Three Ways You Can Unknowingly Get Hacked
Email, text messaging, and phone calls are common and known vectors for attacks. Nowadays, humans engage with each other through countless channels. In certain situations, people might drop their guard and do activities that endanger themselves or the organizations they work for. This post will look at some situations where people could overlook a threat.
What are the characteristics that might make even the savvy cyber pro drop their guard? The guard is dropped when there is trust in an intermediary through which you are interacting with the threat actor. If there is an intermediary, that gives people a false sense of security. This could be a service or platform that assume has done some vetting of the message or messager.
Meeting New People on Social Media
The biggest collection of threats are in social media. The threat takes many forms. It could be a person gaining information on you via looking at what a person posts or shares, and using that information for nefarious purposes. It could also come from a threat actor person imitating someone else to get information, deliver malware, or execute another scam.
Imagine someone sees a friendly face with a few shared connections in their invite folder on LinkedIn or Facebook. They are a friendly person always looking to grow the network, so they click confirm. Shortly afterward, the new connection introduces themselves in a message. The new connection then asks you to visit a website for some tempting reason. After visiting the site, the payload is delivered or the fraud continues.
The best way to keep from getting hacked via social media is to only connect with people you know in real life. This might not always be feasible though, if you are looking to increase your network. If you must create connections with new people, ensure that the content you share is not sensitive. In addition, never click a link or download a file sent through social media.
Checking Out Mobile Applications
When someone installs a mobile application on your phone, you are trusting that app. You assume that the app store you used had verified has ensured it was safe. This is not always the case. It is especially not the case if you use niche app stores. These smaller app stores might tout a special or unique benefit. However, the benefit is overshadowed by the damage a fake application can do.
Malicious mobile apps can wreck havok. Your personal information can be stolen from your phone. Threat actors can use the app to serve junk ads, bogging down performance. In 2019, McAfee documented 65,000 fake apps. Although the Apple App Store only had 17. Keep your mobile apps legit by only using official app stores. Even on these channels, look for authentic reviews on the apps. Review the developers and other information to ensure authenticity.
Playing Online Video Games
Video game platforms and communities allow people to exchange ideas, collaborate, and trash talk with each other. The friends made while battling monsters or playing e-sports might not be what they seem. Just like with social media, the information you share could be used against you. Conversely, if the people you meet send a link or download, it could be malicious.
Microsoft Xbox has a set of standards for the community. They list actions that are serious red flags. Doing these will result in the perpetrator getting removed if discovered by Microsoft:
- Give other players the impression that you’re a Microsoft employee
- Pretend to be an employee of a game developer
- Take any part in DDoS (Distributed Denial of Service) attacks
- Use someone else’s credit cards without their permission
- Share information about another player more broadly than they’ve agreed to
- Post private information about another player (engage in doxing)
- Use someone else’s profile to buy things for yourself
Companies looking to keep their organization and employees secure should let their employees know about these best-practices, where appropriate. Solutions like a Managed Detection and Response solution can be used to monitor.
0 Comments