Never Do These 6 Things: They Are Traps Set by Hackers

Hackers thrive on simple mistakes like clicking fake links, running scripts, or giving out OTPs. These slip-ups almost always lead to a security breach. If you want to stay secure, never do the following things, no matter how tempting the outcome may be, and prevent getting hacked.

1. Never Disable Any Security Features to Install an App

Hackers often attract users with handy software (infected) that provides functions too good to pass up. Of course, security systems easily detect malicious software and block it. However, they will instruct the user in an associated tutorial or a readme file to disable a security function that could detect it.

Of course, they will give a solid reason why it needs to be disabled, like “Since our software accesses system files to (whatever it does), it gets flagged by Windows Defender.”

The common security functions hackers ask to disable include antivirus software, firewall, Windows UAC, Mac Gatekeeper, etc. These either prevent the installation of a malware program or specific functions of it.

If you do comply, it can lead to malware installation like keyloggers, trojans, ransomware, etc., and even kernel-level malware if you completely disable security features.

You should always ignore such instructions, no matter how tempting they may seem. While it’s true that some legitimate software that can access sensitive system files also gets flagged by antivirus, the risk of infection is higher. If you must take the risk, it’s better to try it on a virtual machine so that your main system isn’t exposed.

2. Never Give Away Your One-Time Passwords (OTP)

Temporary one-time passwords are one of the most common methods for two-factor authentication. Hackers can convince you to share the OTP you received via email or text to hack your account or authenticate other sensitive actions.

OTPs are used to authenticate logins, financial transactions, password reset requests, change sensitive account information, verify new locations, and more. This means hackers can use many tricks to convince you to share the OTP, as there can be many scenarios where an OTP is sent.

In most cases, they disguise themselves as officials, such as customer support representatives, and ask you to share the OTP to get help in a fake scenario. In rare cases, they will set up a fake webpage that requires OTP for another service to authenticate.

Whichever trick they use, you can easily avoid it by understanding that OTP is designed to only be viewed by you. No one has the right to know it, whether it’s company officials, linked services, your friends, or even law enforcement. If anyone ever asks you to tell them the OTP sent on your phone/email, it’s 100% a hacking attempt, and you should decline it.

3. Never Log in to an Unofficial Page

Phishing attacks heavily rely on tricking users into entering their account information on a fake login page to steal the information. While there are many phishing attack methods, in the end, the hacker will ask you to enter login details on a fake page.

They may trick you into thinking it’s the official website by matching its URL and design or convince you to enter login details to authenticate or link accounts. To stay safe, always enter your account details on the official website login page.

If you think you are redirected to a fake website, you can recognize a phishing site by matching its URL with the official page’s URL. For example, if you are asked to sign in with your Google account, the URL should be “accounts.google.com.” If it has any spelling mistakes or subtle changes, you should not enter your account details.

Using a password manager will also greatly help, as they don’t enter credentials on fake pages.

4. Never Give Out Your Account Password – Even to “Officials”

Hackers can also use scare tactics or authority to convince you to share your account password to resolve issues or for verification. They can act as company representatives, government officials, or law enforcement agents, and ask you to provide your login details for “verification.”

Thankfully, similar to OTP, account passwords are meant to only be known by the owner. Officials legally can’t ask for your password (unless they have a legitimate court order) and already have many other ways to verify your identity. Always decline any requests to share your passwords.

5. Don’t Accept System-Related Prompts in Your Browser

Another common tactic hackers use is to create fake ads and pop-ups to scare people into downloading malware, commonly known as scareware. It will either be an ad or a pop-up on a malicious website that will warn you about a problem with your PC and recommend software to fix it.

That software will either be malware to steal data, adware, or fake software with a fake premium upgrade. Below are examples of some common messages you may see:

– Warning! We have detected five viruses on your computer! Click “Scan Now” to remove them.
– Your PC is Running Slow! Optimize Now.
– Your Windows installation is corrupted! Click here to repair it now.

The interesting thing about these messages is that they are lying from the start. Websites in browsers cannot directly interact with the operating system to scan it or look at personal data. Therefore, the claims in these messages that they have detected something in your PC aren’t technically possible.

If you see such a message, they are almost always a scam or bad software advertisement. Simply ignore it, or if you accidentally downloaded it, delete it without executing the file.

6. Never Follow Instructions to Run Unknown Scripts

Malicious scripts are another big problem, as hackers can use them to do extreme damage without needing to download malware first. Unfortunately, the Internet is full of safe commands and scripts on reliable websites, so we forget that bad scripts also exist.

To make matters worse, understanding complex scripts isn’t something everyone can do, so people can easily be convinced to run a bad script with an explanation that it does something good. Below are possible bad things malicious scripts/commands can do:

• Silently download software (likely malware).
• Extract sensitive information like saved passwords in the browser.
• Disable your security programs, like antivirus or firewall.
• Create a hidden user account with admin access.
• Encrypt files for ransomware attack.
• Create a setup to remotely control your PC.

For example, a tutorial to fix a problem or run an app can provide scripts that hackers can say are needed for things to work. Even a malicious app can have instructions to run scripts that actually disable security systems.

Running command prompt commands or .bat/.vbs scripts is common in many online tutorials, so skipping them entirely won’t be practical. If you are unable to see the script and understand what it does, an easier solution is to copy/paste it into an AI chatbot like ChatGPT or Gemini. These tools can fully understand all scripts/codes and tell you exactly what they will do if executed.

Bonus: Never Plug in an Unknown USB Drive

Unknown USB drives can also be very dangerous, as they can automatically execute commands or install malware. Hackers can distribute infected USBs by either leaving them in a commercial area or targeting specific important people, like a company’s employees.

If autoplay is enabled on the PC, the USB will automatically install malware to steal data or take control of the PC. It can also happen if you manually open a fake, infected file inside.

Not to mention, it could be a USB rubber ducky that looks like a USB but is actually a keyboard with pre-added commands and scripts to execute when plugged in. If you don’t know or trust the source that provided the USB, don’t plug it in.

If you choose to never do the above things, you’ll surely dodge many hacking attempts. Of course, there are still many ways hackers can hack your accounts – even air-gapped computers aren’t hacker-proof – so always fully utilize the security measures at your disposal.

Image credit: Freepik. Screenshot by Karrar Haider.