How you get Hacked: what attackers use today
HTML-код
- Опубликовано: 20 июн 2024
- How you get hacked today is very different from several years ago. Modern hackers use social media, phishing campaigns, infostealers and more to target you and deliver malware straight to you. Secure your company emails from being spoofed: easydmarc.com/ (sponsor)
Buy the best antivirus: thepcsecuritychannel.com/best...
Join the discussion on Discord: discord.tpsc.tech/
Get your business endpoints tested by us: tpsc.tech/
Contact us for business: thepcsecuritychannel.com/contact 
Наука
I'm 100% safe with McAfee.
Hope your joking
macoffee
@@Picachumaster6no. McAfee is the best AV system. Everyone who follows this channel known that!
His spirit is trapped in my PC. He protects me 24/7 from the technoheretics. Praise McAfee 🤖🙏.
💀
[Switches off computer and goes to live in the woods...]
The further you get into cyber sec the more you realise this is the only way
Malware and official software aren't so different in most cases.
The tree's have eyes
So you want to be infected by a real virus.
No where is safe.
Becomes Amish
Don't forget kids, the real Goku won't ask for your parents credit card information.
No? Fuck, too late. Already send 2k to send back goku from Namek.
The best protection. Trust no random shit being sent to you which you do not expect to recieve.
If a company or a person you know seems to have messaged or mailed you. Call them and verify the email sender address and content etc.
If you dont know the company / person it is shit you dont need in your life = delete, block and ignore.
Yeah Ive had this very discussion with my boomer parents a few times. Getting them schooled about the computer world was a monumental task. It almost broke me a few times, but if it didnt kill me it made me stronger. Right? ;)
@@petyrbaelish007 nietzsche never had to teach his grandma how to use facebook
We an employee that refused to report entering her credentials in that file and 3 weeks later it was too late we got hit by ransomware
I swear that "System hacked" page design was taken from a video game but I can't remember which.
It's from Star Trek films actually.
@@adalwolf8328 Oh, I didn't know
It's Putin's homepage.
Advanced Warfare
I had my cookies grabbed once…😢
Were they chocolate chipped? 😂
@@user-zf8ki1cx2w No but it hurt anyways.
😏
Thats why always clearing browsing data or using an applicstion like mullvad browser is worth it
Relatable
Very informative. Thank you for posting 😊
Great video as always. Would you maybe be willing to make one about alternatives now that Kaspersky gets banned in different places. I always used it and in my opinion (and seeing your tests) its the best throughout, especially among the free ones.
Thanks for the information. If there is anyone who really deserves to get some recognition and appreciation for all the work and time spent on informing it's followers it's you.
Congratulations on the 500K!
The spoofed email, in my limited experience with them, isn't foolproof. If you look at the message header information you can usually see that it wasn't actually sent from whatever is in the From address. I have yet to encounter one with the header information spoofed, that I know of. I did have one suspicious email, which came from what appeared to be and actual companies email server. I forwarded email to the companies support email address and told them it looked like their email server may have been hacked. They said the email wasn't legit. I don't know if they were hacked or if someone may have actually spoofed the email header info.
I believe one of the anti India scammer or cyber security youtube channels has it happened to them.
I once got email from myself. Gmail flagged it as a spam and warned that sender is most likely spoofed, something wrong with signing certificate, it wasn't Google's one.
Company I'm working at, sends us phishing emails and if you click it, you'll have to do a 1 hour online training.
I must day it's working and now I have PTSD
This is quite common. But the funny thing is even though the employees know that these phishing tests are routinely used, they still click on the content rather than report the suspect message.
They probably assume its better to report if if there's nothing there for them (if it "is" phishing) whilst maybe they get paid whilst doing the test still, so less work for them each time it happens.
Sounds like a smart idea.
I absolutely loved this video, I was wondering the steps that we should take BEFORE we get hacked, to fully proof ourselves
Seeing a twitter DM made me remember that I dodged a bullet with someone who claimed they made a social website and DMed me for obvious reasons.
The other thing is I report videos of cheats and cracks when spotted.
I showed this to my 11 year old.
My 71 year old is the one that truly has trouble getting this stuff.
@@petyrbaelish007 you mean the 71 yr old son of the guy that invented the internet ? ya right
@@edwardmacnab354 No I mean my boomer dad.
@@petyrbaelish007 not all of us boomers are stupid . The only reason I'm not a hacker is because I know even the best of them get caught unless they are in a foreign country . Plus it is kind of tedious and boring . More suitable for 11 yr olds
@@edwardmacnab354 I never said anyone was dumb.
I hope some white hats made "fake malwares". Like you open some random .exe / random mail like the BBC mail you showed, but instead of hacking you, it opens a scary message saying "You could have been hacked" and explains how it would have done it and how to proctect yourself from this.
Thank you!!!
He great channel, good content! Curious what do you use as a main machine from an OS perspective? Are you a windows user?
I ain't clicking no link in a YT description! Mama Leo didn't raise no fool!
Are you going to talk about Kaspersky getting banned?
Yup, it is next on my list.
@@pcsecuritychannel don't know what to do as I bought a year of licence from kaspersky 😢. They do a fantastic antivirus
I use Kaspersky but if it’s getting banned, I’ll have to find another to use. Windows Defender would probably be good enough for my purposes
Its just politics
@@tpd1864blake I'm trying to make up my mind between Bitdefender or Mywarebytes.
I live when videos start straight to the point
the fact that the ad blocker got installed by an ad made me lose it
1:11 Sir/Madam 💀
How to tell someone is a bot, lmao.
Great video as a reminder of how you can be attacked. Suggestion: Do a movie review of "Blackhat" with Chris Hemsworth!! Maybe a few other cyber movies would be fun as well. It would be interesting to hear from you what is real and not and why! Thanks
great content
can u make a vid about anti-virus and firewalls tier list
Got to love that Star Trek style Red Alert System Hacked screen.
Hey leo i saw your testing of windows defender while using defender Ui. I was wondering if you could do a video testing with defender ui again while not connected to the internet so we can see if it boosts protection when not connected to the internet. Thanks leo!
DMARC configurations helps but it isn't the silver bullet. When you get into it, one quickly finds out the practical setting is "soft fail" which means someone spoofing your domain will be sent to recipients junk box instead of the trash. This gives employees the opportunity to see the email and from that they make the decision on what happens next.
Depends how you configure it using spam is best option as fail usually fails when your email is actually legitimate
Thought someone was banging on my door in the beginning lol
We had an issue where the hackers set up fake accounts impersonating top level managers in our university and was ask to check over the attached reports etc. literally swapped a letter in the email address so it was hard to spot
monitor the network traffic in the upcoming vids
U should do a vid on the kaspersky ban and alternatives for those who have it
Tell us about dynamic/behavior monitoring in open source world please.
I would like to know as well, he brought it up and didn’t provide examples.
Could you please do a video like this but extend it so it would incorporate the whole context that include consumer-grade user security? So we can learn not only how we are hacked but also how and what our lines of defenses act and can do for us, so that we can learn to defend ourselves and set up a healthy security hygiene on our systems and network, and be able to recognize a healthy secure network and pc environment, because I honestly don’t even know if everything I’ve done to achieve this is even effective or not, and have no idea how to determine this in any way. Could it please incorporate password/account security also. There is not a single guide or explanation that covers the topic as a whole and I believe many people would want to see something like this and that is an increasingly necessity in this time.
I run my browser in a sandbox (Sandboxie) ... I tested it years ago against hundreds of malware and it kept my PC from being infected 100% of the time.
The Sandbox was infected but not my PC.
If I go to a banking website or if I visit a wesite like Amazon, I delete the sandbox and restart my PC, then create a new sandbox.
Also...If a hacker gets my authentication tokens, don't the tokens disappear when I shut down the PC and then regenerate new ones when I log back in?
I can that if you are the type who never shuts down their PC this could be a problem.
As far as login tokens, deleting the sandbox would delete the tokens but it wouldn't make them inactive/useless. You'd want to log out from the site itself and hope it actually makes them no longer valid rather than just removing them from your browser.
Bearer tokens (like OAuth2.0 access tokens in the form of JWTs) do not "die" until the timestamp expires and so (depending on the website in question) could be used to access a backend API even if you have logged out of the front-end application. For example, if the API consuming the access token is just validating the timestamp and signature (and does not send the token back to the issuer to confirm it is still valid), then the attacker might have a small window of usefulness before the token expires.
I have to help my mom all the time with phishing emails or messages."It says my power will be turned off and we need to pay with visa gift cards because their having issues with their paymet system." Or "USPS sent an email saying they are holding X amount of packages due to a address issue and need to fix the address and pay a fine for storage of the packages." I mean come on. It amazes me how people fall for this. Im trying to teach her how to spot this stuff, always spelling/grammar errors, site or url is close to but not the one their trying to mimic, or just search online, is (whatever bs email/message) a scam and you will usually find it is pretty quick. Also more and more "your account to X or Y will be closed" when she doesnt have that or is subscribed to anything. I just dont know how that generation gets by being so believing of everything. I just told her assume everything is a scam and block/report anything you dont recognize.
did you hear about the Kaspersky ban in the US? Opinions?
Can you look into the copy fix malware that's been plaguing some wordpress-made websites?
So basically, it's just Human Error.
Sure, but pretty much anything can be boiled down to that in regards to technology, even flaws in code that lead to vulnerabilities
I've read recently, in USA they have banned Kaspersky
damn that star trek virus popup is so rad
Will you make a video on Kaspersky getting banned from the US?
you should focus on methods of verifying true message sender when message is suspicious.
I know you've touched on Windows Security couple of times, but what do you think; does a casual user who only browses RUclips and check email need a paid AV? Or is the built-in security enough.
stop using Windows and switch to Linux. Or just a Chromebook.
Not unless your network is somehow insecure
eh probably fine, just be wary of potential phishing emails and DMs really. some free AVs like norton and avast are actually more hurtful than anything
For me I stick with just defender. As long as you're not doing anything out of the ordinary (running files from unknown sites, or submitting details to sites you haven't checked are real, etc) you should be fine.
@@koreyb
Our company got outlook mail scanner on a server itself and for 3 years i only got a few of those mails. All of the links were wrapped in MS ones so they stopped working after a minute or so.
Usually system is just annoying, because it's quite slow in checking attachments. There were even advisement to just attach Onedrive documents to speed up the process.
Honestly that's kind of the better idea. Disallow receiving attachments entirely (sending only for outside network emails, for customers) and just make the company use a private file share. Unless someone gets into the file share, no risk of being impersonated. Just send a "Okay I left it in [dir] of fileshare"
@@Aura_Mancer it's actually way more seamless. You just attach files from OneDrive and they appear as attachments. I don't usually send files and if i do i use Teams.
Overall, it's a nice idea, maybe there are some similar policies exist.
On another note, Google drive is blocked and i know it used in malware attacks a lot. Paired with dummy files, virus could escape AV scans.
Could you please do a video on the kaspersky ban in the US? Also, i saw somewhere if you have the product installed you will stop recieving updates at the end of september. However i saw somewhere else claiming you would still be allowed to update until the products expiration.
Also if possible, could you do a video on how to completely uninstall kaspersky? I have had to uninstall and reinstall Antivirus software before and it was not as simple as selecting uninstall in add/remove programs. It was kinda complicated you also had to download another program to completely uninstall it.
I'm getting in to cybersecurity this is getting out of control
1 question, how to protect against these?
Dirty electricity can be corrected using AC to DC to DC to AC.
Water can be purified.
So, there is surely a way how to protect ourselves online.
Crazy, as I watch this I get a message saying my package wasn't delivered because there was no address on it and had a link at the bottom of the message .
Blocked
I don’t like when strangers grab my cookies !!! 😂
Bro release a video for us mortals and how to search/track ransomware in our pc. I love your content.
And the internet provider in cahoots with malicious hackers to send malicious windows updates.
Keep in mind malware doesn't come just in .exe formats. DLLs can be as dangerous.
Additionally, the bbc URL is sus, because BBC doesn't use that domain.
Ads can contain PUPs
Pls make a video about kaspersky ban
Disconnecting from wifi and keeping your laptop or mobile in a Faraday's cage is the only solution
😅 then the only option is return to the Stone age
@@animeworld2005It's the best option. Totally offline and privacy. 😂
@@animeworld2005 stone age people had very little privacy as well. Imagine you're in the midst of a dna data transfer process with your wife and suddenly someone entered your cave with unfortunately no door or locks or no firewall for that matter... Whatever the age of mankind is, it's the privacy which is always fcked
They always use stupidity.
make a video about Kaspersky antivirus getting banned in the US
On a phone, i think it's even worse! I have on my phone a collection of viruses. Until two months ago, i didn't realised it, never thought that Chrome or Google Drive, nor other trusted platforms like Facebook or RUclips could contain viruses. I was so wrong! What i find outrageous, is that there are no lows to forbid malware advertising. The laws are too acceptable and don't really try to combat black hackers.
I've never had a "virus" on my android phones. How did you discover that you had one on your phone?
@@koreyb maybe battery draining really fast and overheating
@@koreyb Few examples, starting with the begining: after factory reset, i was putting back the back up for Whatsapp and few other apps, without knowing how actualy a back-up must be done. Moreover, gmail adress on active Chrome. Therefore, phone memory was reaching 90% usage, in one or two weeks. I had looong time using my phone at 1% free space, wondering what is ocupying so much memory. One day i was lucky to clean itself quite alot of space(2 GB) and it was the moment that opened my eyes and attention to my phone.
While i was deleting files, memory was increasing, not decreasing. I still have some weird files that are being sended from my phone. It is recording what i am setting, what i am speaking, what i am writing, what photos i am taking and send reports through Whatsapp. Is that virus related directly or inditectly to Whatsapp, i don't know yet.
When i was using my emails, my phone agenda was free to use... And i was receiving phone calls from countries i have nothing to do with.
My mom received a foreign call too, this is how i realised that she had it from my hacked phone.
I noticed that is upgrading some things, in accordance with my actions or settings.
Safe mode is not working on my phone anymore, therefore i consider it a trash. In the next future, i will use it only to exercise my own custom made Android.
I believe i have a spyware, a worm and a physhing kind on my phone, my gmail adress and Google Drive.
Chrome on phone is useless. Use Brave
My wife just won a company wide phishing derby. She got a $50 GC and 3D printed fish trophy. She even knocked the Senior IT guy out of 1st place 😂
Osint really got involved and got attention, bad for the PUPs, the PUPs are like puppies, you love them, you make them monster. Sometimes you have to be drama queen for the pups :(
Hi,my collegues lately are saying that you can get virus by just simply watching videos(autoplay on hover,previews,shorts,videos) on youtube even without clicking on anything.
I know question might be stupid but i am still wondering
Even though? I think they want to play hackerman
👍
What happens when the timer runs out on that system hacked message?
The computer self-destructs with a full nuclear detonation wiping out everything in a 500 mile radius.
@@pcsecuritychannel dont let the CIA know that, they will use it
It's probably just a fake message, nothing got hacked and it's just a phishing web page that tries to scare you and trick you into thinking you got hacked from clicking the link.
🤣 lmao @@pcsecuritychannel
@@pcsecuritychannel ok kid. u dont need to overreact
are apple pcs safe from these phishing emails ? I'm new to all this and was under the assumption that when a mass email attack is created it can only be executable on a single type of OS
Depends on what type of attack was done. If it’s in the browser it doesnt really matter the OS. Those browser attacks are increasingly common due to it. If it’s an executable that runs on a PC then the program needs to be designed for either Windows or Mac.
I use Microsoft team all the time
Now that Kaspersky's is being banned here in the US, which would be a better option? Bitdefender or Mywarebytes?
Neither, Eset is a better option than both
@@nutellaguyau Thx.
None, if you're using a 365 subscription Windows defender is good enough. But if you still wanna have one then try Sophos or Vipre security.
I love cookies
Can you do a video comparison of kaspersky free vs bitdefender free vs windows defender?
Kaspersky has been banned in the US as of a few days ago, doesn't apply to all people but still a decent chunk of the English speaking language.
2:40 correction: the social media platforms ARE the malware THEMSELVES
Kind of like the old Bonzi Buddy...they're just so much fun that we willingly use that malware!
ah yes, the good ol social engineering hack
Help 4/6 of my precious hard drives are self replicating viruses everywhere I managed to unbrick my zenfone 3 the other day by flashing like 50 different zip file combinations till I got it but I had to take everything off my computer i plug in for it to transfer on a new temp os and i can't lose any more data I have terabytes of precious files I'm too scared to unmount another drive and even run anti-virus against it any advice help
Could you do something on android vunerabilities.
If I do a full reinstall of windows will it remove viruses?
it will remove most types yes but is not reliable method of cleaning computer
Simplest way to prevent your computer from getting hacked (Windows only)
Just run any Video Game in the background that has Kernel Level Anticheat. 10/10 never get hacked. Because the hacker's access is immediately detected by Anticheat as malicious.
Real or joke?
@@armanis1234 based on my own experience in the past 6 years, real I'd say.
Because anticheat can prevent anything that Hackers usually attempt to do on victim's Computer. Again, this is only applicable to Windows, and, Kernel Level Anticheat.
Yes I go to shady websites all the time. Nothing bad happened so far
@@ClayWheeler Um, hate to break it to you but the anticheat would just ban you from the game (even if it did detect anything), its not gonna stop you from being hacked.
The anticheat will be looking for processes that try and interfere with the game itself and does not give two shits about what else happens on your machine.
Just going to a website cant get you hacked if you use a modern browser with a modern operating system (EDIT: Also you have windows defender).
Nothing about Kaspersky?
Which is best anti virus,i use Kaspersky is it safe ?
He goes through it a little too fast to help beginners, though it contains useful information.
Did BBC seriously have a poor DMARC config?
pc
What's your take on the US banning Kaspersky?
the way I'm paranoid, Sundar Pichai himself in bone and flesh could come to me and say that I must insert my password to recover my gmail data or something and I would still doubt it and ask questions and do 10 checks before I even click anything
@2:04 shut up exe
2:55, really @RUclips? "Meet Ukrainian Women"?
what is vars total?
What is the solution.
oh sh**
I won't try to trick you, can I have your bank login info please? I did say please.
And your credit card number?
2:55..
see the sponsered ad and thank me later
I feel safe with ESET Internet Security.
I'm sorry, but none of these apply to my laptop which has OpenBSD, neither to my gaming machine which runs Alpine Linux.
AMD pay attention.
Linux: I USE ARCH BTW SO I DONT GET VIRUSES UWU *SNUGGLES*
How do I check and confirm I have a info stealer or not
info stealer would be gone by now usually.
they don’t stick around for very long once they have gathered all that they came for.
@@kaper-wz3wv Is there is way to check cause I play pirated games a lot , I don't have money to buy games for now they are so expensive.
Mac people: "I don't understand why doesn't everyone use Mac."
Windows people: "How do I open my email?"
Linux people: "yeah yeah. I'd use BSD if I could."
Android people: "Why don't I receive stuff from iPhone users correctly?"
iPhone people: "check out this video of my drunk friend falling."
Windows Phone people: "How do I open my email?"
Amiga people: "Ha! You only have 8 bit sound."
hacker or bbc, both nefarious
D: