How to Hack Users like a Pro: tips from Igor Popov

Secure Click News How to Hack Users like a Pro: tips from Igor Popov

How to Hack Users like a Pro: tips from Igor Popov

Hello Peoples,

This is Igor, your friendly cyber-criminal. Many peoples say to me “Igor, I have trouble even turning on my computer. How do you hack into computers in 2022?” Well, here are some tips…


 

“Look over there…it’s a Captcha”

Many users associate Captchas with security. In the last year, myself and my team have used them extensively to persuade even the most prudent of users to click on our links… There’s nothing like a distracting Captcha to drive up those click rates…”Look over there…” lol
 


C++, Python and JavaScript are so last year…

A lot of friends in this industry keep on deploying malware written in C, C++, Python, Visual Basic or JavaScript. However, that’s a tad predictable – a bit like our elections…There’s nothing more I like than deploying a malware curveball. For example, malware written in that little known programming language known as Rust is very good. Most firewalls and email gateways don’t have signatures or heuristics to detect it. This allows our data-stealing havoc-inducing software to slip through like flour through a sieve…And because they user thinks everything is already filtered…it’s win win.


 


SPF and DKIM, don’t make me laugh…

Some security experts talk about SPF or DKIM as if they’re the holy grail of email security. Unfortunately, these email security protocols are like a paper tiger. If I want to bypass these security controls all I have to do is hack one of your users (a spear-phishing email would probably do the trick). Now, I have a nice authorised email account to play around with. This trusted (wink, wink…) email account can then be used to send out those freshly-squeezed and wholesome executables or URLs to everyone in their email address book whilst getting the green light from SPF and DKIM. Or, I could just set up a typo-squatted domain and setup my own DKIM public/private key system.
 
Gain instant trust by piggybacking on trusted services….

Here’s a neat trick. If you want to deliver malware quickly and without fuss, don’t use some random domain registered yesterday. It will stick out like a sore thumb. Instead, why not deliver your malware using Mailchimp, SendGrid or Onedrive. It’s trusted by both users and firewalls. Easy peasy. Open rates will be excellent.
 


Hack like a champ with Google Adwords and Free PDF Converters...

How do I get people to click on my malware delivery campaigns in 2022? Simples. I use Google Adwords and offer them something like a free online PDF converter. Or, I offer them a free flashlight app for their phone. The nitwits get their documents converted and get to see their smartphone flash like a Murmansk lighthouse. In return, we get to secretly install passwords stealers, RDP backdoors and data-stealing chrome extensions onto their devices. Badda boom. Badda Bing.
 
A good hacker always does his homework…


The problem with some cyber-criminal groups is they just don’t do their homework. Their ransomware campaigns fail quicker than a Lada on a Novosibirsk morning. This sloppy work tarnishes the reputation of cyber-criminals. You see before an attack, you need to do the homework first by properly researching your targets. Use the right tools for the job like SharpChrome to steal their Google Chrome logins. While you’re at it, don’t forget to use Adfind to properly enumerate their networks. All of these “research tools” can be sent using a good auld phishing campaign. Knowing your target’s email, VPN and server logins, your crypto-ransomware campaign will run so much smoother (and deeper) into their network.
 


Always engage the Monkey Brain do drive up click rates…

Many peoples say to me. “Igor, nobody will open your stupid emails. They’ll know it’s a scam”. Well, my friends, it is easier than you think.  The average person sees themselves as a perfectly logical human being. They believe they would never fall for a dodgy email…lol. However, I like to see it differently. You see people can use two sides of their brain – the logical brain and the monkey brain.  The logical brain is methodical, analytical, and rational. The monkey brain is instinctive, emotional, gullible and very curious. My emails are designed to engage the monkey part. Send an emotionally charged email to even the smartest user and their monkey brain will kick into action - clicking links and attachments like billio…
 
Have a safe 2022 and remember to stay curious.
Yours,
Igor.
 

 
 


Got a question?

If you would like to make an enquiry about any of our services click the "Contact Us Now" button and fill in your details.