Have you ever received a phone call from relatives/friends sympathizing with you about a problem you never had? You know, like “Hello Okoro am really sorry about your sunken container from China” or your bank calling you to confirm some unusual transactions involving huge amount of money going out from your account? Well if you had, you'd been happy to quickly respond with a big NOOO! Am fine, I did not initiate any transaction. But that is quite different from when your phone beeps only for you to receive a notification from
facebook that a friend likes your new photo, video or link which you did not post, or you received an email/SMS from a popular online shop which reads “Thank you for your purchase, your order has been shipped (not to your address)”. Cyber-Crime had advanced over the past years, so if you are haven't advanced security measures in your accounts then you are already a victim to hackers.
Some people had never changed their password for over 5 years now, they feels comfortable with and are reluctant of changing their passwords. If you are one of them that doesn't want their password changed, do not blame yahoo, google, facebook or your bank when you fall a victim.
Some of the methods hackers use in gaining access to your accounts are; Social Engineering, Baiting, Phishing, Keyloggers, Scripts and Malwares etc. In this article I will focus on Social Engineering.
Social Engineering
This method of hacking is tool/script free. It is physiological and requires only time from the hacker. In this process the hacker get involved with the victim through social networks, play a friend or family, ask sensitive questions from time to time and uses the answers to break in. (Note: Some hackers might steal your personal information, use it to create a different account and attack those on your contact list without you knowing). When a hacker succeeds in acquiring your personal information through social network, he/she then uses those information to hack your account by simply changing your passwords thereby denying you access from your accounts.
Example
If I am a hacker using social engineering, I will first of all get your basic information. Now the easiest way to get that is through social networking. After getting your basic information, I will then create another account with that social network to get to you.
Remember, from your basic info, I would have seen that you are from "Owerri, Imo State", and you are interested in "women for relationship/friend/mates" etc. I will have to create my profile to match your interest so as to get your attention. As we chat I will be asking you sensitive questions like; where were you born, which street did you grow up in, do you like pets, whats your favorite pets name? All these and more are questions asked by email providers and social networks to protect your account. I will not ask you these questions directly so as not to blow my cover. So when I finally got all I need from you, I can now break into your account by changing your passwords and/ answering one or two security questions which you have given me answers to. While playing your friend on social networks, I may also want you to introduce some of your friends to me via online. These friends might be victims when I gain access to your accounts or they can even help me gain access, with some social networks requesting information from friends before giving you access to change emails or phone numbers in your account.
Danger
Social Engineering method of hacking is very dangerous because it can deny you access to your account(s) permanently. If a hacker changed your password using an option which overrides/eliminate your email/phone number from that account, he/she replaces them with his own email and /phone number, thereby making it difficult for you to gain access to the affected account(s). At this point you are at the mercy of the account providers. You might regain access if you are using a premium service by contacting you account provider's support services.
Prevention
Because this method of hacking is psychological, you have to be synonymous in security measures.
- Constantly change your password.
- Always use alphanumerics and special characters for passwords (i.e. euyiu*,df12)
- Do not use same password for different accounts
- Always update your security questions in-case you forgot/lost your password, if you have not setup a security question in your account, endeavor to do so.
- Always check you logs. Some emails and social networks have a feature where you can view who logged into your account, from where and when.
- Do not disclose sensitive information related to your accounts to friends /third party over the Internet. Disclosing sensitive information to friends and relatives via internet risk a hacker using that information if that friend/relative's device(s) got hacked.
- Do not leave you social network information all-open. Hide some information from guest. They must have to request for friendship before gaining access to your information. By that your will know the person's interest before or at same time he/she is knowing yours.
If you noticed that your account is hacked and your email/phone number is no longer connected to that account. Contact the social network support, or email providers immediately. Also, use alternatives to inform your contacts about the attack, lest they fall victims.
I will write more on phishing, keyloggers, scripts and other malwares on different posts.
Tip: Try searching your email/phone number/name on google. (that is how a hacker can gather more information about you.)
Tip: Try searching your email/phone number/name on google. (that is how a hacker can gather more information about you.)
Post a Comment
nice