Do you have a dumb question that you're kind of embarrassed to ask in the main thread? Is there something you're just not sure about?
This is your opportunity to ask questions. No question too simple or too silly.
Culture war topics are accepted, and proposals for a better intro post are appreciated.
Jump in the discussion.
No email address required.
Notes -
I work in anti-fruad and anti-ID theft over the internet for a large corporate employer. Though I've been out of the external, customer-facing side and moved to internal-threats recently, the same broad trends have held true for a while.
Actual hacking, that is the creation of novel malicious software, exploiting vulnerabilities in existing legitimate software etc, is a very high effort attack vector and is primarily targeted at high-return targets. Think ransomeware targeted at hospitals or private companies. Or espionage, either between states or industrial. And even these examples often have a social element to them. Our employees are regularly approached (online) by bad actors seeking their cooperation with an attempted attack. I've personally be solicited this way. I blame Linkedin.
A private individual is much, much more likely to fall vicitm to some form of social engineering attack. Though many of these are hybrid attacks. A good example of this is Fake Tech Support. People think they are calling Apple/MS etc for help with a technical problem, but its a phoney outfit that tricks them into installing malware, usually a remote control/desktop application. Some of the slicker operations actually guide the caller though fixing the issue they called in about too.
To answer the direct question about keyloggers, yes these are a danger to be aware of, but in the majority of cases the user has been fooled into installing it themselves. Actual, pure hacking is very rare against members of the general public.
More options
Context Copy link