In a previous article, we discussed how hacking is not always what it is imagined to be in the popular imagination. We imagine highly trained hackers typing away at a console or using lines and lines of code written by a professional to exploit weaknesses in the program. While these kinds of exploits do happen, the most numerous attacks are actually ones that exploit our inability to spot threats and our inability to practice good tech hygiene. We previously talked about how reusing old passwords on every site could lead to your systems being exploited, but there are far more vulnerabilities than that.
One common way that hackers can gain access to your system is by sending false emails, specifically false ones designed to look real. They do this by either spoofing your organization’s email address or by pretending their email is from a large, trustworthy organization. For example, some have been known to hack entire cities by using city email addresses to request access to personal information or to request passwords. They can then use this information to obtain server access and hold the server ransom.
Last but not least, there is social engineering. This comes in all shapes and sizes. It can be as simple as faking a delivery and checking the monitors for anything with “password” written on it. Or it can be something like using social media to build up a friendship in order to gain the answers to security questions. That would allow them to reset an account’s password or to authorize a new computer into an account even if multi-factor authorization is set up.
Some social engineering can not just make use of words and actions in order to gain information, but also physically plant hardware. Sometimes this is as simple as mailing someone an infected USB as a “promotion” or infecting all of the devices at a library. Other times, it can involve a hacker physically gaining access to a place themselves and inserting a USB that has a virus, malware or key tracker on it. While there is some knowledge needed to either make or download a virus, this sort of attack can be far easier than having to make it past a firewall remotely.
Make sure your passwords are strong and are either in a secure website like LastPass or at least hidden well at home. Make sure that you do not use any hardware that you cannot verify its source. And last but not least, always be on the lookout for potential scams and hacker attempts whenever you’re using a device connected to the internet. A little bit of paranoia can be a good thing when it comes to tech hygiene.