In 2009, Scott McGready stumbled upon a massive phishing scam that targeted his company's email server.
A flurry of emails flooded the company, all originating from the same source and containing false identities in order to deceive individuals into clicking on suspicious links and divulging personal information.
McGready reveals that in his investigation he located the phisher's database, which held the personal details of thousands of people. Astonishingly, the criminal had collected these records with merely a minimal effort.
This revelation sparked McGready's passion for information security and educating others on safeguarding themselves against fraud.
Here, McGready, along with other IT professionals, shares several key lessons on protecting your personal data:
1. It is important to be aware that a vast amount of personal information is available online.
"Having easily accessible data online enables individuals to customize phishing emails for their targets effortlessly," explains McGready.
However, in this particular context, what does "data" actually encompass? Well, essentially everything. Even without us being aware, our everyday internet usage patterns and location records can divulge significant details about us. Even if one's name is not explicitly linked to it, a knowledgeable social hacker could still deduce sensitive information.
2. It is important to note that your personal information can be revealed by your friends, even if you do not have an online presence.
"We often disclose intimate details about our lives on social media due to the influence of our peers, whether it is providing our birthdate on Facebook because the platform continuously prompts us for it," explains McGready. However, it becomes more concerning when a friend tags you in a photo from high school that includes the school mascot in the background, inadvertently revealing another security question.
3. Be cautious in order to lessen the risks (even if they cannot be entirely evaded).McGready suggests maintaining the maximum level of privacy on your social media profiles and requesting your loved ones to do the same. "Even individuals who purposely abstain from social media can still be trackable through their friends or family who post 'dinner table selfies'."
4.According to McGready, it is important to review the Facebook apps and third-party services that have access to your account, and to only provide them with essential information to mitigate the potential harm of a future data breach. As an illustration, it is unnecessary and risky for Bejeweled Blitz to have authorization to access all of your Facebook content, post on your behalf, and send unwanted messages to your contacts.
5. Dedicate some time to eliminating your outdated accounts.
Eliminate your iwasdefinitelyacool15yearold@aol.com email address, as a skilled hacker could potentially exploit it. Additionally, it's common for individuals, including myself, to have numerous dormant accounts on various websites. I strongly advise accessing these accounts, modifying all personal details, and then permanently deleting the account.
6.Don't be ashamed if it happens to you. Even professionals in the IT industry can fall victim to it!
Georgia Bullen, the director of technology projects at New America's Open Technology Institute, shares her experience of being hacked:
"I had a weak password, which allowed someone to develop a program that would gain access to insecure accounts and send spam."
The emotions she felt during that time are relatable to anyone who has been hacked: "I felt ashamed, bewildered, and then extremely concerned that someone else would fall for a trap set by me."
7.It's important to exercise caution and be informed about any website or service you join, as even a small amount of awareness can have a significant impact.
8. Establish a strong password strategy.
Passwords are the weak point of modern technology — however, there is a solution.
"By finding one password, hackers can identify where it has been reused and then gain access to those accounts as well. This is where the real danger lies," explains Harlo Holmes from the Freedom of the Press Foundation.
That's why it is recommended to have different passwords for each website or service, using three random words combined with special characters. A DiceWare password such as "correct horse battery staple" is a good starting point.
9. Utilize a password manager.
Password managers are capable of creating robust, unpredictable passwords on your behalf. Furthermore, they maintain records of all your diverse passwords so you don't have to commit them to memory.
You only need to recall a single highly secure master password to access any other potential password combination. In this way, according to Bullen, you cannot even unintentionally disclose your password verbally since you genuinely do not know it yourself! (Except for your master password - avoid doing that.)
10. Implement two-factor authentication (2FA) to enhance security.
Security is important, but having a contingency plan is even more valuable. 2FA ensures that a code is sent to a personal device to verify the true identity of the user logging in. Even if your password is compromised, it is unlikely that the hacker will also have access to your smartphone. (Most likely.)
11. It is advisable to utilize a distinct email address, accompanied by a robust password, for crucial accounts such as banking. This will make it more challenging for hackers to gain access to your important accounts, even if you happen to employ the same password elsewhere. Additionally, ensure that this secondary email account also has two-factor authentication enabled.
12. Make sure to inspect links before clicking on them.
McGready issues a warning that although a link may present itself as valid, a closer look can reveal that it leads to an unexpected landing page.
13. Checking the web address is fundamental.
Although it's not foolproof, seeing that green padlock on your browser's screen is an encouraging signal. Nevertheless, McGready cautions us that encryption doesn't validate the website. So, always make sure to take extra steps to ensure maximum protection.
14. Take measures to protect your router.
Using the default password for your router may seem harmless initially, but it actually exposes you to potential hackers (there are even websites available that disclose various router default settings). If someone manages to gain access to your router, they can essentially infiltrate your entire home network. Therefore, it is worth going the extra mile to establish a sturdy username and password.
15. Be cautious: Nowadays, the internet is integrated into various products, ranging from lightbulbs to baby diapers. This is both exciting and concerning.
McGready regards "the internet of things," or IoT, as the most significant future online danger. While you may have concerns about Amazon's surveillance, you likely haven't thought about the possibility of other entities spying on you through a susceptible Wi-Fi or Bluetooth system in your smart home. "The problem arises when these wireless chips are automatically included in all products, regardless of the customer's preference," McGready clarifies.
16.At the end of the day, the issue lies in the fact that humans place too much trust in various aspects of their online interactions and transactions.
We rely on our friends to keep our personal information private and not share it on social media platforms like Twitter. We assume that employees of popular apps like Angry Birds won't misuse our permissions to take control of our linked accounts on platforms like Facebook. We even trust the presence of a green padlock symbol in our browser bar to guarantee the security of our credit card information, regardless of the intentions of the website asking for it.
In essence, we have faith in the internet's overall integrity and the good nature of people who use it.
Detecting and addressing a problem becomes difficult when it remains hidden from view. This is why McGready feels so strongly about educating the public on online safety.
McGready believes that by showcasing the capabilities of scammers and the warning signs to look out for, people will be better equipped to protect themselves. It's much more impactful to demonstrate how a scammer can deceive someone by sending a text that appears to be from their own mother, rather than simply telling them about it.
Shielding ourselves completely from the perils of technology is challenging. However, by conducting thorough research and taking appropriate precautions, we can minimize our risks. The key lies in knowing where to begin.