In this sections a number of techniques are described, that are possible using computers. Apart from these there are of course still all 'old' ways starting with
door-to-door sales leading up to burglary or blackmailing.
Experts call these "attack-vectors". There are, among others, these possible ways to steal your data or to defraud
The trojan horse was disguised as a present, already 2500 years ago a well-known trick to obtain access. Nowadays USB-sticks are a ein popular give-away, because they are cheap and
easy to brand for advertising. They are a favorite tool of hackers, because they can stand in for any input or output device to the computer. They can start programs acting as mouse or keyboard
input. They can place themselves between browser and web page by pretending to be a network adapter. In this so-called 'man in the middle' position they can pick up the whole traffic,
This trick was used e.g. in arresting Ross Ulbricht in october 2013. Two FBI-officers acting as an arguing couple for diversion placed a USB-stick in
Ulbrichts laptop to prevent locking. This was sufficient
to also obstruct the harddrive cleaning that Ulbricht installed to wipe out evidence from his computer. They obtained full access to the confiscated computer.
It is sad, but especially with free or found valuables you should be suspicious and search for possible motives.
It is easiest to motivate people using greed, avarice or fear.
In many cases the search for free video or music leads to virus-plagued web sites. You should never start downloaded programs or scripts unless you are trust the web site and are very sure about its identity. As of Windows 7 the admin-modus must be confirmed separately whenever a program requests administrative rights. This warns the user once again, but still programs are often installed recklessly.
Actually most programs should not require installation. For example, none of the Spoc-Applications available from this web site will require administrator-access. This gives you the certainty that these apps cannot modify your computer. For installation simply unzip and copy the folder wherever you want.
In addition to starting downloaded software, hackers also deploy pop-ups and adware on web sites
to exploit bugs in browsers or lure users into clicking them.
In the best case you only have to eventually reinstall the computer, but it can be
worse: so-called 'Ransomware' like e.g. Wannacry in Mai 2017 encrypts all your files and uses them as
'hostage' until you pay money to decrypt it.
EMail receives increased attention due to the perceived personal nature, although they can be considered weapons of mass-confusion, since they are extremely cheap.
This motivates different kinds of attacks described below.
Insecurity in handling electronic media, especially among elder people
can be exploited by mass-eMail efficiently.
Just like with cold calls, gullible people can be unsettled by eMails and motivated to imprudent actions.
Often a seemingly easy way out is offered e.g. by paying a small "administrative fee". But if someone pays it, they qualify as susceptible to blackmail and will be faced with ever higher charges. This pattern is especially devious and can only be broken by a competent and self-assertive attitude on the part of the victim.
It is liberating and exhilarating to see how to brek out of these schemes as this TED-Talk shows, where James Veitch pretends to let himself in for shady deals via eMail.
Another way to destabilize people is to
notify them of an alleged problem (locked bank account or overdraw, security issues etc.) and prompt them to login to a fake web site. Conveniently the suitable
links are provided in the same eMail.
It is easy to copy an existing web site and route
the whole communikation across your own site. This is known as a so-called "man in the middle" attack. By presenting a login dialog, usernames and passwords can easily be obtained. These can even
be fed into the actual web site to proceed and leave the victim inconspicous about the fraud.
Both eMail sender as well as the link to the web
site can easily be faked to look
authentic. Never use links from eMails to log into secured web
For this kind of attack you only need a sufficiently large set of eMail-adresses. These can be bought cheaply in large quantities on the internet and in only three steps you can construct a proposal that look quite compelling to the individual recipient. In this case greed instead of fear is used to motivate the victim.
Of couse this happens only with an eigth of the original recipients (half of the half of the half), but if only a fraction of these von diesen auch nur ein Bruchteil take that bait, the effort has paid off. The sender can pretend to make further good investments (e.g. using fake reports with buy/sell decisions after they have taken place) until enough money has accumulated and then get away with it.