How Hackers Target You
Hackers are all around us ! We are paranoid when it comes to our cyber security , Online account Passwords etc !!! In any hack , Human element is the weakest link . Social engineering is a technique where the hacker might trick the victim of the attack to make the attack successful either by downloading/running a malware file or clicking on a link or what so ever the hack requires .
In this post we see how hackers obtain valuable information about you . Obtaining this information is not very difficult for the hackers. They can do this by a simple google search or by visiting your social network profile . Here is how you are helping the hackers :
How Hackers Obtain Information About You
As the largest social network, Facebook profile is the first thing you need to secure. Go, check it out from the outside. Log out of your Facebook then look your account up, from an outsider’s point of view.
If your Facebook profile shows too much information, you will likely victimize yourself.
Account Recovery Hack on Facebook
Let’s do an experiment. Pretend you forgot your password, then go into Facebook. Facebook may ask you for your email address, your user name or your mobile number. You can provide that information, and it will send you an email with instructions to reset your password.
Previously, there was a method employed by Facebook to reset the password, and that method had your trusted friends involved for the purpose. It sounds foolproof unless you accept a lot of friend requests on Facebook. Picture this: You get a friend request from a few people that you don’t know. If you are the friendly type, you’d probably accept those four requests.
One thing you don’t know is that those accounts may be operated by one or more hackers. What they will do is simply raise a password reset request on your account, and select three of those four accounts as your “trusted friends”. Facebook emails security codes to those trusted accounts, and boom, the hacker takes over your Facebook account. If you have problems with that, then you should take a look at this post of mine to figure out what to do.
Fortunately, Facebook no longer uses this particular method. It also doesn’t rely on security questions any more. Right now, in order to gather access to a Facebook account, the only way is by securing access to the original email address.
Hence, a hacker needs access to your email account to get into your Facebook account.
Which email service are you using? Depending on that, the security differs. If it is Gmail, I would extremely recommend that you start using the two-factor authentication.
Here are the steps:
1. Go to your Google Account settings (not Gmail settings) and go to theSecurity option.
2. You will see 2-Step verification option. Turn the status ON
3. Add your phone number. Select to receive the codes by text messages or voice call.
4. Enter the code received to verify your account. Make sure you update the records if you change your phone number.
Another important thing on Gmail is notifications about suspicious login attempts. You can opt for email as well as phone notifications if any suspicious login is detected on your Gmail account.
The Truth About Security Questions
Google has a security question that you need to set. Make sure it is set properly. While I was working with email security for AT&T, I have encountered elderly customers answering security questions very truthfully. Even though I took time in explaining to them what a security question is and why they needn’t submit the true answer all the time, most of them did not quite understand it.
Most people don’t realize the fact that a security question answer works exactly like a password, only less secure depending on how you through your information about. Talking about your pet Rover on Facebook a lot then setting it it as your Security question maybe risking it a little. Anybody can access your account, whether or not they know the password, just by making educated guess about your preferences, which would work if you are truthful with your security questions.
If you are using the customer service option to reset your password for your email, the customer service executive may ask you your security question. Within AT&T, we used to use security questions to verify customers, questions like “Who is your favorite hero?”, and answers like “Batman”.
Not only that, we were authorized to provide the first letter of the answer if the customer gets it wrong the first time. A hacker can easily fake it since the random operator cannot identify the voice of the caller, and is supposed to divulge a password if the caller gives the correct answer.