Common types of hacks & how to avoid them in 2024 - Surfshark (2024)

Common types of hacks & how to avoid them in 2024 - Surfshark (1)

How much can a single click cost you? Sometimes, a few seconds of your time if you accidentally follow a link, or a few nerve cells if the website bombards you with ads and pop-ups. Other times, a single click can cost you your credit card, a beloved phone, or an entire business.

Hackers are always on the lookout for new ways to exploit vulnerabilities on different networks, mobile devices, and computer systems. So how do you protect your online data from hackers? By looking into the most common types of hacks and hackers and learning how you can prevent yourself from becoming a victim.

Table of contents

    Common types of malicious hacks to be aware of


    Common types of hacks & how to avoid them in 2024 - Surfshark (2)

    As a broad umbrella term, malware refers to any computer virus, worm, trojan horse, spyware, ransomware, adware, or other malicious software. It’s been plaguing us since the dawn of computers and can sneak into your device without you knowing. For example, you might get it when visiting an infected website or downloading files from unknown sources.

    Tips to avoid malware

    • Use antivirus and malware protection software to monitor your computer system;
    • Use an Adblock VPN to protect yourself against ads and harmful websites;
    • Update your PC and software regularly, so all vulnerabilities and identified weaknesses get patched;
    • Don’t open email attachments from unknown sources. Scan all files and photos you download with an antivirus before opening them;
    • Don’t download anything from pop-up windows.

    Can a VPN help prevent malware?

    Surfshark’s CleanWeb Adblock VPN protects you from malware by keeping you from visiting malicious sites and clicking dangerous links. It also blocks known harmful ads and prevents viruses so you can browse safely.

    Injection attacks

    This refers to altering the code of a program by ‘’injecting’’ malicious code into its programming, resulting in a different execution of the program. Usually, it means hacking a web page.

    In most cases, such attacks allow hackers to gain access to information they wouldn’t otherwise be able to access. This information could be sensitive data like login credentials, payment information, etc. There are two types of injection attacks.

    SQL injection

    This technique exploits server-side security vulnerabilities and targets the server’s database. An attacker inserts malicious code, modifies or deletes database data, or even issues commands to the underlying database management system by injecting SQL statements. These are then executed as part of the original database system.

    Cross-site scripting

    Works similarly to SQL in how the code is injected and differently in how the attack exploits client-side vulnerabilities and targets other server users. A site will have injected code into its content and then deliver the malicious script to visitors.

    Tips to avoid damage from injection attacks:

    Since this hacking technique happens at the code level, there is not much that consumers can do to protect themselves other than stay informed about websites that have been hacked.

    In theory, services should notify you if leaks happen. However, many companies hide such facts until the last minute to postpone reputation and revenue losses. Even then, information about leaks usually appears in hacker forums before the companies announce it. To avoid possible damage, get a service that notifies you if any breaches happen to your email, ID, or password, like Surfshark Alert.

    Can a VPN help prevent SQL injections and cross-site scripting?

    No. Injections are not something VPNs can assist with since it impacts databases on a fundamental level involving code.

    DNS (Domain Name System) spoofing

    Known as DNS cache poisoning as well. A DNS cache is a storage place that stores and saves DNS records of already visited domain names. A DNS cache is used to get a faster response for DNS queries of domain names that have been recently visited.

    DNS spoofing means injecting forged entries into the DNS cache in order to redirect people to other than intended websites.

    To put this method in layperson’s terms, a DNS cache ‘’remembers’’ the address of the website you visited, and the next time you go to it, a DNS cache is used to get the address. A DNS cache poisoning rewrites that address.

    Tips to avoid DNS spoofing:

    • Make a habit of using services that use the DNS security protocol (DNSSEC);
    • Filter your DNS servers;
    • Lower the time-to-live value (TTL) of your DNS caching servers (WARNING – lowering it will cause the web page to load slower, so it’s best to tweak around and find a balance between optimal performance and good security);
    • If you’re a business running a sizeable network – invest time into DDI (DNS, DHCP, and IPAM) and hire a security specialist to manage your network.

    Can a VPN help prevent DNS spoofing?

    Yes, a VPN will prevent DNS cache spoofing from happening. But there’s a catch – if you’re not connected to a VPN and your DNS cache is already poisoned, you might have trouble connecting to a VPN.

    Watering hole attack

    A watering hole attack is a hack that uses multiple techniques to get confidential data.

    Named so because of the way some hunters hunt. Instead of chasing prey, they wait for it where it’s most likely to go – a body of water. A hacker uploads malicious code onto the webpage, and eventually, unsuspecting page visitors trigger the code and download it. A watering hole attack targets the site you’ll eventually visit.

    Techniques hackers use in watering hole attacks:

    • SQL Injection: a hack used to steal user data;
    • Cross-site scripting (XSS): this happens when a hacker injects malicious code into the site’s content;
    • Malvertising: a harmful code is injected into an advertisem*nt in a similar way to XSS;
    • DNS spoofing: hackers use this technique to send targets to malicious pages by tweaking DNS requests;
    • Drive-by downloads: downloading malicious content without the person’s knowledge or action. For example, when an automated update download happens, the hackers put their corrupted files into the bundle of normal files;
    • Zero-day exploitation: zero-day vulnerabilities on a website are common hunting grounds for watering hole attackers.

    A watering hole attack may lead to the hacker downloading and installing malware onto your device. For example, a keylogger – an intrusive spyware running in the background and recording the keystrokes you make when you type anything (read: password) on your device.

    Tips to protect yourself from watering hole attacks:

    • Keep all your software up-to-date to prevent any exploits the older versions may have;
    • Have a reliable antivirus software scanning for any unplanned downloads;
    • Keep one eyeball on your web traffic for any strange apps running in the background;
    • Stay informed and avoid visiting leaked websites.

    Can a VPN help prevent watering hole attacks?

    The answer lies somewhere in the middle. For a watering hole attack to work, a hacker must profile the audience first. Then, according to the victim profile, they choose what sites to target. A VPN disguises your online activity making it impossible to profile you as a potential victim. However, a VPN doesn’t grant you immunity against everything else.

    Bait and switch

    Bait and switch hacking lures victims into downloading malicious software or clicking on malicious links by disguising them as legitimate. Bait and switch links are often disguised as anything from pictures to video files or social media links. So the following tips are very important for those who want to avoid getting hacked on social media.

    Tips to avoid bait and switch hacks:

    • Use ad-blockers and browser extensions that block known malware sites;
    • If a reputable website promotes anything unusual, be sure it’s genuine by going directly to their official page and looking for the deal;
    • Check if hackers hijacked the websites with tools like URLvoid or VirusTotal;
    • Look for signs of malicious apps and software using anti-malware or antivirus tools;
    • Avoid ads or websites that promote too-good-to-be-true deals or free stuff;
    • Beware of poor grammar in emails or websites. You can check if the text has any mistakes by copying it into Grammarly.

    Can a VPN help prevent bait and switch?

    CleanWeb’s database includes approximately one million infected websites and ads. Surfshark will prevent the site or ad from loading if a harmful website is in the database.

    Cookie theft

    Common types of hacks & how to avoid them in 2024 - Surfshark (3)

    Cookies are files that record your online browsing data and preferences. Using a victim’s session ID, hackers can duplicate that cookie and hijack your session even if your user credentials are encrypted.

    After cookie theft and session hijacking, hackers can access your active session (i.e., whatever you’re doing on your browser at that moment). That’s why many websites ask you to log in after five minutes of inactivity. Most cookie theft occurs through unsecured public Wi-Fi.

    Tips to avoid cookie theft:

    • Use a VPN when connecting to a public Wi-Fi network, or avoid public hotspots altogether;
    • Clear your cookies after each browsing session (or set your browser to do so automatically). Also, check out our article on how to stop cookie pop-ups;
    • Use a VPN to encrypt your internet traffic;
    • Only browse on HTTPS connections. HTTP connections are not secure, and your browser will warn you if you try to connect to an HTTP site. If unsure, look for the lock icon next to your URL in the address bar.

    Common types of hacks & how to avoid them in 2024 - Surfshark (4)

    Can a VPN help prevent cookie theft?

    Yes, a VPN encrypts and hides your internet traffic and the cookie information you exchange with the website.

    Fake WAP (Wireless Access Point)

    Fake WAP is a cyberattack when a hacker sets up a fake Wi-Fi spot with a convincingly real name in a public location (e.g., “Starbucks WiFi”). When you connect to this fake spot, hackers can monitor and modify internet connections to steal sensitive data or compel users to download malware onto their devices. Such attacks also lead to Man-in-the-Middle hacks, which we will discuss next.

    Tips to avoid fake WAP attacks:

    • Avoid public Wi-Fi connections if possible, or use a VPN when you do use it;
    • If you have to connect to public Wi-Fi, search the location for an official Wi-Fi network name and password. To be extra cautious – ask an employee what the legitimate network is called before connecting;
    • Encrypt your internet traffic with a VPN.

    Can a VPN help prevent fake WAP attacks?

    Yes! Surfshark VPN encrypts your data, making it impossible for hackers to access your browsing information. It is still best to avoid fake WAPs in the first place, though.

    Man-in-the-Middle attack

    Common types of hacks & how to avoid them in 2024 - Surfshark (5)

    Man-in-the-Middle attacks are a type of cyberattack where the hacker places himself between two parties communicating over a connection. This allows him to intercept, modify or prevent their communication.

    For example, assume you get an email from your bank asking you to confirm your contact data. The email contains a link to your bank’s website, which you click and then log in. But the website isn’t the bank’s, and you’re really giving the attacker your credentials.

    The worst part about this attack is if the hacker’s already in the middle, encryption won’t help.

    Tips to avoid Man-in-the-Middle attacks:

    • Carefully check websites and URLs for typos, domain spoofing, etc. (learn more about URL structure and how to spot fake websites in our article URL phishing: Links engineered to hook you);
    • Make sure you browse on secured websites with HTTPS in the browser;
    • Make sure you are browsing a legitimate website using URLvoid or VirusTotal;
    • If you are unsure about scenarios like the bank example, type the URL into the browser as you normally would instead of clicking the link;
    • Avoid connecting to public Wi-Fi networks. Use a VPN if you absolutely need to use public Wi-Fi;
    • Protect yourself against malware by using malware protection software.

    Can a VPN help prevent Man-in-the-Middle attacks?

    Surfshark VPN can help prevent Man-in-the-Middle attacks because it hides browsing data. However, once a Man-in-the-Middle attack has happened without an encrypted connection, a VPN can’t help.

    Denial of Service/Distributed Denial of Service (DoS/DDoS)

    A denial-of-service (DoS) attack is a cyberattack in which the perpetrator seeks to make a service unavailable by flooding it with requests (you make a request to a website every time you try to access it).

    In contrast, a DDoS attack involves multiple machines that generate data requests from different IP addresses, making it challenging to filter out malicious traffic.

    DoS and DDoS attacks are hard to defend against. This can either crash or slow down servers and make business websites unusable. Cutting off a business from the internet can cost them a lot of money.

    Tips for individuals to avoid DoS/DDoS attacks:

    • Reset your IP address on a regular basis;
    • Always check the links you’re about to follow from emails or random parts on the internet with VirusTotal;
    • Improve your home connection by regularly renewing your hardware and making sure it’s up to date.

    Tips for organizations to avoid DoS/DDoS attacks:

    • Move to a cloud. Clouds have more bandwidth and stronger network security than most private networks and are safer against DoS attacks;
    • Look out for unusual activity outside of the network’s normal traffic pattern;
    • Promote good cybersecurity and network security hygiene practices among your employees;
    • Boost your bandwidth to handle more traffic volume;
    • Have a response plan in place to quickly recover in case of attack.

    Can a VPN help prevent DoS/DDoS attacks?

    A VPN can help prevent DoS/DDoS attacks to the degree that it hides your real IP address. However, if someone already has your IP address and tries to flood it with requests, a VPN can’t do anything in this case.


    Common types of hacks & how to avoid them in 2024 - Surfshark (6)

    How do hackers get your information? Usually, it’s via phishing — a cyberattack that aims to lure its victims’ credentials out without making any changes to a device. It can come as email, text, or phone call and appear to be from a trustworthy source but is actually from someone trying to gain access to personal information. These emails often ask for specific data like credit card details, account numbers, passwords, PINs, and more.

    Phishing emails usually include intimidating messages that urge the receiver to respond immediately. They typically incorporate the organization’s trademarks and design components to make a phishing attack seem more official. These attacks are one of the most popular methods hackers use to steal your data.

    Want to learn more about this hacking technique? We’ve got you covered on information about phishing.

    Tips to avoid phishing attacks:

    • Think twice before you hand over sensitive information. Verify that the message actually came from the claimed sender;
    • Look for grammatical errors, logos that look just a bit off, strange formatting, and other signs that are not typical of the company or person the sender claims to be;
    • Don’t open attachments that come in your email. Always scan them for viruses and malware on cybersecurity sites we‘ve mentioned before;
    • Never blindly follow links in your emails. Hover over them to see where they actually lead and check the URL on cybersecurity websites if it’s looking phishy;
    • Watch out for a sense of urgency in a phishing email. This method gets users to hand over information or click links quickly without thinking about it;
    • Read cybersecurity news to stay informed of the latest phishing techniques; they are constantly evolving.

    Can a VPN help prevent phishing attacks?

    In most cases, Surfshark’s CleanWeb can help with phishing links and malicious ads. But be cautious about handing over information such as financial data or passwords since no VPN can help in that scenario.


    Common types of hacks & how to avoid them in 2024 - Surfshark (7)

    Better known by its ‘’street’’ names – the overlay attack and UI redressing attack. A hacker hijacks your click by getting you to click on a legitimate-looking link, which, in fact, is malicious. This is achieved by putting up a transparent window over the one you’re on. Often, such a click takes you to another webpage that looks like the legitimate one you’ve just visited.

    This attack looks like a MIITM attack and works similarly to a watering hole attack, but it primarily aims at web pages.

    Tips to avoid clickjacking attacks:

    • Stay inquisitive when clicking on links – hover over where you’re about to click, and a grey box at the bottom of the screen will appear with a URL. Check if the domain name is the same as the one you intend on visiting;
    • Be aware of social engineering – many clickjacks happen with the help of phishing on social platforms, and what seems like a legitimate message from a service provider might be a hacker waiting for you to comply with a request;
    • Use browser extensions and add-ons search for clickjacking preventative add-ons that are compatible with your browser.

    Can a VPN help prevent clickjacking?

    Sadly, no. A VPN only covers user-end issues and doesn’t cover the provider-end.

    Types of hackers to be aware of

    Hackers are categorized into three main groups – black hat, gray hat, and white hat hackers. The hats refer to old western movies, where the good guys wore light-colored hats, and the bad ones wore black. There are also subcategories branching out of the main three, but generally speaking, the moral intent of the hack describes the color of the hat.

    Black hat hackers cyber terrorists and cybercriminals who look for exploits to further their own goals by abusing others.

    Gray hat hackersthe moral gray area of hackers – sometimes hack into networks to steal, sometimes to help.

    White hat hackersethical hackers that protect people by providing cybersecurity and fixing vulnerabilities in often used systems.

    Red hat hackersfighting fire with fire – people using illegal means (infecting systems, DDoS attacks, etc.) to fight black hat hackers;

    Green hat hackers – people who are new to hacking and eager to learn. Usually not malicious, but can cause harm while learning to hack.

    Blue hat hackers – hackers who hack into systems to take revenge on an organization. Usually, a blue hat hacker will be an ex-employee seeking revenge on a former workplace.

    Hacktivists – people who form hacker groups to target terrorists, criminals, and sometimes organized crime.

    Script kiddiesamateur hackers who lack the expertise to write their code, so they use other people’s scripts.

    Tips to protect yourself against hackers

    All the types of common hacking techniques may seem daunting, but you can generally protect yourself online with the following tips:

    1. Always keep your software up-to-date. Companies often release patches for security vulnerabilities;
    2. Enable firewalls. They won’t block all hackers, but they will slow them down;
    3. Use antivirus software to catch malware and viruses quickly;
    4. Change your router’s password and firmware regularly. Disable UPnP, Remote Access, and WPS to increase security;
    5. Avoid using public Wi-Fi without a VPN. Since it’s unsecured, most hackers can easily gain access to your information and steal your data;
    6. Use a VPN. VPNs encrypt your browsing data and IP address, so it protects against several types of hackers;
    7. Stay up to date on the latest threats in cybersecurity.

    Protect yourself from different types of hacks

    Cybersecurity is already paramount in our lives, and it will only get more important as our lives become more digital. There are two things that can help you protect yourself from cybercriminals and different types of hacks – tools and awareness.

    For tools, I recommend you start using a VPN and antivirus software every day (Surfshark has both). For awareness, cybersecurity blogs and news sites can help you out. And if you prefer more digestible content, check out our YouTube channel for the latest Cybernews.

    Browse without fear with Surfshark

    Protect yourself


    What is the biggest hack in history?

    Yahoo got hacked in 2013 – around 3 billion accounts were compromised, with 500 million more the following year. The hackers got their hands on names, security questions, passwords, and contact details.

    What are the most famous hacks?

    In chronological order:

    1995 – The Citibank Hack;

    1999 – The Melissa Virus;

    2000 – The Mafiaboy Attacks;

    2001 – The American Military Hack;

    2005 to 2012 – The American Businesses Hacks;

    2006 – The Iceman Hacks;

    2008 – The Heartland Payment Systems Hack;

    2008 to date – The Conficker worm;

    2010 – The Nasdaq Hacks;

    2013 – The Spamhaus DDoS Attack;

    2013 – The Yahoo Hacks;

    2014 – The iCloud Celebrity Hacks.

    Who is the no. 1 hacker in the world?

    Kevin Mitnick is considered to be one of the best. He’s a controversial hacker who turned to ethical hacking. He was once ranked FBI’s most wanted hacker for hacking over 40 corporations, with Nokia and Motorola among them. Since the 2000s, he turned to consulting and quickly became a well-renowned and sought-after security expert.

    Common types of hacks & how to avoid them in 2024 - Surfshark (2024)


    What are 3 things you can do to avoid being hacked? ›

    How Not to Get Hacked
    • Tip #1: Look for the Lock. ...
    • Tip #2: Check the URL. ...
    • Tip #3: Only Download From Trustworthy Sources. ...
    • Tip #4: Install Security Updates. ...
    • Tip #5: Do NOT Email Private Data. ...
    • Tip #6: Use Strong Passwords. ...
    • Tip #7: Use Multiple Passwords. ...
    • Tip #8: Enable Two-Factor Authentication.

    Can someone hack my phone through VPN? ›

    VPNs are extremely useful, but it's important to understand their limitations. They can protect your data while it's traveling from your device to the VPN server and back. They cannot combat hackers if they have directly accessed your phone or are waiting on the destination side when your data arrives.

    Will a VPN prevent me from being hacked? ›

    VPNs mask your IP address making it difficult for cybercriminals to know what your actual IP address is. This can prevent them from being able to hack your device or network remotely.

    How do I know if my IP address has been hacked? ›

    15 Signs Your IP Address Has Been Hacked
    • Traffic redirects. You end up on a website that you didn't search for — or have browser windows open behind your current tabs.
    • Pesky pop-ups. ...
    • Malware in your browser. ...
    • Account takeovers. ...
    • Collateral damage. ...
    • Unstable internet. ...
    • Rogue devices. ...
    • Successful phishing.

    What is the most common hack? ›

    The 15 most common hacking techniques
    1. Phishing. Phishing is a type of cyberattack typically launched via email, although other types exist. ...
    2. Keylogger. ...
    3. DDoS Attacks. ...
    4. Cookie theft. ...
    5. Fake WAP. ...
    6. Troyanos. ...
    7. ClickJacking Attacks. ...
    8. Bait and switch.

    What is the first thing you do when you get hacked? ›

    Instead, report it immediately. If it is a personal system or account that has been hacked, here are some steps you can take: Recovering Your Online Accounts: If you still have access to your account, log in from a trusted computer and reset your password with a new, unique and strong password — the longer the better.

    Can Surfshark be hacked? ›

    Surfshark VPN encrypts your data, making it impossible for hackers to access your browsing information. It is still best to avoid fake WAPs in the first place, though.

    What doesn't a VPN protect you from? ›

    VPNs are not designed to protect your device from malware, viruses or other cyber threats. They secure your data transmission and mask your online identity, but they don't have the ability to scan or block malicious software. Therefore, it's essential to use additional security measures alongside a VPN.

    What is the most secure VPN? ›

    Most Secure VPNs in 2024
    • NordVPN – the overall best secure VPN.
    • Surfshark – the most secure cheap VPN.
    • IPVanish – safest VPN for the USA market.
    • ExpressVPN – private and safe VPN.
    • CyberGhost – a secure VPN with lots of servers.
    May 24, 2024

    Is Surfshark a good VPN? ›

    Cybersecurity experts value Surfshark VPN for industry-leading encryption, great streaming speeds, unlimited connections, and a broad network of servers. “In a crowded field, Surfshark VPN continues to impress, making it an Editors' Choice winner.”

    Can your smart TV be hacked? ›

    Since smart TVs are IoT devices that connect to the internet, they can be vulnerable to cyber attacks and can be hacked by cybercriminals. You need to secure your smart TV by keeping your software up to date, using strong passwords on your accounts and devices, securing your router and turning on security settings.

    Does a VPN protect your bank account? ›

    When you're traveling: using a VPN for banking also helps keep your account safe, as banks may become suspicious when you access it from another country. In the worst-case scenario, you can end up locked out of your account while abroad. You can avoid that with a VPN — just connect to a server in your home country.

    Will changing my IP address stop hackers? ›

    If someone has your IP address, they could send you spam or restrict your access to certain services. In extreme cases, a hacker might be able to impersonate you. However, all you need to do to fix the problem is change your IP address.

    How do you know if your IP address is being monitored? ›

    There's just no way of knowing who is running your IP address through any type of IP lookup service. It could be your bank, your real estate agent, or a tech-savvy teenager who's also a hacker. It is possible to be traced by someone—a stalker, an investigator or even a criminal—via your IP address.

    How do you reset your IP address? ›

    1. Go to settings.
    2. Select connections.
    3. Select Wi-Fi.
    4. Choose the settings icon next to your current network.
    5. Go to IP settings and select Static.
    6. Type in your new IP address.
    Dec 6, 2023

    What are 3 ways you can ensure your safety if you get hacked? ›

    Protecting Online Accounts
    • Delete suspicious emails. It is best to delete spam or dubious-looking emails without opening them. ...
    • Use secure devices. ...
    • Create strong passwords. ...
    • Use multifactor authentication on your accounts. ...
    • Sign up for account alerts.

    What are the 3 key prevention measures of cyber attacks? ›

    Some of the ways how to avoid cyber-attacks or minimize the phishing attack are:
    • Make use of anti-phishing tools.
    • Scrutinize the emails.
    • Keep updating the passwords.
    Apr 25, 2024

    How can we keep safe from hackers? ›

    17 Ways To Prevent Hacking and Protect Yourself From Hackers
    • Use strong and unique passwords.
    • Store your passwords in a password manager.
    • Enable two-factor authentication (2FA)
    • Use an authenticator app for 2FA.
    • Make sure you have a secure backup email and phone number.
    • Learn to spot the warning signs of a phishing scam.
    Nov 27, 2023

    What are the 3 hackers? ›

    White hat hackers probe cybersecurity weaknesses to help organizations develop stronger security; black hat hackers are motivated by malicious intent; and Gray hat hackers operate in the nebulous area in between — they're not malicious, but they're not always ethical either.

    Top Articles
    Latest Posts
    Article information

    Author: Allyn Kozey

    Last Updated:

    Views: 5902

    Rating: 4.2 / 5 (43 voted)

    Reviews: 90% of readers found this page helpful

    Author information

    Name: Allyn Kozey

    Birthday: 1993-12-21

    Address: Suite 454 40343 Larson Union, Port Melia, TX 16164

    Phone: +2456904400762

    Job: Investor Administrator

    Hobby: Sketching, Puzzles, Pet, Mountaineering, Skydiving, Dowsing, Sports

    Introduction: My name is Allyn Kozey, I am a outstanding, colorful, adventurous, encouraging, zealous, tender, helpful person who loves writing and wants to share my knowledge and understanding with you.