While the intentions of cybercriminals vary, their approach to hacking people tends to follow a few general techniques. Let’s review five of the most common ways people are targeted and how you can protect yourself and your organization.
Outdated Devices or Software
Failure to run updates equals failure to patch critical security vulnerabilities. Cybercriminals can use those vulnerabilities to steal valuable information or infect devices with malware. In your personal life, it’s best to enable automatic updates whenever available so you never miss an important security patch. At work, follow policy for how and when to install updates.
Phishing Scams
Since phishing scams are the top way people get hacked, they should be your top priority in terms of security awareness. You can spot most attacks by looking for common warning signs. These include suspicious links or unexpected attachments in messages, random requests for confidential information, and threatening or urgent language. Think before you click!
Weak Passwords
Cybercriminals often use password-hacking software that can easily crack weak passwords in minutes, sometimes even seconds. This is how they get access to online accounts, which allows them to steal data or money or leverage social media profiles for malicious purposes. Don’t let it happen to you. Ensure every password is several characters long and unique to each account.
Malicious Phone Apps
Popular app stores have implemented rigorous processes to identify and eliminate malicious applications. Unfortunately, it’s still common for malicious apps to find their way to the public. Before installing anything, always do some research. Take a few minutes to review how many downloads an app has and ensure the developer is trustworthy. For work-issued devices, never install any software without explicit permission.
Social Engineering
Not every attack involves sophisticated, technological processes or software. Sometimes, the easiest way to hack someone is by simply misleading them. That’s the main idea behind social engineering — the use of deception and psychological manipulation. Avoid this by staying alert, never assuming someone is who they claim to be, and treating any request for money or confidential information with skepticism.
Remember, people (like you) are the last line of defense. Be sure to report suspicious activity immediately, and always follow organizational policies.
Article retrieved from Unmasking Criminals by The Security Awareness Company – KnowBe4, Inc. (2023)