Ever wonder what it’s like to be hacked? Sarah Jeong did. So naturally, she decided to ask someone to hacker her.
Jeong isn’t simply a random thrill-seeker she’s a respected technology journalist and lawyer, and she knew exactly what she was get into when she recruited her friend Cooper Quintin of the Electronic Frontier Foundation to help her out. She wrote about her experience in GQ.
But even before she was successfully hacked and don’t fret, we’ll get to that! both Jeong and Quintin detected some important truths about the world of online safety and what it takes to infiltrate it.
Here are merely a few lessons from experts that we can all benefit from:
1. Most hacking isn’t done by master “Matrix” coders.
For most people, “hacking” tends to evoked one of two images: a stereotypically out-of-shape nerd in their parents’ basement or a sleek, leather-clad cyberpunk in a Guy Fawkes mask who moonlights as an extra on a Wachowski movie.
But in reality, most of “whats called” “hacking” is actually “phishing.” In fact, last year, then-Secretary of Homeland Security Jeh Johnson said that phishing is the threat his department dreads most.
2. Phishing is a type of scam that disguises itself as something trustworthy.
It can be an email, phone call, or text message, and it then tricks you into giving up your passwords, charge card numbers, and more. All it takes are some clever social skills plus some free online tools used by info security professionals that, technically, anyone can use.( A little coding knowledge doesn’t hurt, though .)
3. Many hackers are savvier than you might think.
It doesn’t matter if you have the best anti-virus software installed on your computer and run daily checks for malware along with Ghostery and ad block to keep your online browsing extra-safe. Don’t get me wrong viruses and malware are still dangerous. But phishing isn’t about computers. It’s about people . And that’s a lot harder to protect against.
“Phishing isnt( merely) about seeing a person who is technically naive, ” Cory Doctorow, a sci-fi author, journalist, and technology activist told Locus publication. As savvy as he is, even he fell for a phishing hack back in 2010. “Its about assaulting the apparently impregnable defenses of the technically sophisticated until you find a single, incredibly unlikely, short-lived fissure in the wall.”
“Its a matter of being caught out in a moment of distraction and of unlikely circumstance.” In other terms, it can happen to anyone .
4. The terrible typos and grammar in some phishing strategies are intentional.
You’re likely familiar with the classic “Nigerian prince” phishing scheme, where some kind of foreign dignitary emails you and offers you a ton of fund to help facilitate the transfer of their new bajillion-dollar inheritance. You also likely know that these emails are famously riddled with grammatical faults and totally implausible premises.
What you might not know, however, is that these “mistakes” are done on purpose in order to target the most gullible people . That way, reports Business Insider, the scammers don’t have to waste their hour trying to persuade rational skeptics to give up their bank account information.
5. To hack a specific person, all a hacker needs is social media.
You know those silly memes where you find your “porn star name”( or whatever) by using the name of your first pet and the street you grew up on?
Now think about those security topics you had to answer for your online bank account things like, oh, the name of your first pet, the street you grew up on, or your mom’s maiden name.
Yeah . See the connection there? If a hacker wants to social-engineer their route into your bank account, all they need to do is poke around your public accounts to find those little bits of information . These targeted attacks are called “spearphishing, ” and they’re why Doctorow recommends that people “only use Facebook to convince your friends to communicate with you somewhere other than Facebook.”
6. Be careful what you open even when it’s sent by someone you know.
Jeong was hacked after she clicked on a malicious connection made to look like it was sent from someone she knew.
To hack her, Quintin merely had to scour Jeong’s online presence until he found an acquaintance who could plausibly email her. He made a fake email address use that person’s real-life profile scene and everything and that was all it took to get Jeong to give up her information.
Fake Google Docs scams, like the one she fell for, are increasingly common. In these cases, the target receives a phishing email that seems like a standard invitation to Google Docs sent from a trustworthy source except that both the sender and the link are actually malicious hoaxes . This link will bring you to a landing page that resembles the standard Google password screen or bank login page you guessed you were clicking on, and the hacker can use that to capture whatever password or personal information you enter into the false kind.
7. Double-check your URLs.
Always make sure you’re really on the website that you think you are before you enter any sensitive information .
How do you tell the difference? Generally speaking, the domain name should look like “[ blank ]. google.com” or “bankofamerica.com /[ blank ]. ” If it’s something hyphenated like “accounts-drive-google.com” or “boa-accounts-login.com, ” well, you should probably think twice about it.
( Another helpful tip is to look for SSL credentials, which usually appear as a lock or green text in your browser bar but even that’s not totally reliable .)
8. You should definitely utilize two-step authentication.
I hate to break it to you, but your p @$$ w0rd likely isn’t very safe. The least you can do, according to CNET, is turn on two-step authentication. That route, every time you log in to an unfamiliar device, you’ll get a text message with a secret code just to make sure it’s you because even if someone get your password, they likely don’t have your phone, too.
Unless they, um, literally strolled into the AT& T store and charmed a sales rep into changing your telephone number over to their phone. Which happens.
9. And use a password manager.
If you want to be extra extra safe, utilize a password manager such as LastPass, then set up a DiceWare password like “correct horse battery staple“( or some of these other great ones recommended by the Intercept) that are incredibly easy to recollect but next-to-impossible for hackers or computers to crack.
10. Remember the greatest flaw in your internet security is the trusting nature of other people.
A trusting customer service rep can easily compromise you without realise it. Your friend who mentions you on Facebook can do the same.
Heck, my spouse has a somewhat gender-ambiguous name, and I can tell you from personal experience how easy it is to call up the bank and feign I’m her even when I have to charm my way around a security topic about her high school mascot. Which, yes, I’ve done.
As Jeong wrote, “Successful social engineers are not just perfectly capable of interacting with human beings they are talented manipulators who take advantage of our willingness to trust our colleagues, friends, and family.”
“You can turn your digital life into Fort Knox and still be undone by an overly trusting salesman behind a desk.”
There’s no way to protect yourself from every possible online vulnerability . But that doesn’t mean you shouldn’t try!
As we’ve considered, the power of the internet can used for good or evil. All it takes is one trusting click, and even the savviest security professionals can find themselves compromised.
The best you can do is be smart and pay attention . A tiny bit of paranoid skepticism will save you a lot of time, stress, and energy in the long run, and that’ll free you up to enjoy all the wonderful things that the internet has to offer. Trust me.
Make sure to visit: CapGeneration.com