3 Unusual Ways Hackers Can Compromise Your Account

I was at a local auto salvage the other day looking for a spare car part. There were probably 500 cars total in this particular salvage yard. I stumbled upon something interesting in one car. There was a business card with the URL, username, and password to a student account portal. This wasn’t written down by someone, rather printed by a company and given to this individual. That’s when it dawned on me that whether we write our passwords down, print them off, or get them in the mail, we need to take special precautions in keeping them safeguarded.

1. Stop writing your passwords down. The undisputed, safest place for a password that can’t be hacked is your brain. When you write down your password, you expose yourself to prying eyes and possibly losing that piece of paper. Even if you throw it away, there are still other ways to get it. If you ever watched the movie Hackers, you might remember Dade and Kate dumpster diving for information. I really don’t think this practice takes place very much anymore, but I’m not going to rule it out either.

2. Quit using easy to guess security questions and answers. I’ll give you an example of a security question you might think would be hard for someone to guess or find out, but you’ll soon be wrong. Let’s say for example the security question is “What is the last name of the best man at your wedding?” Initially this does seem like a pretty secure question. However, hackers are smart. A decent hacker would know to go to your states online court system (most states are moving to online documentation system), type in your first and last name and pull up your marriage case. Usually the documents are available for download via PDF. On your marriage license is listed several people, including the best man at your wedding. Right there, one of your security questions have been compromised. Some websites only ask for one even if you have 3 entered. Sometimes they select at random so the hacker could brute force his way to a question that can find out like this one. One thing I do is give incorrect answers to the security questions. I don’t think this is a good security practice and I’m not even sure why it still being used. If you can, try to pick hardest security questions out of the list and if they are all easy to guess, just fill them in with something that is not the correct answer that only you would know to remember. For example, if a security question is “What is the name of your favorite dog?” You could put down “Clifford” from the book series Clifford the Big Red Dog and not any of your actual pets. Just use caution and a little creativity with security questions and you should be fine.

3. Social engineering and spear phishing attacks are on the rise. The leak of most of the celebrity iCloud data was from spear phishing attacks to the celebrities asking for thier password. The hackers used legitimate looking email addresses and the celebrities didn’t question anything. When signing up for the website, you can usually find in their terms of service or privacy policy that they will never email you directly and ask you for your password. This is the case with almost all websites that I know. Some hackers will resort to social engineering to get your password. This might include gathering as much data about you as they can and calling your account provider to get a password reset. Verizon was recently admonished for their relaxed security and ease of social engineering customer service representatives out of information. However, Verizon isn’t alone. Any company with poorly trained employees can be vulnerable to social engineering attacks. It wouldn’t be a bad idea to call your company, ask for a supervisor, and ask them how they secure your account and if there are any additional measures you can add on to your account to prevent unauthorized access. These few tips will help keep you safe from spear phishing attacks and social engineering.

Final Word

We covered some ground on three different ways hackers can still get your information. The safety of your data and personal information is not solely reliant on the company you store it with. It’s up to you to use strong passwords, not to write them down, and talk to someone within the company about securing your account further. If you have trouble remembering passwords, I would recommend that you download the free version of LastPass and try it out. It is a password manager that will save and encrypt all your credentials to websites and other forms in the cloud. In order to login and use it, you’ll need to set up master password. This means you only have to remember one password for all of the websites you visit. I would recommend at least 15 to 20 characters that include uppercase, lowercase, special characters, and numbers. Just because the password is long, doesn’t mean it has to be extremely hard to remember. Maybe you have a favorite quote for a favorite book that will help you remember. For example, if I like the book Clifford The Big Red Dog, my password might look like this: “Clifford!The!Big!Red!Dog!2012” (without the quotes). That password is long enough and diversified enough. Assuming they had access to a supercomputer that could guess 100 trillion passwords per second, it would still take them 7.26 billion trillion trillion centuries to crack it.

Do you have any feedback or questions? Let me know in the comments box below!

3 Unusual Ways Hackers Can Compromise Your Account | NexaCore IT | 918-544-2500