The difference between "http" and "https":HTTP: Hypertext Transfer Protocol - an early method of transfering data from a web server to your browser. This information is not encrypted, making it very easy to steal.
HTTPS: Hypertext Transfer Protocol Secure - This is the modern way of doing what HTTP does, just with added security. HTTPS requires a Secure Sockets Layer certificate (SSL) so that data sent between the website and browser is fully encrypted.
This sort of attack is known as a Man In The Middle attack (MITM). This allows the hacker to re-configure your connection to send information such as usernames or passwords to the hacker performing the attack.
Other Common Attacks
Keylogging - A relatively simple attack used to steal anything a user has typed. This attack is based on a virus that "logs" or stores the users keyboard input into a file that is either on a the victims system, or on the attackers system (usually stored on the attackers system). The code for this virus is small and can be stored in any file you can download from the internet (ex: .EXE, .PDF, .TXT, .MSF, .INI, .JAR, .JPG, .PNG, etc.). Once the file is opened, the system is infected and has begun recording what you type. Every so often, the attack will come from an infected website that requires you to simply hover over the link to the website thus infecting your system.
Trojan Horse - A Trojan Horse, or Trojan, is an attack that requires you to download and execute an infected software installer. The trojan is installed in the background immediately upon receiving elevated privileges. The attack opens a backdoor on your computer and connects back to the attacker. The attacker then has full, unrestricted access to your computer and can further attack your system.
DoS - A Denial of Service attack uses one computer to flood a server with connections until the maximum number of connections is reached. Once this limit is reached, the site can no longer be accessed by outside sources until the attack is stopped.
DDoS - A Distributed Denial of Service attack is an attack that utilizes large botnets to flood a server with connection requests. Once a server has reached its incoming connection limit, the site is unable to allow other clients to connect. This attack is often used to blackmail a company, or group to get something the attacker wants.
How can you protect yourself?
The Department of Homeland Security recommends multiple ways to be cautious and safe while online.
Their preventataive suggestions are:
- Never click on links in emails
- Never open the attachments
- Do not give out personal information
- Set secure passwords and don't share them with anyone.
- Keep your operating system, browser, anti-virus and other critical software up to date
- Verify the authenticity of requests from companies or individuals by contacting them directly
- Pay close attention to website URLs
- For e-Mail, turn off the option to automatically download attachments
- Be suspicious of unknown links or requests sent through email or text message
The DHS also suggests to use a combination of numbers, special characters, and both lowercase and capital letters when creating your passwords, as that makes them harder fro attackers to crack.