Cybercriminals are coming up with new ways to get at your personal data all the time. Recently, hackers showed that they could use a simple phishing email to hack into your router and eventually steal your sensitive financial information. Luckily, there's something really simple you can do to prevent the attack.
Recently, some Internet users in Brazil received emails that looked like they were from their Internet service provider, but they were actually phishing emails sent by hackers. Security company Proofpoint found that if users clicked the link in the email, it sent them to a fake website that ran malicious code that added the hackers' DNS server to the victim's router.
“There is virtually no trace of this thing except for an email,” said Kevin Epstein, vice president of advanced security and governance at Proofpoint. “And even if your average user knows to look at his router’s DNS settings, he’s unlikely to notice anything wrong or even know what his normal DNS settings should be.”
A DNS server is a website directory that helps your browser connect to the sites you want to look at. By replacing your default server with their own, hackers can redirect your requests to fake sites. So, when you go to visit your bank's website, the hackers could potentially redirect you to a malicious lookalike site that's actually stealing your login information.
During the recent phishing attack in Brazil, the hackers accessed routers by trying out different default usernames and passwords that came on routers provided by the ISP. Most people fail to change their default passwords, which opens them up to attacks like this.
That means you can protect yourself simply by replacing the default password with one that is much more secure. You can change your password in a few steps and protect yourself from attacks like this.
To change your password, you have to log in to your router. To start, open your Web browser and type in your router's IP address. It varies by router, so you'll need to find that in the manual. For many Netgear routers, for example, it's 192.168.0.1. A box will pop up asking for your username and password, which you'll also find in the manual.
Every router is different, so you will have to consult with your manual or the manufacturer's website to find out how to change your password once you're logged in. The option is usually located under a tab labeled "Advanced" "Security" or something similar.