How you get Hacked: what attackers use today
ฝัง
- เผยแพร่เมื่อ 27 ก.ย. 2024
- How you get hacked today is very different from several years ago. Modern hackers use social media, phishing campaigns, infostealers and more to target you and deliver malware straight to you. Secure your company emails from being spoofed: easydmarc.com/ (sponsor)
Buy the best antivirus: thepcsecurityc...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecurityc...
I'm 100% safe with McAfee.
Hope your joking
macoffee
@@Picachumaster6no. McAfee is the best AV system. Everyone who follows this channel known that!
His spirit is trapped in my PC. He protects me 24/7 from the technoheretics. Praise McAfee 🤖🙏.
💀
Don't forget kids, the real Goku won't ask for your parents credit card information.
No? Fuck, too late. Already send 2k to send back goku from Namek.
hmm why not?
"Hey, it's me, Goku, what's your login info?"
@@danielbaker1248😂
Debatable
The best protection. Trust no random shit being sent to you which you do not expect to recieve.
If a company or a person you know seems to have messaged or mailed you. Call them and verify the email sender address and content etc.
If you dont know the company / person it is shit you dont need in your life = delete, block and ignore.
Yeah Ive had this very discussion with my boomer parents a few times. Getting them schooled about the computer world was a monumental task. It almost broke me a few times, but if it didnt kill me it made me stronger. Right? ;)
@@petyrbaelish007 nietzsche never had to teach his grandma how to use facebook
@@petyrbaelish007
This is literally the same advice that we were giving in the 90s.
Even through the IE/activeX days, it was always easier to spam email netbus to people who thought they'd just won some prize.
I, ignore
I wish some white hats made "fake malwares". Like you open some random ".exe" / random mail like the BBC mail you showed, but instead of hacking you, it opens a scary message saying "You could have been hacked" and explains how it would have done it and how to proctect yourself from this.
Liability issues, most likely :(
thats an interesting idea
that would be considered grey hat hacking. attacking websites and larger systems in order to try to help their security used to be more common before bug bounties became a thing. good thing too, because generally the people who got hacked are not grateful for the lesson 😂
@@xenostimI'd be grateful as long as it got removed lol
One variation of this that I've seen is security teams in companies sending out fake scam emails and if you click on any of the links you are redirected to their security training course.
Company I'm working at, sends us phishing emails and if you click it, you'll have to do a 1 hour online training.
I must day it's working and now I have PTSD
This is quite common. But the funny thing is even though the employees know that these phishing tests are routinely used, they still click on the content rather than report the suspect message.
They probably assume its better to report if if there's nothing there for them (if it "is" phishing) whilst maybe they get paid whilst doing the test still, so less work for them each time it happens.
Sounds like a smart idea.
How about when the phishing awareness emails are all "YoU"ve WoN a PrI$E" But then the CTO and HR actually send "Click this link" emails regularly. Lol.
[Switches off computer and goes to live in the woods...]
The further you get into cyber sec the more you realise this is the only way
Malware and official software aren't so different in most cases.
The tree's have eyes
So you want to be infected by a real virus.
No where is safe.
Becomes Amish
the fact that the ad blocker got installed by an ad made me lose it
I swear that "System hacked" page design was taken from a video game but I can't remember which.
It's from Star Trek films actually.
@@adalwolf8328 Oh, I didn't know
It's Putin's homepage.
Advanced Warfare
It's Pac-Man
We an employee that refused to report entering her credentials in that file and 3 weeks later it was too late we got hit by ransomware
L
The spoofed email, in my limited experience with them, isn't foolproof. If you look at the message header information you can usually see that it wasn't actually sent from whatever is in the From address. I have yet to encounter one with the header information spoofed, that I know of. I did have one suspicious email, which came from what appeared to be and actual companies email server. I forwarded email to the companies support email address and told them it looked like their email server may have been hacked. They said the email wasn't legit. I don't know if they were hacked or if someone may have actually spoofed the email header info.
I believe one of the anti India scammer or cyber security youtube channels has it happened to them.
I once got email from myself. Gmail flagged it as a spam and warned that sender is most likely spoofed, something wrong with signing certificate, it wasn't Google's one.
2:40 correction: the social media platforms ARE the malware THEMSELVES
Kind of like the old Bonzi Buddy...they're just so much fun that we willingly use that malware!
I think so. I've read articles about Temu or IG and Facebook having access to your files, location, mic etc.
Has anyone done a video breaking down how they do it, what they collect and how it Should be illegal?
Accepting terms and conditions that are intentionally long and confusing shouldn't be enough to absolve them from responsibility.
I showed this to my 11 year old.
My 71 year old is the one that truly has trouble getting this stuff.
@@petyrbaelish007 you mean the 71 yr old son of the guy that invented the internet ? ya right
@@edwardmacnab354 No I mean my boomer dad.
@@petyrbaelish007 not all of us boomers are stupid . The only reason I'm not a hacker is because I know even the best of them get caught unless they are in a foreign country . Plus it is kind of tedious and boring . More suitable for 11 yr olds
@@edwardmacnab354 I never said anyone was dumb.
Very informative. Thank you for posting 😊
Thanks for the information. If there is anyone who really deserves to get some recognition and appreciation for all the work and time spent on informing it's followers it's you.
Congratulations on the 500K!
Are you going to talk about Kaspersky getting banned?
Yup, it is next on my list.
@@pcsecuritychannel don't know what to do as I bought a year of licence from kaspersky 😢. They do a fantastic antivirus
I use Kaspersky but if it’s getting banned, I’ll have to find another to use. Windows Defender would probably be good enough for my purposes
Its just politics
@@tpd1864blake I'm trying to make up my mind between Bitdefender or Mywarebytes.
simple solution: only use pigeons and ravens for communication
I live when videos start straight to the point
Thought someone was banging on my door in the beginning lol
Great video as a reminder of how you can be attacked. Suggestion: Do a movie review of "Blackhat" with Chris Hemsworth!! Maybe a few other cyber movies would be fun as well. It would be interesting to hear from you what is real and not and why! Thanks
I absolutely loved this video, I was wondering the steps that we should take BEFORE we get hacked, to fully proof ourselves
DMARC configurations helps but it isn't the silver bullet. When you get into it, one quickly finds out the practical setting is "soft fail" which means someone spoofing your domain will be sent to recipients junk box instead of the trash. This gives employees the opportunity to see the email and from that they make the decision on what happens next.
Depends how you configure it using spam is best option as fail usually fails when your email is actually legitimate
So basically, it's just Human Error.
Sure, but pretty much anything can be boiled down to that in regards to technology, even flaws in code that lead to vulnerabilities
I don’t like when strangers grab my cookies !!! 😂
can u make a vid about anti-virus and firewalls tier list
Yes plz
Common Sense and Intelligence are S tier for sure
They are not gonna protect you
@@PittGG why?
@@npc.ouffa- bc if youre just browsing the web and interacting with safe stuff you can just use windows defender
like you think youre getting protected while sitting around though your not gonna get infected anyway
as if you trying to get better at detecting viruses yourself you can actually prevent getting infected when downloading stuff
Tell us about dynamic/behavior monitoring in open source world please.
I would like to know as well, he brought it up and didn’t provide examples.
If you install random cracked software and games you might as well use a VM where you store no passwords or data for it and keep your main system clean
Broski it doesn't even have any sort of performance
monitor the network traffic in the upcoming vids
man only people that fall for this stuff is like kids, and old people.
I miss ZERO sleep knowing Norton has me
What happens when the timer runs out on that system hacked message?
The computer self-destructs with a full nuclear detonation wiping out everything in a 500 mile radius.
@@pcsecuritychannel dont let the CIA know that, they will use it
It's probably just a fake message, nothing got hacked and it's just a phishing web page that tries to scare you and trick you into thinking you got hacked from clicking the link.
🤣 lmao @@pcsecuritychannel
@@pcsecuritychannel ok kid. u dont need to overreact
Simplest way to prevent your computer from getting hacked (Windows only)
Just run any Video Game in the background that has Kernel Level Anticheat. 10/10 never get hacked. Because the hacker's access is immediately detected by Anticheat as malicious.
Real or joke?
@@armanis1234 based on my own experience in the past 6 years, real I'd say.
Because anticheat can prevent anything that Hackers usually attempt to do on victim's Computer. Again, this is only applicable to Windows, and, Kernel Level Anticheat.
Yes I go to shady websites all the time. Nothing bad happened so far
@@ClayWheeler Um, hate to break it to you but the anticheat would just ban you from the game (even if it did detect anything), its not gonna stop you from being hacked.
The anticheat will be looking for processes that try and interfere with the game itself and does not give two shits about what else happens on your machine.
Just going to a website cant get you hacked if you use a modern browser with a modern operating system (EDIT: Also you have windows defender).
You dropped your tinfoil hat, Sir.
@@sylussquared9724 who's gonna tell this person there are plenty of video games with Kernel Level anticheat that allows the game to run without the user being Logged in.
He goes through it a little too fast to help beginners, though it contains useful information.
Crazy, as I watch this I get a message saying my package wasn't delivered because there was no address on it and had a link at the bottom of the message .
Blocked
Tip: just send all your email to the junk folder first
A hacker could put you on their network and hack you. They can register your home to their domain and hack everything in your house that has wifi. They can install wifi cameras in your house and watch you.
I know you've touched on Windows Security couple of times, but what do you think; does a casual user who only browses TH-cam and check email need a paid AV? Or is the built-in security enough.
Not unless your network is somehow insecure
eh probably fine, just be wary of potential phishing emails and DMs really. some free AVs like norton and avast are actually more hurtful than anything
For me I stick with just defender. As long as you're not doing anything out of the ordinary (running files from unknown sites, or submitting details to sites you haven't checked are real, etc) you should be fine.
@@koreyb
@adalwolf8328 If you have any common sense with computers, yeah windows defender will do the job.
did you hear about the Kaspersky ban in the US? Opinions?
Will you make a video on Kaspersky getting banned from the US?
And the internet provider in cahoots with malicious hackers to send malicious windows updates.
Keep in mind malware doesn't come just in .exe formats. DLLs can be as dangerous.
Osint really got involved and got attention, bad for the PUPs, the PUPs are like puppies, you love them, you make them monster. Sometimes you have to be drama queen for the pups :(
I've read recently, in USA they have banned Kaspersky
We had an issue where the hackers set up fake accounts impersonating top level managers in our university and was ask to check over the attached reports etc. literally swapped a letter in the email address so it was hard to spot
are apple pcs safe from these phishing emails ? I'm new to all this and was under the assumption that when a mass email attack is created it can only be executable on a single type of OS
Depends on what type of attack was done. If it’s in the browser it doesnt really matter the OS. Those browser attacks are increasingly common due to it. If it’s an executable that runs on a PC then the program needs to be designed for either Windows or Mac.
Mac people: "I don't understand why doesn't everyone use Mac."
Windows people: "How do I open my email?"
Linux people: "yeah yeah. I'd use BSD if I could."
Android people: "Why don't I receive stuff from iPhone users correctly?"
iPhone people: "check out this video of my drunk friend falling."
Windows Phone people: "How do I open my email?"
Amiga people: "Ha! You only have 8 bit sound."
Can you look into the copy fix malware that's been plaguing some wordpress-made websites?
you should focus on methods of verifying true message sender when message is suspicious.
Pls make a video about kaspersky ban
I legit ignore 90% of the emails at work. If something is super important it will be brought up on a meeting or a teams chat. I have most things filtered out except for emails from the boss and grandboss along with IT all of which gets filtered a bolded so it becomes obvious who it is coming from. There have legit been internal PEN testing where I completely missed the email that was sent to me to because again I skip most of what comes into my inbox.
Thank you!!!
i was on a sketch site and it was opening new tabs every time i clicked. then one time i missed the x and it opened like 20 tabs at once and made em move. then they all went away. i left the site and cleared my history could i possibly have a virus? I'm very paranoid.
Hi,my collegues lately are saying that you can get virus by just simply watching videos(autoplay on hover,previews,shorts,videos) on youtube even without clicking on anything.
I know question might be stupid but i am still wondering
The internet is amazing
Maybe you could do a video or a live stream of the proverbial fool. Where you just go click on random shit until the virtual machine shuts down.😂
Hello friends, I did a fool and I installed a plugin with crack 2 days ago, but although there was no virus, my instagram went away today (I got it back) and I changed the passwords of my computer formats and main e-mails in the morning, but when I opened the exe, they sold the items from steam now because they accessed all the cookies or tokens and sent a message to everyone from discord.
What do you recommend as a solution, if I change the password of all my accounts one by one, will the problem be solved? Or did a virus that didn't even go with the format entered my computer?
I won't try to trick you, can I have your bank login info please? I did say please.
And your credit card number?
They always use stupidity.
Even though? I think they want to play hackerman
How about rootkits? How to uninstall them?
U should do a vid on the kaspersky ban and alternatives for those who have it
the way I'm paranoid, Sundar Pichai himself in bone and flesh could come to me and say that I must insert my password to recover my gmail data or something and I would still doubt it and ask questions and do 10 checks before I even click anything
I'm sorry, but none of these apply to my laptop which has OpenBSD, neither to my gaming machine which runs Alpine Linux.
Can you please tell the method of spoofing the email
Now that Kaspersky's is being banned here in the US, which would be a better option? Bitdefender or Mywarebytes?
Neither, Eset is a better option than both
@@nutellaguyau Thx.
What's your take on the US banning Kaspersky?
Nothing about Kaspersky?
Can you do a video comparison of kaspersky free vs bitdefender free vs windows defender?
Kaspersky has been banned in the US as of a few days ago, doesn't apply to all people but still a decent chunk of the English speaking language.
What is the solution.
Help 4/6 of my precious hard drives are self replicating viruses everywhere I managed to unbrick my zenfone 3 the other day by flashing like 50 different zip file combinations till I got it but I had to take everything off my computer i plug in for it to transfer on a new temp os and i can't lose any more data I have terabytes of precious files I'm too scared to unmount another drive and even run anti-virus against it any advice help
I love cookies
Could you do something on android vunerabilities.
My virus never escape my VM
These hackers are super idiot savants. They shouldn't be trifled with.
2:40 cheats and gaming
How do I check and confirm I have a info stealer or not
@kaper-wz3wv Is there is way to check cause I play pirated games a lot , I don't have money to buy games for now they are so expensive.
AMD pay attention.
hacker or bbc, both nefarious
don't upload to virus total
@2:04 shut up exe
keep up
10 hour work day 🤣🤣🤣🤣🤣🤣🤣🤣
oh sh**
Me go throw pc out
Meet Ukrainian Women Ready to Connect
Bro, I hope you're joking. McAfee sucks bro
virus
LOL
You are SO out of touch with how hacking works.
I don't mean to disrespect, but this is child's play.
miTm Traceroute shows my Gateway Router then some Random private ip then the isp; with that said; I is totally targeted and i am going to www.youtube.com can have the ads thumbnail videos etc in the website that is now transcoded by the attacker with backdoor payloads considering i am going to a transcoded https like verson of youtube, how do i prevent that from happening?
This cookie thing howver it works
I think its a specific format of file that the stealer well steals
Couldn't one write some code to inject or append their cookies for a specific session to include their own malware that identities the ip address it was sent to? Kinda like hey i found your cookie jar..
Sorry i have zero actual hacking skills but my thinking has had our security team laughing at me 60% of the time and the rest checking if such tools or methods exist or could work. Any actual ppl with IT skills would be appreciated for my next great idea 💡❤
Cookies nowadays are encrypted in transit (HTTPS). Even if an attacker finds your cookies through a packet sniffer, they can't actually decrypt the plaintext within them (or modify the contents within the cookie aka cookie poisoning). Something similar to the attack you're referring to does exist though. CSRF (Cross-Site Request Forgery) attacks exploit the trust that a user has with a web application. With a little bit of social engineering, an attacker could trick the user into executing malicious actions on a web application in which they're already authenticated.
My friend got one of those files that require email and password. So what he did is he made a script that submits random data to bloat the hacker's database. Good shit.
Your friend thinks like me but With actual coding skills 😂
Great video as always. Would you maybe be willing to make one about alternatives now that Kaspersky gets banned in different places. I always used it and in my opinion (and seeing your tests) its the best throughout, especially among the free ones.
I've seen a malware that injects js code encrypted as base64 through emails, but the catch is: you just need to open the email, the encrypted JS does the rest. No link, no response, nothing, just opening the email will inject the code.
Wow. Where do you find such things and how do I understand it? I really just need to know the method of attack and not the code cos I wouldn't understand it anyway
@@dinom3106 If you want to create a malware similar to what I've said, you need to learn base64 encoding/encrypting. So you will create the code/malware and then encrypt on base64. The code will "run disguised" as base64, and the email protection and security won't check the code for malicious methods, but you need to make the code to avoid certain security measures.
But Gmail doesn’t support JavaScript so surely that’s not a problem nowadays?
I'm getting in to cybersecurity this is getting out of control
Seeing a twitter DM made me remember that I dodged a bullet with someone who claimed they made a social website and DMed me for obvious reasons.
The other thing is I report videos of cheats and cracks when spotted.
1:11 Sir/Madam 💀
How to tell someone is a bot, lmao.
2:55, really @TH-cam? "Meet Ukrainian Women"?
Hey leo i saw your testing of windows defender while using defender Ui. I was wondering if you could do a video testing with defender ui again while not connected to the internet so we can see if it boosts protection when not connected to the internet. Thanks leo!
On a phone, i think it's even worse! I have on my phone a collection of viruses. Until two months ago, i didn't realised it, never thought that Chrome or Google Drive, nor other trusted platforms like Facebook or TH-cam could contain viruses. I was so wrong! What i find outrageous, is that there are no lows to forbid malware advertising. The laws are too acceptable and don't really try to combat black hackers.
@@koreyb maybe battery draining really fast and overheating
@@koreyb Few examples, starting with the begining: after factory reset, i was putting back the back up for Whatsapp and few other apps, without knowing how actualy a back-up must be done. Moreover, gmail adress on active Chrome. Therefore, phone memory was reaching 90% usage, in one or two weeks. I had looong time using my phone at 1% free space, wondering what is ocupying so much memory. One day i was lucky to clean itself quite alot of space(2 GB) and it was the moment that opened my eyes and attention to my phone.
While i was deleting files, memory was increasing, not decreasing. I still have some weird files that are being sended from my phone. It is recording what i am setting, what i am speaking, what i am writing, what photos i am taking and send reports through Whatsapp. Is that virus related directly or inditectly to Whatsapp, i don't know yet.
When i was using my emails, my phone agenda was free to use... And i was receiving phone calls from countries i have nothing to do with.
My mom received a foreign call too, this is how i realised that she had it from my hacked phone.
I noticed that is upgrading some things, in accordance with my actions or settings.
Safe mode is not working on my phone anymore, therefore i consider it a trash. In the next future, i will use it only to exercise my own custom made Android.
I believe i have a spyware, a worm and a physhing kind on my phone, my gmail adress and Google Drive.
Chrome on phone is useless. Use Brave
Additionally, the bbc URL is sus, because BBC doesn't use that domain.
If I do a full reinstall of windows will it remove viruses?