Hacking isn’t just complex programs and sneaky executables. As a matter of fact, a hacker can get your password simply by guessing based on the information you give them. Even if you have security questions set up on your accounts, a hacker can take the information you’ve given them and guess security question answers. This article will help you understand social hacking and what you can do to avoid it.
Becoming a Hacker’s Target
The first step for a hacker is to pick a target. Some hackers target specific companies, and they know that employees can be careless with information. Maybe you work for the company or maybe the hacker just wants your account specifically. Hackers target several people at a time knowing that at least one person will successfully get hacked.
It’s rare that a hacker wants an individual account, but it’s not impossible. For instance, hackers target Gmail users since the email platform is easy for them to spam content. They hack your account and use your contact list to send spam messages to your friends, business associates and family.
Hackers find your account either through email lists or just browsing forums. Your email is the most popular method, which is why you should be careful where you enter your email and information. Stick to trustworthy sites, although this idea alone doesn’t protect you. Even big companies with high-end security get hacked.
If you work for a big company, your account is valuable to a hacker. Be careful where you enter your employee information online. Your email address is usually the same as your login account, so hackers have part of your employee login credentials simply from having your email address.
Finding Your Information
Once the hacker knows his target, it’s time to gather some information. This is where your own accountability and discretion comes into play. Your public messages and profiles play a huge role in social hacking. For instance, suppose you’re a writer and spend hours in your favorite forum. You talk about your favorite food, animals, book, place to visit, birthday, kid’s name, dog’s name and numerous other details about yourself. It’s this information that can be used for social hacking.
You might think that you’re safe if you just add some numbers to your password, but most people use their birthday as the numerical part of their password and append it to the end. Have you ever received a “happy birthday” wish from a forum? Is your birthday in your social media profiles? The hacker uses this information to guess your password.
In extreme cases, the hacker has the social ability to call you. The hacker pretends he is a part of your company’s security department and needs your password. He might not directly ask you for your password, but he could ask for your private information and use it to script guesses. He can also send you an email that looks like it’s from your employer. The email “From” address can be spoofed, so just because it says it’s the IT department asking for your password in email, it could be a hacker.
You can identify these spoof emails by clicking the “Reply” button in your email client and looking at the email that’s automatically entered into the “To” address. Hackers spoof the “From” address and then direct email clients to send a response to their personal accounts. This trick gets users to send private details directly to the hacker’s email address.
All of your social profiles, tweets, forum posts, and anything else you publicly display is up for grabs for a hacker. They collect this information and then get to work guessing your password.
Using Social Hacking to Gain Access to Your Profiles
Each hacker has his own goals. He might want to gain access to your website. Maybe he wants to get into your email account. Maybe he wants to gain access to your employer’s files. At this point, he knows enough information and just needs to figure out your password.
Most websites have defenses against password guesses. Have you ever been locked out of your own account because you’ve entered a password incorrectly too many times? This is for your own security. It blocks hackers from writing scripts that just continually throw guesses at the site. The hacker tries to access your account using basic guesses, but he knows that your account gets locked after too many attempts.
Security questions are usually presented to users when they’ve attempted to log in to their account to many times. This is where your public information is useful, because many websites don’t lock out accounts after too many attempts to answer security questions. The hacker knows what sites block for security question attempts and which ones don’t. Site’s that don’t use lockouts are where the hacker uses social information to guess your password.
Usually, the hacker first attempts to hack your email account. When a hacker gets access to your email account, he can then use it to reset your password on other accounts.
You might think that guessing one password isn’t too much damage. However, do you use the same password across multiple sites? If so, then the hacker uses a guessed password to then reset and access your other accounts using your global password. You should always use a different password for email than you use for any other website. This blocks the hacker from gaining access to your email account provided you don’t accidentally give him access in other ways.
What You Can Do to Protect Yourself?
You don’t have to be antisocial, but you should be aware of what information you publicly post that’s also a part of your passwords. You can also change passwords that could be too easy to guess from social posts to something more difficult.
For instance, if you insist on having a password with a phrase that you recognize, add numbers or special characters in the center of the password. Instead of “mybirthday,” use “my1234birthday.” This makes your password much more difficult for hackers to guess using social hacking.
While social hacking is more difficult than writing scripts, you could still be the victim of a social hacker who gets all of your information from social media and public posts. Be aware of these types of hacks and use passwords that aren’t easily guessed.