Not all hackers are experienced programmers and security experts. Social engineering is one of the easiest and most effective ways for attackers to gain unauthorised access to your personal or business information. Social engineering, in the context of information security, refers to the psychological manipulation of people into performing actions or divulging confidential information. The data obtained by the attacker is then used to gain access to computer systems and carry out actions to the detriment of the person or organisation whose data has been stolen. There are various techniques and terms but the most common on the Internet is phishing. In this technique, users reveal data because they think they have clicked on a link that has taken them to a trusted website, such as a bank. Typically a fraudulent email (sent by the attacker) is sent to the victim instructing them to login to their bank to release funds or confirm their personal information. Attackers often use phrases like “Failure to verify your personal information within 24 hours will result in your account being closed”, to encourage the victim to comply. The link in the email takes the victim to another website impersonating the real website. The copy often looks very convincing. The victim then proceeds to enter their username and password to login but they have actually divulged their credentials to the attacker!
What Happens when you dare expert hackers to hack you?
After reporting on the hacks of Sony Pictures, JPMorgan Chase, Ashley Madison, and other major companies, Real Future’s Kevin Roose got curious about what it felt like to be on the victim’s side of a giant data breach. So he decided to stage an experiment: he invited two expert hackers to spend two weeks hacking him as deeply and thoroughly as they could, using all of the tools at their disposal. The result was a shocking privacy nightmare.
Credit: Video produced by Real Future for Fusion TV (fusion.net)
- Never reveal your passwords or login credentials to anyone.
- When you enter your details on a website, make sure the address is correct.
- Never open strange-looking files or attachments, even if they come from someone you know.
- Don’t divulge confidential information over the phone unless you are absolutely sure that the caller is who they are claiming to be.
Your employees are probably unknowingly your greatest security risk! Prevention is better than cure. We offer a 1-hour phishing awareness training session to educate users and train them to identify phishing attempts and other security threats before they compromise your business.