To stay safe from cyber threats, learn to think like a hacker
Published: Friday, July 19, 2013, 12:01 a.m.
Right now, millions of hackers, spammers and scammers are hard at work. They're after your Social Security number, bank account information and social media accounts. With any of these, they can steal your money or trick your friends into giving up theirs.
The scary part is that anyone can be a hacker. For as little as $3,000, you can buy a complete and fully operational exploit kit. This kit does most of the illegal work for you automatically. You get to sit back and rake in the cash, until you get caught.
Between semi-amateurs with automated systems and serious hackers who are masters of technology and trickery, how can you possibly hope to stay safe?
The best way is to know how hackers do what they do. Once you know that, you can counter their malicious acts. Here are a few popular hacker strategies.
• Phishing scams
Lucky you! A Nigerian prince has selected you to help smuggle millions out of his country. For a little bit of effort — a few simple wire transfers — you'll get a substantial cut. What could be easier?
I bet you're asking yourself, “Who would fall for that?” Well, tens of thousands of people do every year. That's why Nigerian scams, or 419 scams, are still very popular.
Other versions might say you won a contest or have a job offer. Maybe someone wants to meet you, or you can make money for shipping some goods.
The catch is that you have to send in personal or banking information, or pay a fee. Of course, your information and money is going straight to hackers.
Use common sense before reacting to any email. Scams rely on making you act quickly. If you think about things long enough, you can usually see through them. Just remember the old saying, “If it looks too good to be true ...”
• Trojan horse
Many hackers want to slip a virus on your computer. Once installed, a virus can record everything you type and send it back to the hacker. It can send out spam email or attack other computers.
To do this, the hackers disguise the virus as something harmless. This is called a Trojan horse, or just Trojan.
Trojans often are delivered via “phishing” email scams, which try to get you to open an attachment.
The attachment might look like a normal file, but it contains a Trojan. Clicking on the file installs it before you can do anything.
Similar scams appear on Facebook and Twitter. You think you're going to watch a funny video your friend posted. Instead, a popup tells you to update your video player. The “update” file it provides is really a Trojan.
The key to defeat this tactic, as with phishing emails, is common sense. However, up-to-date security software is essential as well. It should detect and stop most Trojans before they can install.
• Drive-by downloads
Security software is good, but it isn't always enough. Programs on your computer might have weaknesses that hackers can use to bypass security software.
To take advantage of these weaknesses, hackers set up a website embedded with viruses. You might get there by clicking a malicious link in a phishing email or on social media. You can even find these sites in a search for popular programs or topics.
It isn't just malicious sites, though. Hackers can sneak malicious code on to legitimate websites. The code scans your computers for security holes. If it finds one, a virus can download and install without you doing anything.
To stay safe, you have to keep your programs up to date. Every month, Microsoft releases updates for Windows and Internet Explorer. These updates close critical security holes that hackers exploit.
Other critical programs to patch are Adobe's Flash and Reader, and Oracle's Java. Using old versions of these programs is like sending hackers an engraved invitation.
You should also be using the latest version of your programs. Anyone using Internet Explorer 6, 7 or 8 needs to update or switch browsers immediately.
• Bypassing passwords
In Hollywood movies, hackers are masters of guessing account passwords. In the real world, however, very few hackers bother.
Instead, they go around passwords. They might get your password from a data breach at a company or website you use.
It's important that you use a different password for every account. That way, if a hacker discovers one, they can't get in to every account.
Perhaps the hacker slipped a virus on to your system. It records your passwords and sends them to the hacker; no guessing needed.
As I mentioned above, you can stop viruses with up-to-date security software and programs.
A hacker might tackle your account's security question. Most security questions can be answered with information people post publicly.
You should change how you answer security questions. Give a random answer that has nothing to do with the question. That way, no one can guess it.
• Using open Wi-Fi
I'm sure you have a Wi-Fi network at home. Is it encrypted? If you don't know the answer, then it's probably not.
That means hackers, and neighbors, can connect to your network from outside. They can see and record everything you do. They can visit bad websites and download illegal files on your connection. You might be getting a visit from the police.
Take a few minutes and secure your network. Trust me; it's worth it. The instructions will be in your Wi-Fi router's manual.
Kim Komando hosts the nation's largest talk radio show about consumer electronics, computers and the Internet. To get the podcast, watch the show or find the station nearest you, visit www.komando.com/listen.
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.
- Early-morning snowstorm hampers Western Pa. commuters
- Host of Steelers veterans look toward career survival mode
- Steelers film session: Polamalu not at fault on long run
- Pirates notebook: Huntington narrows team’s offseason targets
- UPMC doctor killed trying to help at 50-vehicle pileup
- Young defensemen lift Penguins to win
- Monroeville police officer kills man in shootout
- Expert: KO doesn’t mean ‘worst’ concussion for Pens’ Orpik
- Pirates will shop while starting pitcher Burnett makes his decision
- Penguins’ Neal suspended five games for Marchand hit
- Pitt defensive lineman Donald brings home Bronko Nagurski Award