Social Engineering Hackers
What if hackers no longer have to have decorated technical skills? What if any average individual could hack your account? Learn more here…
Most casual internet users are familiar with the risks hackers pose to their personal and online identities. However, the assumption is that hackers must possess considerable technical expertise in order to be able to access our bank accounts, passwords and social media profiles.
An alarming new trend of “social engineering hacking” is proving that some hackers have figured out ways to hijack people’s personal details and private accounts with shockingly minimal information. These techniques are particularly worrying because it means that virtually anyone can become a hacker. They just need to be willing to pretend they are another person, and then no technical knowledge, specialist software, or high tech hacking is actually required.
Fishing for Information
According to Forbes, who first identified the phenomenon, the ploy works like this: A hacker attains some crucial but attainable piece of information about you, which can include your birth date, your address or the last four digits of your social security number. They might find this by rifling through your trash, overhearing you speak in a coffee shop or buying it from a database.
Then, while on the phone to a customer service rep at a telecoms company, they use the details to convince a customer service rep that they are you and need help accessing or altering their account. That rep, satisfied they are telling the truth based on the personal info they provide then lets them into your account.
From there, “they then proceed to have your phone number forwarded to their phone or “ported” to another carrier and the hacker’s device. The phone hijacker simply goes to, say, your Gmail or your online bank account, tries to log in as you but clicks ‘forgot the password’ and resets the password by getting a code texted to your phone number, which is now directing all its messages to their device.They are then in your account — and you are locked out.”
Dangerous Liaisons
If this sounds far-fetched, it’s definitely already happening. As Forbes noted, “this crime can be perpetrated on anyone who uses the most ubiquitous web services — Gmail, iCloud, Facebook, online banking, PayPal, Dropbox and many others.” What’s most troubling is that major telecoms service providers are behind the times in terms of defending against these attacks, so it is up to users to protect themselves.
How to protect yourself from social engineering hacks:
Protect Your Phone Number
In order to protect yourself from an attack like this, you need to make sure that your phone number cannot be changed without you initiating the change. Tell your telecoms provider that you would like to institute a pass code on your account, so that nobody can make changes who doesn’t have this code. Make sure it doesn’t mirror any other pin or password you use elsewhere. Even better, insist that your account can only be changed in person and with a photo ID. While this is inconvenient—as it means you will have to go in-store to your mobile provider whenever you need customer service—it will prevent anyone from pretending to be you.
Variety Email Addresses
Another thing you can do to thwart an attack across all your accounts is have a different email in charge of different accounts. As Forbes notes, the best way to be safe is to have three email addresses: “Your current primary one, one just for your mobile carrier, and one that you use for other sensitive accounts such as online banking or Facebook or Dropbox. That way if your primary email address gets compromised, it can’t be used to steal your phone number (and vice versa). And if your phone number gets compromised somehow, it won’t endanger your email or any of the other sensitive accounts.”
While nothing can keep you 100 percent safe from hacking, anticipating and minimizing what a hacker might be able to do with access to your phone number is a good mindset to have when protecting yourself.