To stay safe from cyber threats, learn to think like a hacker
Right now, millions of hackers, spammers and scammers are hard at work. They're after your Social Security number, bank account information and social media accounts. With any of these, they can steal your money or trick your friends into giving up theirs.
The scary part is that anyone can be a hacker. For as little as $3,000, you can buy a complete and fully operational exploit kit. This kit does most of the illegal work for you automatically. You get to sit back and rake in the cash, until you get caught.
Between semi-amateurs with automated systems and serious hackers who are masters of technology and trickery, how can you possibly hope to stay safe?
The best way is to know how hackers do what they do. Once you know that, you can counter their malicious acts. Here are a few popular hacker strategies.
• Phishing scams
Lucky you! A Nigerian prince has selected you to help smuggle millions out of his country. For a little bit of effort — a few simple wire transfers — you'll get a substantial cut. What could be easier?
I bet you're asking yourself, “Who would fall for that?” Well, tens of thousands of people do every year. That's why Nigerian scams, or 419 scams, are still very popular.
Other versions might say you won a contest or have a job offer. Maybe someone wants to meet you, or you can make money for shipping some goods.
The catch is that you have to send in personal or banking information, or pay a fee. Of course, your information and money is going straight to hackers.
Use common sense before reacting to any email. Scams rely on making you act quickly. If you think about things long enough, you can usually see through them. Just remember the old saying, “If it looks too good to be true ...”
• Trojan horse
Many hackers want to slip a virus on your computer. Once installed, a virus can record everything you type and send it back to the hacker. It can send out spam email or attack other computers.
To do this, the hackers disguise the virus as something harmless. This is called a Trojan horse, or just Trojan.
Trojans often are delivered via “phishing” email scams, which try to get you to open an attachment.
The attachment might look like a normal file, but it contains a Trojan. Clicking on the file installs it before you can do anything.
Similar scams appear on Facebook and Twitter. You think you're going to watch a funny video your friend posted. Instead, a popup tells you to update your video player. The “update” file it provides is really a Trojan.
The key to defeat this tactic, as with phishing emails, is common sense. However, up-to-date security software is essential as well. It should detect and stop most Trojans before they can install.
• Drive-by downloads
Security software is good, but it isn't always enough. Programs on your computer might have weaknesses that hackers can use to bypass security software.
To take advantage of these weaknesses, hackers set up a website embedded with viruses. You might get there by clicking a malicious link in a phishing email or on social media. You can even find these sites in a search for popular programs or topics.
It isn't just malicious sites, though. Hackers can sneak malicious code on to legitimate websites. The code scans your computers for security holes. If it finds one, a virus can download and install without you doing anything.
To stay safe, you have to keep your programs up to date. Every month, Microsoft releases updates for Windows and Internet Explorer. These updates close critical security holes that hackers exploit.
Other critical programs to patch are Adobe's Flash and Reader, and Oracle's Java. Using old versions of these programs is like sending hackers an engraved invitation.
You should also be using the latest version of your programs. Anyone using Internet Explorer 6, 7 or 8 needs to update or switch browsers immediately.
• Bypassing passwords
In Hollywood movies, hackers are masters of guessing account passwords. In the real world, however, very few hackers bother.
Instead, they go around passwords. They might get your password from a data breach at a company or website you use.
It's important that you use a different password for every account. That way, if a hacker discovers one, they can't get in to every account.
Perhaps the hacker slipped a virus on to your system. It records your passwords and sends them to the hacker; no guessing needed.
As I mentioned above, you can stop viruses with up-to-date security software and programs.
A hacker might tackle your account's security question. Most security questions can be answered with information people post publicly.
You should change how you answer security questions. Give a random answer that has nothing to do with the question. That way, no one can guess it.
• Using open Wi-Fi
I'm sure you have a Wi-Fi network at home. Is it encrypted? If you don't know the answer, then it's probably not.
That means hackers, and neighbors, can connect to your network from outside. They can see and record everything you do. They can visit bad websites and download illegal files on your connection. You might be getting a visit from the police.
Take a few minutes and secure your network. Trust me; it's worth it. The instructions will be in your Wi-Fi router's manual.
Kim Komando hosts the nation's largest talk radio show about consumer electronics, computers and the Internet. To get the podcast, watch the show or find the station nearest you, visit www.komando.com/listen.