20 Cyber Security Secrets Hackers Don’t Want You to Know
Computer hackers have lots of tools to threaten your Internet security, but these tips from cybersecurity experts can help protect your privacy.
We send incredibly personal emails
Spear phishing, the act of sending targeted emails to get you to share financial information or passwords, can be exceptionally sophisticated. “The old-style ones had spelling and punctuation errors, but today, it has really become an art,” says Mark Pollitt, PhD, former chief of the FBI’s computer forensic unit. “They may call you by name, use your professional title, and mention a project you’re working on.”
Outsmart us: Spot phishing emails by looking for incorrect or unusual URLs (hover over links to see the actual URL address), requests for personal information or money, suspicious attachments, or a message body that’s actually an image. Unless you’re 100 percent confident that a message is from someone you know, don’t open attachments or click links. Here’s how to avoid the most common online scams.
We’ve got all the time in the world
Dusan Petkovic /Shutterstock
Hackers have programs that systematically test millions of possible passwords. “They go to sleep and wake up in the morning, and the program is still going, testing one password combination after another,” says Peter Fellini, a security engineer with Zensar Technologies, an IT and software services firm. Look out for these signs your password could get hacked.
Outsmart us: Instead of a password, try a passphrase. Use letters and characters from a phrase and include special characters, numbers, and upper- and lowercase letters (Mary had a little lamb could become [email protected], for example). Or consider a password manager that generates and remembers random, difficult-to-crack passwords. (Even then, some experts recommend unique passphrases for financial accounts in case the password manager gets hacked.) Not even the real world is safe from fraud–watch out for this new mail scam that targets pregnant women.
We love your Bluetooth headset
Sviat Studio /Shutterstock
If you leave the Bluetooth function enabled after using a hands-free headset, hackers can easily connect to your phone, manipulate it, and steal your data.
Outsmart us: Always turn Bluetooth off after you use it. Set your visibility to “off” or “not discoverable,” and require a security code when you pair with another Bluetooth device. Want to avoid public wifi? Learn how to set up a mobile hotspot with these quick tricks.
We sneak while you surf
A growing number of cyberattacks are arriving via “drive-by download,” says Giovanni Vigna, PhD, a computer science professor at the University of California at Santa Barbara and co-founder of anti-malware provider Lastline Inc. “You visit what looks like a perfectly harmless website,” he says, “but in the background, you are redirected to a series of other sites that send you an attack.” Often even the website’s owner doesn’t know the site has been compromised. Although search engines keep blacklists of known malicious sites, the bad sites are continuously changing.
Outsmart us: Make sure you install all available updates to your browser or use a browser that automatically updates, like Firefox. Vigna’s research has found that Internet Explorer users are most vulnerable to these attacks. Learn more about your computer–your “private” browser may not be so private.
We can infiltrate your baby monitor or smart TV
Remember, your smart device is essentially a computer—and chances are, it’s not a particularly secure one. Anything in your house that’s connected to the Internet, from your smart fridge to your climate-control system, can be hacked. In several recent incidents, hackers were able to hijack a baby monitor and yell at a baby. Experts have also shown how hackers can turn on a smart TV’s camera and spy on you.
Outsmart us: When setting up smart devices, always change the default password. Most of these devices work from your wireless router, so password protecting your Wi-Fi can also help. Keep up with firmware updates; many devices will inform you when there’s an update available. Otherwise, look for an Update Firmware option in the main menu or settings. Keep in mind these more red flags someone is spying through your devices.
We eavesdrop on free public Wi-Fi networks
Even if you’re connected to a legitimate public network, a “man-in-the-middle” attack can allow hackers to snoop on the session between your computer and the hot spot.
Outsmart us: Avoid public Wi-Fi if possible, especially unsecured networks without passwords, advise security experts at MetLife Defender, a personal data protection program. Instead, set up your smartphone as a secure hot spot or sign up for a VPN (virtual private network) service. If you must use public Wi-Fi, avoid financial transactions and consider using a browser extension like HTTPS Everywhere to encrypt your communications. Here’s what URL actually stands for.
We lure you with “shocking” videos on Facebook
Natee Meepian /Shutterstock
A friend just posted a video of an “unbelievable animal found in Africa.” If you click to watch, you’re asked to download a media player or take a survey that will install malware on your computer, says Tyler Reguly, manager of security research at the cybersecurity firm Tripwire. It also shares the video with all your friends.
Outsmart us: Type the video’s title into Google and see if it’s on YouTube. If it’s a scam, someone has probably already reported it. Be aware of these other clear signs you’re about to be hacked.
We take advantage of your typos
Denys Prykhodov /Shutterstock
Fake sites with slightly altered URLs like micrososft.com or chse.com look surprisingly similar to the real site you meant to visit, but they’re designed to steal your data or install malware on your computer.
Outsmart us: Double-check the site’s address before logging in with your name and password, especially if the home page looks different. Check for https in the address before typing in your credit card information.
We crack your password on “easy” sites
A 2014 study found that about half of us use the same password for multiple websites, making a cybercrook’s job easy. “A hacker will break into a soft target like a hiking forum, get your email address and password, and then go to your e-mail account and try to log in with same password,” says Marc Maiffret, chief technology officer at BeyondTrust, a security and compliance management company. “If that works, they’ll look to see if you have any emails from a bank. Then they’ll go to your bank account and try that same password.”
Outsmart us: Use two-factor authentication, a simple feature that requires more than just your username and password for you to log on. In addition to your password, for example, a site may require you to enter a randomly generated code sent to your smartphone to log in. Many companies—including Facebook, Google, Microsoft, Apple, and most major banks—now offer some form of this safeguard. (For a list of companies that offer it, visit twofactorauth.org and click Docs under your provider to learn how to set it up.) Know these 9 ways your password is probably weak, and correct them.
We can easily break into routers that use WEP encryption
Syafiq Adnan /Shutterstock
Many older routers still rely on a type of encryption called WEP (Wired Equivalent Privacy), which can easily be cracked with a widely available software program that anyone can download.
Outsmart us: Make sure your router uses WPA2 (Wi‑Fi Protected Access 2), the most secure type of encryption, or at least WPA. Click your computer’s wireless network icon to check the security type. If your router doesn’t give you one of those choices, call your router manufacturer to see if you need to do a firmware update—otherwise, plan to get a new router. Don’t forget to change your preset Wi-Fi password, since any good hacker knows the default passwords for all major routers.