Hacking has always been perceived as a mystical evil act. Besides victim’s loss, the other reasons are hackers’ quick adaptability with the newest technology and their unpredictable nature. One of which has been witnessed in recent times. Hackers, now instead of breaking into your network and gaining access to your computer, devised a new psychological trick – connecting with you.
There has been a slight drift in the ways hackers used to get access to one’s account. If you have been following the hacking conference Defcon, you would know that hackers have sort of put a stop to the traditional exploit development – which was anything from brute forcing several hundreds of passwords per second, to the phishing emails where you are tricked with the authenticity of the source. It’s the age of social networking, and I hate to break this to you, but hackers too have gone social.
Since last couple of years, hackers and malicious social engineers have turned their focus to the most elementary entity of this network, the people. We hear daily about hacking, but yet we don’t realize it could happen even to us. Even if we are tech savvy persons, seeing one alluring link on our friend’s Facebook account makes our fingers tremble above the mouse.
Social Hacking: Latest Tool of Cyber Criminals
Not only making such exploits requires too much of time – thinking it all through, it also clings the hackers on the verge of constant risk of being traced back through their exploits. A very common part of this backbiting system is Phishing. Phishing is the vicious trick, where you receive a deceptive email that looks as if it has come from an official source such as Facebook, Twitter, Paypal, or any bank asking for critical information or suggesting to change your password.
At first look, it appears totally legit. Since every service that you use must have had data breach onto their servers in the recent past, one would think of this as no different. Steve Wozniak and Kevin Mitnick explain the psychology behind such attacks in their book “The Art Of Deception :Controlling the Human Element of Security”
Why are social engineering attacks so successful? It isn’t because people are stupid or lack common sense. But we, as human beings, are all vulnerable to being deceived because people can misplace their trust if manipulated in certain ways.
The social engineer anticipates suspicion and resistance, and is always prepared to turn distrust into trust. A good social engineer plans his attack like a chess game, anticipating the questions his target might ask so he can be ready with the proper answers.
The basic trick involved here is to gain your trust. Once it has been achieved, you’re convinced to install an app, submit a form, or required to sign in to get to see a cool pic or video.
It’s not them, but you
Hackers shouldn’t be assigned all the blame, though. Sure, they are obsessed, and would do everything to fool you, even if it means to represent a reputed company, thus persuading you to reveal your personal information. But this all can be avoided to a great extent if the mass becomes aware of such harsh swindles. People often use the same password for all their accounts, in addition, they also tend to choose very easy to guess security questions. Do not click on any random link coming your way, don’t get too curious with every twitter mention.
Sadly, The Lord of the Rings’ “One ring to rule them all” philosophy doesn’t work out with emails. Consider not registering to all the 1000 services you use with same email ID or having it as recovery for all. Last year, a hacker fooled Amazon’s representative to figure a way to Wired’s editor Mat Honan’s account. Mat, like most of us, had interlinked all his accounts, and so, the hacker, in a matter of seconds ,got access to his Apple, then Gmail, and finally Twitter account.
Protect your email ID
Despite the omnipresence of social networks, email is the thing that holds all your pieces together. And when an unauthorized person gets access to it, things become messy. Your email ID requires a safe and sensible management. Users are advised to enable two-step-authentication that requires phone’s access to login. Also, using different passwords for every account will safeguard your digital life from falling like a house of cards. Sure, it is a hectic job, but there are tools like KeePass which will help you manage all your password, or you can also try LastPass, which will generate a different, very complicated password like kn26$j&5^jdjdjh83054”263hdbsdbnnd5%52 for your every account, and you will only have to remember one master password that is LastPass’s password.
Have a look at the gallery below with some common social tricks, if we can call them so, that hackers use to deceive you.
Radu Tyrsina contributed to this post