8 Most Common Online Cybersecurity Threats Everyone Should Know About by Zehra Ali


The cybersecurity threats are increasing day by day and it can be extremely risky in the Internet world. The cyber threats and cybercrimes have risen so much that cybersecurity is not just a slogan or catchword but something serious which we have to worry about.

With the evolution of the World Wide Web, many internet nasties are playing on the susceptibilities to target computers and save personal information or data of the users. Most of the time we are not aware of the data being retrieved.

With foremost data infringement on rising, both business people and general users should take the necessary steps to protect and secure themselves. Following mentioned below are 8 most common online cybersecurity threats everyone should know about and how you can defend yourself.

Most Common Online Cybersecurity Threats:

1 - Phishing:

Phishing is a common type of fooling, tricking, and counterfeit activity in which fake websites, fake emails, and text messages are sent by intimating a legal source such as a bank. Such emails are often sent to get the user’s password and credit card details. It is generally carried out in a well organized and official way to urge users to take actions.

In this form of activity, the user is often asked to update or approve their accounts in order to acquire their personal information. Facebook has become a common vehicle for phishing. The infected accounts sent malware links to other people via messenger.

How to defend yourself?

You can avoid phishing by not opening the unwanted and uninvited attachments, clicking links in emails especially emails sent by a financial organization. It is recommended to open the link manually in the browser. Also, check the headers before opening an odd email from a friend.

Avoid using sites that do not offer HTTPS protected browsing and also add an SSL certificate to the site being used to form secure HTTPS connections, which will protect users from phishing.

If you’ve been hit?

You can change your password and can also put a lock on your credit so, nobody can try to open a fake account on your name.

2 - Ransomware:

Ransomware is a form of malware, which after restricting access to files and computers compels users to make payment in order to remove the restrictions. The phishing emails and website emails are the frequent types of injections.

Ransomware is basically of two types i.e. encryption ransomware and lock screen ransomware. The encryption ransomware stops the user from accessing a file on computer hard drive by encrypting them whereas lock screen ransomware stops from accessing the computer by image methods.

To gain computer access, ransomware will show a notice or warning on the computer that it has been locked and requests for payment to unlock it.

How to defend yourself?

Since ransomware are spread via email or by cooperated websites. Thus, avoid opening of any unwelcome or unwanted attachments or click on links in the emails.

If you’ve been hit?

Always keep backups. Don’t ever pay the ransom and do check online to see if there is a decryptor tool announced by cybersecurity organizations.

3 - Cryptojacking:

This is the recently emerged online cybersecurity threat. Cryptojacking is a condition in which the malware rob some of the processing power to extract or mine cryptocurrency. This condition usually happens when any site is visited by means of JavaScript exploit. However, in some cases, it has also happened by using public Free Wi-Fi and phishing attacks.

How to defend yourself?

It is suggested not to click on links in emails. Frequently run an updated antivirus. Use an ad blocker as most of the cryptojacking scripts runs through advertising networks. However, users can also consider specific extensions which are generally designed to block cryptojacking scripts.

If you’ve been hit?

The cryptojacking scripts don’t cause any harm to the files but slow down the system and cause hardware wear. Running antivirus software can be useful in tackling the problem and will also ensure that nothing is been running outside the web browser.

4 - Spear Phishing:

Spear phishing is a fraudulent email-fooling act, which targets individual, specific organization, trying to seek illegal access to complex and delicate information or data.

The emails normally deceive friends or colleagues. It has been written by a bot to get through someone’s protector.

How to defend yourself?

It is recommended to always check that from where the link or email have come from.

If you’ve been hit?

If you’ve been a victim of spear phished then you must warn your surrounding ones to avoid a similar situation.

5 - Man in the Middle Attacks:

When you assume that you are sending data to one site but in reality, it is being hijacked and forwarded to other sites too so, this condition is known as the man in the middle attacks. It usually occurs because of inactive malware which is present on the system for quite some time. It looks like you are entering your data on a right and suitable network but in reality it is not like that.

How to defend yourself?

You can defend yourself by preventing being phished and by running up-to-date anti-virus software’s on all devices including phones too.

6 - Mobile Malware:

Mobile malware is malevolent software, which typically targets phones and wireless devices. There are various types of mobile malware but among all trojans are the most common and prevalent form of malware which easily gets onto a phone. It is now a myth that users shouldn’t worry about viruses on their phones. The mobile malware collapses the system and results in the loss of personal and private information.

How to defend yourself?

It is suggested for the users to always run anti-virus software on the phone. Secondly, make sure that the phone is always backed up and avoid downloading apps from sideloading apps other than the app store.

If you’ve been hit?

It is recommended to only reload data and reinstall apps from the app store. Delete and uninstall unnecessary apps.

7 - Malicious or Fraudulent Ads:

The poorly-coded ads may not be real malware however they may act in a way that they take over user’s CPU and cause the system to run poorly. Malvertising is an emerging online threat and many reliable websites have fallen victim to advertising network which has presented malware to the visitors. Although some of the ads are programmed to target only people with the help of certain devices or even in specific geographic areas, therefore, in such cases the website owner may not know who they actually are.

How to defend yourself?

You can run an ad blocker to prevent this situation or can also select to whitelist sites you wish to support and trust that they won’t run any bad ads.

8 - IoT Problems:

The IoT assures to increase ease and opportunities for everyone but unfortunately, when we consider our home as a computer so, everything becomes extremely difficult and hacked producing some serious cybersecurity risks.

How to defend yourself?

Try to update the Linux kernel on all IoT devices including DVRs and routers. Use a strong password for all devices and connected accounts. Try to adjust the device settings in a way that smart home devices are not casually listening. Change the default name, the password for all wireless networks and avoid using original address and name. Also, change the wake word on the devices to something which is only known to the family members. Try to choose a wake word which is probably not used in casual talk or conversations.

If you’ve been hit?

It is recommended to change passwords and even device wake word to something which is known to only family members.

In addition to the above mentioned preventive measures, you can also consider DNSSEC-validating DNS services, which keeps a check on the connections and ensures that these connections are being made with real and authentic servers, removing hack attacks and redirection to false and bogus sites. Users can also use domain privacy services which hide their WHOIS domain contact details from identity robbers along with other cybercriminals.

The simplest measure to tackle online cybercrimes and threat is to get online via VPN. A VPN protect and secure all devices from a man in the middle attacks, cryptojacking, and other various malicious software’s. Moreover, VPN also hides user IP address which makes it difficult for the people to know who the actual user is and from where are they are accessing and how to enter in their networks.

About the Author:

Zehra Ali is a Tech Reporter and Journalist with 2 years of experience in infosec industry. She writes on topics related to cybersecurity, IoT, AI, Big Data and other privacy matters on various platforms. She is also the Editor at PrivacySniffs.

November 14, 2018


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
4 years ago

What’s crazy that you don’t even have to use public wifi to be hacked. You might connect to your friend’s wifi or hotspot which was hacked and get your information leaked or hijacked then. The VPN provider that I use even has a feature that, when you connection to any unknown (or even known) wifi, it automatically connects you to VPN. That’s why I have Surfshark set up both on my phone and laptop. That erases the risk of me forgetting to do it myself and makes me feel safe at all times.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023