There’s been a lot of talk about Russian hackers infiltrating the Democratic National Committee’s servers and then leaking sensitive emails via WikiLeaks.
The breach, which happened in June but was revealed this week, may sound like a high-level hacking plot by international spies that doesn’t have anything to do with your personal cybersecurity. We are here to tell you, that is incorrect.
In times like this, it is good to remember Russia, or any government for that matter, could turn its attention to you — if, for some reason, they decided you had some information they needed to obtain. Perhaps you work for an important company or you are the love child of a Soviet spy. Whatever the reason, it is a good time to consider your privacy online.
The attack on the DNC was investigated by cybersecurity firm CrowdStrike, which not only claimed the Russian government was behind the hack but also noted it was due to “spear phishing.” And they are not referring to the sport.
Spear phishing is the term for when a hacker sends you an email that pretends to be from someone you trust, but is in fact a scammer. “The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you,” security firm, Norton, warned.
In other words, these scammers are getting smarter and they may be using you to get into your company’s networks. So how do you prevent being the one that exposes your company to an attack? There are a few crucial things you can do.
Understand how the hackers think
Knowledge is power when dealing with hackers. Understanding a little about how hackers think will put you ahead of the pack when it comes to protecting yourself.
“Get educated on exactly what spear phishing is,” Steve Morgan, Cybersecurity Ventures CEO and founder, said in an email to Mashable. “First off, a spear phishing email has a spoofed (forged) address and appears to be coming from a trusted source — for instance a co-worker or manager — when in fact it is coming from a malicious person (hacker).”
In the case of the DNC attack, there were two groups that infiltrated the systems. The first group, codenamed “Cozy Bear” for no obvious reason, is known for its use of a spear phishing method that sends a person web links to programs which install themselves on your computer. These programs normally include sophisticated tools that allow the hacker to remotely access your computer, CrowdStrike’s Dmitri Alperovitch wrote in a blog post.
The second group, “Fancy Bear,” is a little more detailed in its approach. With groups using this method, you really need to be on the look out. Fancy Bear registers domain names that resemble ones of the legitimate organizations they plan to target, according to Alperovitch. The group then copies the look of the victim’s email service and goes in for the kill.
“When it comes to phishing scams, attackers look to the emotional aspects of human decision making to execute their attacks.”
“When it comes to phishing scams, attackers look to the emotional aspects of human decision-making to execute their attacks,” a spokesperson from Norton Security told Mashable. “Cyber criminals will use social engineering as a method to try and get people to divulge sensitive information or install malicious malware onto their computers.”
Social engineering includes hackers researching the victim by looking at their social media profiles and online activity to find out everything they can about them and the organization.
When you receive an email from someone who knows who you are, appears to be from your organization or is someone you trust and is asking for an urgent response, it is much easier to respond without paying much attention. This is their evil plan. Next thing, you are exposed.
Firstly, don’t have your cat’s name, your mum’s home and your friend’s engagement splashed all over Facebook. Try and keep as much private as you can, especially when signing up to websites. It can all be pieced together to make an in-depth profile of who you are, where you live, who you are friends with and what you do. If you want to freak yourself out over your social media sharing, a visit to TakeThisLollipop.com should do the trick.
To check how vigilant you have been, do a Google search of yourself and see what you can find. Terrifying.
Don’t be lazy with your password
Passwords can not be the same for multiple sites. They should also be super difficult and preferably not contain the word “password.” Use a program such as LastPass or any of these brilliant tools to generate and store the most difficult passwords you can imagine.
If you can remember it, it can probably be easily hacked. Throw in a couple of exclamation points for good measure.
You should also turn on two-step authentication. Even though it’s the most annoying thing on Earth, think of the security it brings. Google made it a little bit easier recently by adding a one-click verification option. For instructions on getting it set up, check out this link.
Think before you respond
If your friend or brother’s cousin is asking you to wire transfer them money via email, alarm bells should go off. That is the most obvious example, though, and the people doing the phishing at the level of the DNC attacks are way more sophisticated than that.
Be on the lookout for anything suspicious in an email. If your friend is writing in a slightly different tone, give them a call or a text to check it is them. The same goes for dealing with organizations you are familiar with. If you aren’t expecting an email, be cautious about downloading attachments.
In other words: be alert, all the time.
Read more at: http://mashable.com/2016/07/27/dnc-hacking-protect-yourself/#PZIoJN63WGqw