Cyber attacks on the Democratic National Committee and Yahoo have made headlines recently. In both cases, emails were hacked and important personal information accessed by cyber criminals. It’s rampant! What can you do to protect yourself?
When personal email accounts of the top individuals at the Democratic National Committee (DNC) officials were hacked, information of a sensitive nature was released to the public. Did this impact the election? Who knows, but the lasting impression should be that no one’s information on the internet is 100% safe! We were reminded of this again when Yahoo acknowledged that their system was hacked in 2013 and 2014 and 1.5 billion users had their personal data compromised!
While you may think this requires an extremely complicated and sophisticated attack to breach such a major political institution as the DNC or companies the size of Yahoo, that’s not the case. What important lessons can be learned from this?
Simpler Than You Might Think
Recent reports from The New York Times have revealed that the DNC hackers gained access to the email accounts via simple “phishing” emails. So what is phishing? Phishing uses an innocent-looking email to entice recipients to click on a deceptive link, giving hackers access to their information or network.
More specifically, “spear-phishing” emails are tailored to fool a specific person. In the case of the DNC hacks, the phony emails contained warnings such as “someone just used your password to try to sign into your google account” and then offered a large-sized link to “Change Password”. This link, however, was a portal that gave hackers access to their email account and personal information.
These harmful breaches aren’t always targeted at government officials or large institutions. Millions of successful hacks that don’t make national headlines bait people into giving up their personal information with the simple click of a button. While this is not the only method employed by hackers, there are a few precautions that can be taken to ensure you do not fall victim to similar breaches.
Don’t Follow That Link!
We can all learn from the example above: If an unsolicited email prompts an action such as account maintenance or a password reset, do not follow the link! While you may be 99.9% certain that the email came from a trusted source, your best practice is to open a new browser window, go to the account website, log in and proceed. Hackers are constantly improving the believability of such attempts, and it can be difficult to distinguish a legitimate email from a phony one.
This also applies to web browsing, which can provide opportunities for hackers via socially engineered “Trojans.” This use of the term Trojan is derived from the ancient Greek story of the wooden horse disguised as a gift that was used to help Greek troops invade the city of Troy.
Trojan viruses work in a similar fashion. They are generally disguised as popular computer programs or antivirus software prompting the user to download an update to improve their system’s security. Once the user follows the download process, they effectively invite the virus into their system - similar to the Trojan horse being invited into the city of Troy - and all sorts of information can be compromised. It is important to note that this type of attack is typically not orchestrated by the website itself. Rather, the website has been temporarily hijacked as a portal to prompt its visitors to hand over their information.
Caution: Free Public Wi-Fi
While traveling on vacation or simply stopping in at the local coffee shop between meetings, be careful using the free public Wi-Fi. These Wi-Fi systems are not highly secure and generally do not encrypt the important information you are sending over the internet. For this reason, avoid connecting to websites where you need to use passwords and/or enter credit card information.
Cyber criminals have gotten even smarter. They have found a way to take advantage of your desire to stay connected by creating an alternate network with a name and look similar to the free Wi-Fi you are trying to utilize. To avoid this direct hacking of your information, check with the establishment to ensure the network name and password you are using is legitimate.
Homeland Security has developed a campaign to educate and enable individuals to prevent hackers from stealing their personal information as well as identifying and reporting questionable websites and activities. The only way to stop cyber criminals is for each of us to be knowledgeable enough to avoid the hacker’s traps. For more information, go to: https://www.dhs.gov/stopthinkconnect