Security Check by Del Peñano Sep 20, 2017 Social Behavioral Hacks: How Cyber Criminals Hack Your Information A social behavioral hack is a method in which cyber criminals deceive and or manipulate users in revealing confidential information, thus gaining access to a victim’s system and therefore can be used to steal the victim’s identity, money, etc. The main goal of hackers is to rely on people’s carelessness to gain unauthorized access to their systems and of course, the information that resides on the victim’s system. ##Some of the most common methods: Phishing attacks occur by sending fraudulent emails, social media messages, text messages or phone calls to trick victims in providing sensitive information. For example, a hacker may call saying that your credit card has been compromised for suspicious activities and the bank needs to verify your information such as credit card number, mother’s maiden name, last four digits of your social security number, before they issue you a new a credit card. You’re probably saying that most of us know better than to give us this information, but the hackers prey on the elderly or others who are vulnerable and may not know any better. Don’t be a victim. Watering hole attacks occur when cyber thieves place malicious code in the public web page and when an unsuspecting victim visits the website, a trojan is installed on the computer. A whaling attack, as the name implies, is a bigger target to attack and is typically done by impersonating someone’s email (e.g. the CEO of an organization) and the unsuspecting victim opens the email thinking coming from their CEO with specific instructions in some cases. Pretexting is when cyber thieves lie to secure confidential data. The pretexting, the liar pretends to get needed information to confirm the identity of person they are talking to. For example, stating a social security number or security question. ##Other ways hackers get in: Misplaced flash drives: Never ever pick up unknown flash drive, that someone may have dropped or use freebies from vendors, as hackers can use this method to gain access to your account. Some of these flash drives are keyboards and hackers on the other end can see your key strokes and even access your system. Fake technical support calls: Hackers will impersonate being technical support and defraud victims by gaining remote access granted by the victim unknowingly and the hacker “discovers” malware (that they just injected) and then proceed to request a fee to resolve the problem. Vendors should never call its end users. It is always best to contact your provider directly. ##Prevention Train employees on cyber exploits lurking within the business and even on their own devices. Don’t open emails in the spam folder or emails of senders you do not know. Don’t open attachments of unknown origin. Should you ever get a call from your bank or creditor that tell you that your account appears to be compromised, hang up and call your bank or creditor directly. Use two-factor authentication which will make it harder for cyber thieves to get into your account. Use different login and passwords for each account or use password manager such as LastPass or Dashlane. Do regular backups, and in the event your system is compromised, you’ll maintain access your most critical data in order for you to get your business back up and running. In conclusion, we can all take precautions by being aware of emails from unknown senders, fielding unsolicited phone calls and being cautious of visiting websites, including and especially Facebook. Yes, hackers’ favorite sites include Facebook. I’m amazed how often people on Facebook play games, participate in surveys, all free items that require your information to participate, so you must “allow” them access to your contacts, your profile, etc. Hackers can find so much about us: where we work, what we do, who we interact with, etc. and then use social engineering techniques to steal our identities.