Today, we live in the age of information, anything you could want to know is just at your fingertips. As the user you can do; homework, shop, chat with friends & family, hire someone to clean your house, etc. but all this comes at a price. In my earlier post, I stated “as humans, we are too trusting” and this is very true. One of the most common ways for hackers & attackers (there is a difference) to get into your system is through you. The greatest vulnerability and also the easiest vulnerability is the person him/herself because we naturally want to trust, and the attacker/hackers know this, and that is why they use it against the users via Social Engineering.
Social Engineering is by far my favorite topic because there are so many different ways to exploit the person. I as the attacker can play on your trusting nature or your curiosity, either way, if I am willing to put in the work I will get into your system. It all about getting to know your victim, and exploiting their vulnerability; which could be either money, sports, love, friendship, or even sex (feeding on the persons sexual nature)
Now for knowledge and understanding, I am going to break down some of the common ways attackers/hackers will use you as his/her exploit into your system and/or life, and I will give you a few ways to try and keep your attack surface to a minimum.
SPAM!!!!! Those random emails that you receive that you look at an have all the grammatical errors, ask you to click random links, or ask for your all your personally identifiable information (PII). This a malicious act to get either access to your computer system (home or work) or to get access to your life. When comes to Phishing it comes in few different flavors:
There’s Spear Phishing which focuses on a specific individual.
There’s Whaling which focuses on the big executives of corporations.
There’s also Vishing (voice phishing) phishing over the phone i.e. those random numbers that call you to get you to take that much needed fake vacation.
Each flavor is dangerous in its own right, and by simply paying attention and noticing the simple giveaways it becomes easier to protect yourself and possibly our place of employment.
Simply put this is piggybacking (but unknowingly), we have all done this at some point in life. Don’t believe me? Well have you ever forgot your ID card at home and that how you get into your office building? Have you ever went to visit family or friends in the city and followed someone through their apartment door, knowing you have to be buzzed in? Have you ever came out of one Movie Theater just to follow the crowd into the next? Ok, that one might be a stretch, but you get the idea. Something that may seem so innocent might be very malicious. Tailgating occurs when you unknowingly allow someone to gain access using your credentials, meaning when you use your card or pin to gain access to an area, someone comes behind you an catches the door. It very easy to combat, just be aware of your surroundings. That person who’s been in the smoke pit for an hour just talking, when its time to go in make them use their credentials, simple.
Baiting is by far my favorite and could be the most dangerous & effective way to exploit the person. Baiting is a way to attack the human mind with false promises, by sending an email or setting up a site or posting an ad with the promise of:
Free TV & Movies
Free Sports Online
Make Money Now
Which Celebrity Do You Look Like?
What Do The Stars Say About You?
Did I paint that picture bright enough for you? Baiting is that easy, playing on the deepest part of your psyche, but that only the tip of the iceberg, because as much as we want to click those links we also want to pick random stuff up and stick them in our computers. Remember when you were young and your parents always use to tell you don’t stick that in your mouth, usually a piece of candy or something you’ve found on the ground, well same thing applies here. If you happen to find a random disk or a random USB/thumb drive on the ground or where ever, PLEASE!!! Don’t put it in your computer, because that how you give your computer “AIDS.”
Course Of Action
- TRAINING…TRAINING….TRAINING, this the best course of action for almost all cyber threats. The more you know about a subject, the better off you will be. For those who work in a corporate office, there are responsible for providing this training, whether it maybe monthly, quarterly, or annually. For anyone else, it is as easy as going on YouTube or google an doing some self-study.
- DON’T OPEN STRANGE EMAILS!!!! If you don’t know the person it came from don’t open it if you do know the person it came from; send them a quick text. I have emails from my actual aunt that I will not open because I know she is not sending me any emails, how do I know this? Because I asked.
- If you open an email from your bank or social media and it is telling you something is wrong with your account you need to verify by clicking a link or need to send them any PII; DON’T DO IT…. There is no bank in the world that is going to ask you for any personal information through an email; they have your number they will call, same with your social media. If this happens it is too easy for you to call the respective entities and ask them “hey did you send me an email to my account?”
- You don’t have any distant relatives that are trying to send you money, by you sending them money, just to transfer more money back to you.
- Don’t allow ANYONE to follow you through special access doors; I don’t care if it is a stranger, co-worker, momma, daddy, wife, mistress. It is a special access door for a reason if they have access they can use their credentials if they don’t have access, then they can sign in at the security desk and be escorted to where they need to go.
- Stop clicking random links on Social Media; this is why ever few months you have to apologies to everyone on your friend list because they got a Private message (PM) from you but you didn’t send it. The hacker sent it with your credentials because you gave it to them when you click to see which “Which Friends Will Be in Your Bank Heist.”
- DON’T PUT RANDOM CRAP IN YOUR COMPUTER or any computer for that matter. This is how you give your computer “AIDS.” Any number of things can happen from doing this, installing a virus, creating a backdoor, making your computer a zombie (whole different conversation)
Be smart about what you’re doing on the internet, yes it fun, yes it is full of information, but it is also very dangerous and the more you know, the better you will be able to protect yourself.