Friday, January 30, 2015


I’ve written before about passwords and choosing yours wisely. I know everyone is aware of the danger of “hacking.” That is when unauthorized people access a supposedly secure computer system such as the corporate servers at company XYZ or your own personal computer.

There are many ways these criminals and people who consider computers a sort of puzzle attack computer systems. One is called “phishing” with the funny spelling. (Don’t ask me why, I only report these things, I don’t invent them.)

To quote Wikipedia: “Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.” Phishing is typically carried out by email spoofing or instant messaging. That is, the attacker pretends to be someone they are not. Perhaps that is someone or some site you trust.

It often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. The social engineering part refers to statements in the message that would encourage you to accept or download or click or whatever.

Gone are those days of the email from Nigeria with the poor grammar and spelling. Hackers today have got the form and content down to a science. As far as exploiting the technology, that’s one good reason to keep your software updated. Be sure the automatic update feature is turned on in Windows and Mac to get the latest operating software updates. Don’t ignore other weak areas of your computer. If the hacker can’t get in the front door (OS) they may try the back door or a window. That would be programs like Adobe Flash or Microsoft Office, two common entry points. So keep those updated too.

A focused variety of phishing is called “spear phishing.” Spear phishing is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. Maybe you think this email is from your boss or your aunt Matilda. In fact, it may be. They could have been hacked and are now the source of the contagion.

The spear phisher thrives on familiarity. He knows your name, your email address, and at least a little about you. The salutation on the email message is likely to be personalized: "Hi Bob" instead of "Dear Sir." The email may make reference to a "mutual friend." Or to a recent online purchase you've made. Because the email seems to come from someone you know, you may be less vigilant and give them the information they ask for. And when it's a company you know asking for urgent action, you may be tempted to act before thinking.

I know the email says your account is about to be closed or locked or erased if you don't respond immediately, but stop and think about that. In fact, do you believe that the bank would contact you via email for such an important communications? Uncle Sam still carries letters, and that is the common way your bank, or your broker, or your credit card company will communicate with you. And when Microsoft calls to tell you that you have a problem, do you ever wonder how MS got your phone number? Now you're getting smart.

A lot of successful hacks start out as corporate emails that you think came from your boss or the HR department and so you open them up, click where you are directed, enter information where you are told, and so forth … just like a good employee should. Right?

Well, here’s where a suspicious nature would benefit you. I remember an email I got directed at “mickeya,” “mickeyb,” mickeyc,” etc. at I assume there was another email sent out to “mickey1,” “mickey2,” “mickey3” and so forth. Get the idea? Pay attention to the entire email from the “to” address to the “from” address to the subject and the contents. If you’re not sure, ask. Ask your boss or your aunt Matilda. But don’t reply, use another method of communications. If someone says they are your bank and gives you a URL or a phone number to call, don’t do that. Look up the bank and go to their posted URL or email their posted contact address or call their posted phone number.

By the way, that also works with phone calls. When you receive a call and they say they are the bank, you can tell them you’ll call back, but call the number in the phone book, on your statement, or the one you google for the bank. I trust people when I phone them at a known number. I don’t trust anyone who phones me!

I could go on and on about private information that should be kept private. (How many people know your mother’s maiden name? Especially since you posted it on Facebook.) How about keeping your software updated and patches applied. How about secure and effective passwords and not using the same password for several accounts. You see, hackers may break into one account, steal their password file, and then spend all the time in the world breaking the encryption and figuring out all the passwords. They then try them on other banks or credit card companies, etc.

You need to be smart. It’s like walking in a bad neighborhood. Keep your wits about you and keep on the lookout. A little paranoia isn’t a bad thing when people really are out to get you. A well selected and long password is important. Use of more than just lower case letters is essential, and don’t just capitalize the first letter and add a number on the end. The hackers know about that. Start with a number. Put the capital letters in the middle with numbers. You can use any key on the keyboard. Don’t just use @ and # and $. Use { and ~ and > and = and ; in your passwords. Make them fairly long. At least 8 characters, I suggest more, 10 or 11.

You may have to write them down to remember them, but that’s better than using your dogs name with the number 1 at the end. After all, everyone in your neighborhood knows your dog’s name from you shouting out “here Fido.” Besides, you are always posting about your dog on Twitter. “Fido’s such a good boy … yes he is!”

Good computer security is like good home security. Don’t keep the key under the mat and don’t leave the backdoor unlocked in case you forget the key and don’t leave home on vacation and let newspapers pile up on your doorstep. I know it is hard to be suspicious of your computer when you hardly know how it works. But you are an expert at how it works every day. If something changes or something doesn’t seem right, you may have been hacked.

I won’t even mention not having a good antivirus program. If you aren’t running an antivirus, then you might as well leave the front door wide open and stick a few yard signs out front with “Please rob me” on them. ‘Nuff said. Get smart.

No comments:

Post a Comment