We are increasingly aware of the importance of passwords: we create stronger ones, change them regularly and make sure not to use the same ones for everything. We also know that one of the biggest risks we face is password theft, since passwords unlock our information. But are we as careful with the passwords we store in our browsers?
A browser "hijacker" is one of the many types of malware that can compromise our security when surfing the Internet.
One of the functions browsers commonly offer is saving passwords so that you don't have to remember them or type them in, and so log in with just one click. This can help us work faster, but we must remember it entails serious risks.
Rather than making it easier for us to manage our information, this practice leaves us highly exposed if our device is accessed. Web browsers typically store credentials in an encrypted format within a credential store. However, cybercriminals have the techniques to get their hands on them.
How do cybercriminals get at credentials stored in the browser?
Some sites, usually online games or adult content, require you to install additional software. The software may be malicious. It takes control of the browser to spy on you, steal your information or display misleading advertising. The advertising itself may contain links to other pages created by cybercriminals that impersonate the original ones, where they can deceive you to get hold of your credentials.
You should suspect an attack when you notice a change in the behavior of your browser. For example, if the home page changes, or you start to see more advertisements than usual or, you notice new tools or icons in the browser that were not there before.
Besides browser hijackers, there are other types of hijackers affect connections, web pages, open sessions and internet domains.
To protect yourself from this type of attack, be careful about the security of your devices and browser. You can use some tips that will help keep you safe:
- Avoid downloading software when browsing web pages.
- Install and keep updated an antivirus and/or security software to protect your devices.
- Keep software always up to date to avoid security vulnerabilities that can be exploited by cybercrime.
- Look at the address of the page in the browser bar when browsing a web site: if you suspect the site is not the original one, stop browsing the site and avoid entering personal data.