In an effort to promote greater security in modern technology, we are publishing public versions of our internal quarterly security newsletter.
Hackers That Want To Hack Into You
These days a lot of hackers have figured out that it can be easier to get information out of people than by sneaking into a computer. Here are a couple common-sense tips to stop hackers from hacking into you – both at work and at home.
Taking Candy From Strangers
Earlier this year, staff at the U.S. Department of Homeland Security secretly left CDs and flash drives in their parking lots as a test. 60% of the devices that were picked up were plugged into office computers by curious employees (the rate was 90% for drives or CD cases with an official logo).
If you find a flash drive and have no idea what’s on it, there’s no need to take chances. If you choose to plug it in to a personal computer, make sure you have anti-virus software installed first, and be wary of opening whatever files you find on it.
Recognizing Funny Business
One of the oldest tricks in the book is impersonation, often called phishing in the online world. Hackers will send emails that look like they come from a legitimate website, business, or bank, asking for customer information for something very important with links that go to a fake website.
You probably knew that already, but here’s something you might not have known: It’s possible to fake the email address that an email comes from, but it’s impossible to fake the URL of the website you go to, and that’s how you can tell the difference between fakery and truth.
A few months ago, some Gmail users, including some US government officials, fell for this trick. A spoofed email brought them to a gmail login page. The fake login page had a few minor differences from the real one (often hackers will make little mistakes that can raise red flags). But even if the two pages had looked exactly the same, the Gmail users that fell for this trick could have just double-checked the address bar for the page that was opened by their email link, and they would have seen something different than mail.google.com. Another scam has been seen with emails from social networks to confirm friend requests that lead to a fake login page.
So whenever you click on a link from an e-mail, especially from an email you weren’t expecting, just verify that the URL that shows up in the address bar is the URL you were expecting. Or, if possible, don’t click on the link at all, and type in the address yourself to log in and complete the necessary task.
And, of course, even if there are no links involved, don’t ever reply to online communication with sensitive information, whether it’s on e-mail, chatting, or even just a Facebook message. Requests for credit card numbers are sort of obvious, but some hackers just want to trick you into giving them their password to a website. Others may try to impersonate an employee to learn about the business or its customers. Directly contact the organization or person involved and verify if they really need the information, and why. These little steps can keep you safe without having to be paranoid.