You didn't click on any link, you didn't download anything from any site, you did not open any attachments in your emails but your device was still infected. Welcome to the world of 'drive-by-download' attacks! These attacks can happen by simply visiting a website - even ones we consider very safe!
How does this work? When hackers learn of a vulnerability that affects a very popular device (e.g. a specific model of phone or tablet), they create malware and inject them into popular websites and apps. If websites and apps allow ads to run on them from third parties, they could also use the ads to deliver the malware to your device without having to inject the website or app itself! Hackers know that some percent of the population that visits these websites and apps will do so on the targeted popular device and will fall victim to the attack.
What damage can they cause? Once they inject malware into your device, they can do anything including wiping it out, stealing your data or even using your device to attack others and making it look like the attack came from you.
Read how hackers compromised major online news outlets to install drive-by-download attacks.
Everyone knows about internet cookies and how they are used to track us online. The good news is that most companies are moving away from cookies due to various privacy laws and regulations around the world. The bad news is that they can track you anyway! Alternative techniques such as pixels, beacons, browser fingerprinting, canvas fingerprinting, audio fingerprinting, etc allow for companies to not just uniquely identify you but also know which exact device you are accessing their website or app from!
How do these new methods work?
Websites embed code from a pixel or beacon provider such as Facebook. The code downloads an invisible 1 pixel transparent image to your computer that track what you do on the website or app. The way the image is rendered reveals a lot of information about your computer. With audio fingerprinting, the way your device renders sound is akin to a unique signature and is used to uniquely identify your device. Many websites may use a combination of these capabilities. In other words, these techniques are invisible to the eye and not something you can disagree to like a cookie.
What can they learn about you using these technologies?
What can you do about it?
Unlike cookie consent notices, there is no way to reject this tracking on most websites. You can review the privacy policy of the website and see if there is a 'Do not track' request you can make. In addition, you can also see if the company will take 'Delete my data' or 'Do not sell my data' requests.
Ads are everywhere on the internet. They are on websites, they are on apps, they are on streaming services, they are on online games. They show up as banners, pop ups, ticker tapes and more trying to grab our attention every which way possible. Each of us is exposed to 1700 ads a month and one in 100 is malicious i.e. clicking on them will install malware or take you to a scam site. By visiting a website or using an app, you reveal what kind of computer you are using and creative scammers create ads that mimic the messages you get from your computer to trick you into clicking on them. Internet ads also violate your privacy since the ad networks that deliver them collect and sell your information to other entities.
To protect yourself, it is not enough to use just browser based ad blocking. You need blocking across every website, device and app used in your home, which can only be provided by network based ad blocking tools like Kavalan.
The US Senate Committee on Homeland Security and Governmental Affairs conducted a full investigation back in 2014 on Online Advertising and Hidden Hazards to Consumer Security and Data Privacy. Their number one finding was that online ads expose consumers to malware!
A bug on a website, owned by the state of West Bengal in India, revealed the Aadhar numbers and copies of fingerprints of several citizens. In related news, theft of biometric fingerprints have resulted in bank accounts being emptied out.
Hackers are using compromised Discord accounts to direct message users and trick them into downloading a malicious file posing as a game that has the Lumma Stealer malware embedded. Users are enticed to review a game in return for rewards.
Increasing number of Amazon Prime members are being targeted by scams that use phishing emails that trick them into believing their accounts have been suspended or have suspicious activity. Amazon has issued guidance on how to spot these.
