With all the technology surrounding every aspect of our lives, it is easy to forget about the many ways technology can be used against us. We like to believe that our information is safe and say things like “IT WILL NEVER HAPPEN TO ME!” That is exactly how hackers want you to feel.
What is a hacker?
Webster’s dictionary defines a hacker as “a person who illegally gains access to and sometimes tampers with information in a computer system”. Everyone thinks of a hacker as someone that is very computer savvy and knowledgeable in all things electronic, punching away on their keyboards late at night in a dark room trying to find a soft spot in one of the “Big Bank’s” networks so they can get away with all the cash. This raises the question: how do hackers know where to find the soft spot? This is the job of a social engineer.
A social engineer is a type of hacker.
Rather than hacking the computer, they hack the person using the computer. According to Cybint, roughly 95% of security breaches were due to human error meaning that they were, more than likely, 100% preventable.1 Social engineers need to interact with a person to collect information. This might be over a phone call, a text, or an email. For example, they may call you pretending they work for your bank. They might say that they need your help to fix an issue on your account and ask you to recite a 6-digit code from a text message they just sent you. Once you give them that code, boom, they are in your account! A social engineer might craft a bogus email that looks just like it came from Google or Microsoft asking you to log in and update your account information. As soon as you click the link and sign in, you have unknowingly given the hacker your username and password! If you stay vigilant, you can help prevent loss of data and disarm the social engineer.
There are a few ways you can spot and prevent these kinds of social attacks:
- Never share any personal information over the phone, text, or email.
- If you receive an email asking for information, look to see the email address it is from. If you feel like you need to act, do not click the link in the email. Exit the email and log into the website with a known good link.
- If you believe that the email or text is illegitimate, contact the party it appears to be from using known good contact information. They will be able to confirm the origin of the email or text. This same practice applies to phone calls.
If you adopt these practices when using text, email, and phone calls you can help disarm the social engineer and prevent the hacker from getting in at all.