Every month, it seems like there's a new article coming out about a major company being hacked and customer's data and personal information being stolen. Recently, companies like Chick-fil-A, Sony, USPS, Staples, Kmart, Dairy Queen, Jimmy John's, Home Depot, P.F. Chang's, and JP Morgan all joined the growing list of major companies to suffer data breaches.
Normally, whenever I read one of these article I imagine the crime being perpetrated by some super computer nerd living in a foreign country who literally never leaves his/her computer screen. In my mind, this fictional character spends a vast amount of time breaking into websites, writing complicate code, guessing passwords, and living off microwaved pizzas.
While this picture is wildly generalized, there are individuals out there that possess the necessary skills to hack into major networks and steal information, and the software they create is ever increasing in sophistication (see Sony's recent hack). These types of people are known as super hackers, and their main focus is breaking into the networks of major companies and government agencies.
On the other end of the spectrum is a larger contingency of people with far less computer and software skills stealing people's private information. In fact, for as little as a couple thousand dollars any body will little computer knowledge can purchase the tools required to successfully hack into personal accounts.
What are these people after? Well, they're after any piece of personal information about you that can help them gain access to your online accounts. After they've made it through, they can then steal your credit card and bank information, take over your social media accounts, steal your identity, and even use your email to get to your friends.
Don't think you're at risk? Do you have accounts with any of the hacked companies listed above? If you do, then there is a high probability that some pieces of your personal information were taken and sold to the highest bidder. Also, think about how many credit/store cards, email accounts, and social media accounts you have. At some point in the future, it is highly likely that at least one of those companies will be hacked. When that happens, say goodbye to your personal information. But don't fear, there are a few things you can do to help protect yourself.
Before we go into the steps you can take, you have to first realize that hacking is less about attacking a machine or network and gaining access through brute force, and more about targeting individuals and using social engineering to gain access to accounts. After all, why would a hacker need to guess a password, which could take a very long time, when he/she can simply bypass it. Or, why attempt some covert, spy thriller like mission to infiltrate a company when you can gain internal access through the carelessness of one employee (like in the Target hack). In the end, it's important to keep in mind the social engineering aspect of hacking and the hacker's reliance on the carelessness of people to get what they want.
By following the simple steps listed below you can help better protect yourself against identity theft.
1. Always be suspicious when online
The general rule of thumb is to continuously be wary whenever you're online. Don't visit websites that aren't reputable, never give up personal information at the behest of unknown companies, and always second guess emails, even if they appear to be legit (more on emails later). With hackers continuously upping their game and changing their tactics, it pays to be extra cautious whenever you're in doubt.
2. Never use one password for multiple accounts
Here's an interesting article about a writer from Wired who got hacked and lost a lot of data. After one of his accounts was breached, the hackers were able to gain access to other accounts using some ingenuous methods. They took over his twitter feed, posted inappropriate comments, and erased his iPhone, iPad, and MacBook by gaining entry into his iCloud account. The lesson here is to use different passwords for each of your online accounts in order to make it more difficult for a hacker to gain access to them even if one account is compromised. Also, try to separate the information that is in each account so that there is little overlap between services you use.
3. Stop using weak passwords
It's time to beef up your passwords. Always use a combination of upper and lower case letters, numbers and special characters and never use words that can be found in a dictionary. Think you have a solid password? Test it out here. Also, here are some more tips for creating a strong password.
4. Be aware what you reveal on Social Media accounts
A neat trick you can do is log out of one of your social media accounts, like Facebook, and then find it online to see what you're leaking out to the public. If you find that you are revealing too much information to potential thieves, change it in your privacy settings. Remember, any piece of information, even something as innocent as your birthday or pet's name, can be used by a hacker to bypass a password. Also, be careful about who you accept as friends on social media.
5. Lie on security questions
Never use the right answers on security questions. This information is normally easy to find about you and takes little effort to guess. Don't reveal the name your favorite pet, the name of your high school, or your dad's middle name. Instead, just lie, which will make guessing the answers to your security questions in order to bypass the password more difficult. But remember to write it down somewhere (not on your computer) so you don't forget it.
6. Avoid public wi-fi whenever possible
It's convenient at times to pop onto and use public wi-fi when you're at your local library or coffee shop, but whenever possible use your data plan or be extremely careful whenever you join a public network. Hackers can use specialized software to use man-in-the-middle attacks to see exactly what you see when you're online. If you absolutely have to use it, make sure the sites you're visiting are encrypted, and don't access sites that you don't want compromised.
7. Don't click on links within emails
Probably one of the most used tactics hackers employ are called phishing attacks. Phishing attacks are scams in the form of fraudulent email messages that appear to come from a legitimate source. These emails try to get you to visit sites infected with malware, download infected files, or give up personal information. For instance, you might receive an email from your bank that says your account has been compromised, and instructs you to click on a link to fix it. Only, the email is fake, and by clicking on the link you are unknowingly downloading malware onto your computer. To avoid this type of scam, never click within an email and double check the status of your accounts by going to the legitimate websites from within your internet browser, not your email.
Of course, even the most careful person will likely have their personal information stolen at some point in their lifetime. This is true because we trust so many different companies with our personal information that at least one of them is bound to drop their guard and get hacked sooner or later. Nonetheless, by following these steps, and just being more aware of how hackers are attempting to steal your information, you'll make it harder for them to succeed.
Photo: Yuri Samoilov