So the issue with cyber security, is that most people don’t know much about it. They also don’t care and adopt an “it’ll never happen to me” attitude.
This is what give attackers an easy ride.
Banks and some software providers do now enforce that you use strong passwords. The thing is, an attacker isn’t going to target your bank or paypal account straight away. They are probably going to go for your email account. They might also go for one of your social profiles.
- most people are stupid and use the same passwords for many things.
- if you can obtain access to someones email account, you can access anything else with password resets.
How to protect yourself online
So picture this scenario…
Mr Hacker uses one of his password guessing scripts to bust your easy password on your email account.
He logs in and notices that you have a Facebook and Linked’In account. He tries the same password on those and gets into Facebook.
He now knows who you are friends with, and who you’ve been talking to recently (you’ve got a dinner with Julie, your sister, this week).
While in your email account he notices you have an amazon account.
Over at Amazon he finds you’ve use a different password.
He uses the password reset tool and gets sent an email (to your account) with a link to reset the password.
He clicks it, but Oh No! Amazon thinks something fishy is going on because you’ve not logged in from this IP address before. So it asks you a security question.
“What was the colour of your first car?”
Remember, Mr Hacker knows that you and Julie (your sister) are having dinner this week. He knows this from the messages in your Facebook account.
He goes over to Facebook and reads through a few pages of your messenger conversation with Julie. This is so he can understand what type of language you use and the tone of your messages.
Now he knows this. He can send Julie a message and sound authentic.
“Hey Jules… random question but I can’t remember for the life of me… what colour was that car I got when I passed my driving test? I was just chatting to Kim at work about crappy cars that we got and now its bugging me lol”
Now he waits patiently to see if he trap has worked.
“How could you forget! it was bright yellow! I hated that car lol”
After now successfully answering the security question he has reset your amazon password.
Now he has a few options. He could sell the login information for a small amount of money on the dark web. Or he can buy shit. He opts for the latter.
Once in, he finds something nice that he fancies and orders it. Except he doesn’t send it to your address (which he now knows because its in your amazon account). He sends it to an address a few streets away and requests next day delivery, with a time slot between 8am-12pm. Also, he adds a mobile number (burner phone) for text notifications of the delivery ETA.
The next day he gets a text at 07:00: “Your parcel will be delivered between 09:15 and 10:15”
Great. Now he just needs to go and park on the street and wait to see the delivery van.
09:35 the van comes down the street.
He calmly gets out of his car and approaches the house he has used to send the delivery to. (hoping that no one is home).
A few seconds later the delivery man appears, parcel in hand. To be greeted with:
“Morning mate…glad I didn’t miss you, I’ve just got back from the school run… what’s my wife been ordering now!? Spends all my money she does! Anyway, I’ll sign for it…I’m Mr Smith… Cheers! Have a good day!”
The second the van turns the corner, off he goes, back to his car, parcel in hand and you’ve been done.
Take note. THIS HAPPENS EVERY DAY.
This is just one milder example of what bad passwords can do to you. It isn’t just your online world that can be affected. It’s real life.
Remember, make your passwords long and complicated. 16 characters at least and with no pattern. No kids names. No birthdays. The more random the better. Use this generator to help you http://passwordsgenerator.net/
Also try using a password manager like LastPass if you have loads of accounts.
Cute duck photo by Ravi Singh