Types of account hijacking attacks

Hackers attack accounts to access sensitive information of users, for profit purposes (such as bank accounts) or other purposes. In general, account hijacking can be classified into two categories: passive and active.

Passive attack

The type of attack that stolen account information is saved for later use. This type of attack comes in two forms: online (offline) and offline (offline) with specific objectives, made by perpetrators who directly access the victim's property. For example, the perpetrator has access to a user's computer to easily install a "key logger" or spy program to collect user data.

Offline attack has a limited range and low performance. This is the simplest form of account theft, does not require high 'skills' and does not cost any cost.

Users can become victims of this type of attack simply because they reveal their password or save it in an unencrypted form in a file with an easy-to-guess name on the hard disk. A recent study found that 50% of account theft was done by people close to the victim.

Online attack has no specific target. The attacker targets a large number of users on the Intrenet, hoping to exploit 'loose' systems or take advantage of users' trust to steal accounts.
This type of attack has a fairly high performance, up to 3% (according to a ComputerWorld report). The most common form of online attack is phishing.

The cost of online attacks is mainly used to buy email lists, 'weak' computer lists can put fake websites or order wrecking programs. This attack is often done by hackers who have 'skills'.

Active attack

Picture 1 of Types of account hijacking attacks It is a form of sophisticated attack that steals and uses accounts in real time. Active attacks are quite expensive and require high technical level. The "man-in-the middle" attack that creates fake websites between users and real websites is an example of an active attack. Active attacks are not a current security issue but they will be problematic in the near future.

When two-key authentication becomes common and passive attacks no longer work, criminals will have to resort to more sophisticated active attacks. Companies, especially financial institutions, need to prepare users to deal with this second wave of attacks.

The best defense against active attack is user-side computer security: ensuring that the operating system and all applications are fully updated and patched, updating the virus identification database and Malware, using a firewall for Internet connections, uses antispyware and malware tools to make sure your computer doesn't install unnecessary programs . Anti-phishing filters also help reduce the possibility of "stray" users Phishing websites.