Protect Yourself from “Social Hacking”
When most people think of hacking, they imagine a situation that would be at home in an espionage flick: a high-tech cyber-criminal designs a complicated algorithm that works behind the scenes and steals all your important information. To thwart such attacks, it seems you need all the latest in encryption and antivirus software. However, the reality is that most people aren’t compromised because of a flaw in their technology. Rather, their accounts are stolen because of a mistake they themselves[CW1] have made. Here are some best practices to avoid being “socially hacked.”
Use Strong Passwords
If you’re using easy-to-remember passwords like “asdfjkl,” “12345” or “password,” it’s only a matter of time until one of your accounts is breached. Using common words with correct spelling isn’t great either. Why? One of the most common attacks is called a “dictionary attack,” which is just what it sounds like. There is some debate on what constitutes an ideal password, but in general you can’t go wrong with a long combination of letters, numbers and non-alphanumeric characters. To make memorization easier, try substituting numbers for letters in a phrase personal to you. For example, “H3r3’5ag00dp455w0rd!” (note: don’t use that password, make up your own).
Treat the Internet with Distrust
Beware of anything you see on the internet that seems out of the ordinary. For example, if a friend messages you, “Hey! I just got a super deal on Sun-span© sunglasses! Click here to get the same deal!”, ask yourself if that friend would actually wear Sun-span sunglasses. Would they send you a message if they got a good deal? Even if they would, does the way the message is written look like something your friend would actually type? If you answered yes to all of these questions, you should still refrain from clicking the link, and try to go find the deal yourself from a major shopping website you trust. Nefarious links can lead you to fake websites that try to trick you into revealing your personal information. Sometimes they may compromise your social media account and send the same message to everyone in your friends list.
Use Different Passwords for All of Your Accounts
All your accounts should utilize different passwords. If you use the same password for each account, as soon as someone gets into one they’re as good as gold in all of them. For example, suppose you can’t pass up the sunglasses deal, even if it’s a bit shady. The website prompts you to make an account by entering your email, and choosing a username and password. Whoever runs the website will try using the password you chose to log into the email you entered. If you use the same password everywhere, the attacker will then log into any accounts tied to the email. However, if you always use new passwords, your email account will be safe.
Keep Your Phone Locked
The spread of two-factor authentication has slowed down attackers a great deal. With a two-factor authentication system, after using your password to log in to a website, you’ll receive a text with a special code that must then also be entered. Even if your email is compromised, an attacker won’t be able to use it to reset new passwords at your banking institutions — that is, unless they’re in your email because they swiped your always-unlocked phone. If your phone is stolen but you keep it locked with a pin at all times, you’ll have nothing to worry about (except for a replacement).
Online security might seem like a nerve-racking subject, but it doesn’t have to be. With a few good habits, you can thwart all but the most determined cyber attackers.