How Hackers & Scammers Find Your Personal Information Through Social Media?
If a person is on Facebook and friends with their family it’s not hard to find the profile for their maternal grandparents if they’re alive. You can also look at a person’s uncles on their mother’s side, because they will usually have their father’s name (which would be the mother’s maiden name). Some people even provide links to their family tree from ancestry.com or whatever which would make it super easy.
This is my first time even thinking about how you could get that information, so imagine how easily a professional could find it.
My dad taught me from an early age that bank security questions–are only useful if you answer them non-factually. The main problem being remembering what your nonfactual answers are.
Of course, it’s not just banks. Any security question based on public information is like leaving the key in the lock.
Phishing has been a way around security measures since people first started keeping people out of things. Can’t get over the city wall? Convince them that this big wooden horse is a gift. Can’t defeat the bank security measures? Dress up in a convincing uniform and tell an underling key-holder that you’re a contractor there to maintain the vault door. Everything that we can build to keep people out can be bypassed by finding the guy who made or maintains it and either convincing or coercing them.
Nowadays, the only thing that’s been remixed is the wording. Instead of, “Everybody get on the ground, this is a robbery!” it’s “Your savings account will be terminated if you don’t log in right now using this form I’m handing you!” Instead of, “Hi, I’m Steve from your security company, here to check on the money,” it’s, “Hi, I’m Steve from Microsoft Tech Support.” But universally, it’s the same approach as before.
Phishing is when attackers send malicious emails designed to trick people into falling for a scam. Typically, the goal is to get users to reveal sensitive data, such as system credentials or financial information.
One form of social engineering is phishing: a collection of methods that con artists use to sway people’s emotions. Phishing attacks can use a variety of social engineering techniques, including forgery, misdirection, and lying. Phishing emails fundamentally employ social engineering to persuade recipients to act rashly.
Protecting Yourself from Phishing Attacks
The following highlights signs of phishing, and how to protect yourself.
1. Exceptionally good deals or offers.
If an email touts offers that are too good to be true, they probably are. For example, an email claiming you’ve won the lottery or some other lavish prize may be luring you in to get you to click a link or relay sensitive personal information.
2. Unknown or unusual senders
Though phishing emails may look like they originate from someone you know, if anything seems out of the ordinary, be cautious. When in doubt, hover over the email address of the sender to ensure the email address matches the email address you expect. Place a phone call to the company if you are unsure of an email or website. Don’t respond to emails with any personal information. (See the image below for an example of an unusual sender’s email address).
3. Hyperlinks and attachments
These are particularly concerning if received from an unknown sender. Never open links or attachments unless you are confident they are from a safe sender. Type in the link address rather than clicking the link.
Incorrect spelling in the web address. Phishing sites often use web addresses that look similar to the correct site, but contain a simple misspelling, like replacing a “1” for an “l”.
4. Immediate pop-ups
Be wary of websites that immediately display pop-up windows, especially those asking for your username and password. Use two-factor authentication, a browser with anti-phishing detection, and keep security on your systems up-to-date