.
Once they find the right person, who is usually a family member or friend who they see is close, they will start the attack. They can get in touch in many ways, such as through a message, email, etc. They could even talk about normal things, before launching the final message.
That message can be of different types. They will always look for you to do something. They will not ask you directly for your passwords, but they will ask you to click on a link to see a supposed photo on Facebook, to download a document they are sharing with you, etc. When you click on that link, you are facing a traditional Phishing attack: a fake web page, where you are going to put your data and they will end up in the hands of the attacker.
But of course, since you have received that message through a family member or friend, it is possible that you do not distrust it and that you click on the link that was sent to you. Therein lies the problem, since, although your contact is not aware of it, it really is a trap and you are going to leave your password on a plate to a cybercriminal.
Common sense
As we always say, the fundamental thing to avoid these types of attacks is common sense. Even if you receive a message from a person you trust, you should never log in through that means. You should never access Facebook, Gmail or your bank account through a link you have received, regardless of the source.
The best thing, in case of doubt, is to always ask the other person, wait until you are sure that they really are trustworthy and, something you should always do, log in only by entering the account yourself. official Web or using the legitimate application. Never log in, or enter any type of personal information, through third-party links.
Beyond that, the recommendations are the same as always: have All updated To correct vulnerabilities, have a good security program and use official only software. This will help you protect yourself from a wide variety of attacks, although the most important thing will always be common sense and avoiding mistakes. You can always even password protect your browser bookmarks.
