Security Check by Del Peñano Sep 20, 2017 Social Behavioral Hacks: How Cyber Criminals Hack Your Information A social behavioral hack is a method in which cyber criminals deceive and or manipulate users in revealing confidential information(data) thus gaining access to one’s system and therefore can be used to steal the victim’s identity, money etc. The main goal of hackers is to rely on people’s carelessness and thus gain unauthorized access to one systems and off course, the information that resides on the victim’s system. Some of the most common methods: Phishing attacks by fraudulently using emails, social media and SMS, or a phone call to deceive victims in providing sensitive information. For example, a hacker may call saying that your credit card has been compromised for suspicious activities and the bank needs to verify your information such as credit card number, mother’s maiden name, last 4 digits of your social security number, before they issue a credit card. You’re probably, saying that most of us know better than to give us this information, but the hackers, prey on the elderly or in general, customers that may not know any better. Don’t be a victim. Water Hole is when cyber thieves place malicious code in the public web page and when an unsuspecting victim visits the website, a trojan is installed on the computer. Whaling attack as the name implies, is a bigger target to attack and is typically done by impersonating someone’s email (e.g. the CEO of an organization) and the unsuspecting victim opens the email thinking coming from their CEO with specific instructions in some cases. Pretexting is when cyber thieves “lie” to secure confidential data. The pretexting, the liar pretends to get needed information to confirm the identity of person they are talking to. For example, stating a social security number or security question. Other ways hackers get in: Misplaced flash Drive. Never ever pick up unknown flash drive, that someone may have dropped or use those that you may get for free from vendors (use caution), as hackers can use this method to gain access to your account. Some of these flash drives are keyboards and hacker can see your key strokes and even access your system. Fake technical support calls. Hackers will impersonate being Technical support and defraud victim by gaining remote access granted by the victim and unknowingly and hacker discovers malware (that they most likely injected) and then request a fee to resolve the problem. Vendors would never call it’s end users. It is always best to contact your provider directly. Prevention Train employees on cyber exploits lurking within the business and even on their own devices. Don’t open emails in the spam folder or emails of senders you do not know. Don’t open attachments of unknown origin. Should you ever get a call from your bank or creditor that account appears to be compromised, hang up and call your bank or creditor directly. Use two-factor authentication which will make it harder for cyber thieves to get into your account. Use different login and passwords for each account or use password manager such as LastPass or Dashlane. Do regular backups in the event your system is compromised, you’ll maintain access your most critical files/folders to get your data back and your business up and running. In conclusion, we can all take precautions by being aware of emails from unknown senders, unsolicited phone calls, being cautious of web site visits, including and especially Facebook. Yes, hacker’s favorite sites include Facebook. I’m amazed how often people on Facebook play games, participate in surveys, free items and to participate, must “allow” access to your contacts, your profile, etc. that are on Facebook? Hackers can find so much about you (us,) where we work, what we do etc. and thus use social engineering techniques to maybe steal our identity.