Industrial espionage, social engineering and no-tech hacking are all very real, and there are simple precautions that you can take to protect yourself, which this article will discuss. Whether you are a high-profile businessman or a housewife (or househusband), keeping the information you want to remain private private should be important to you.
What Is "Social Hacking"?
This is a broad term, but it usually entails using acquired information to manipulate people in order to gain access to something that would otherwise be inaccessible to you. Let me call in one of my most favorite movie characters of all time, Regina George. Believe it or not, she is a perfect example of an efficient social hacker!
- Regina: Wedell on South Boulevard.
- Gretchen: Caller ID!?
- Regina: Not when you connect from information... Hello, may I speak with Taylor Wedell?
- Taylor Wedell's Mom: She's not home right now, may I ask who's calling?
- Regina: Oh, this is Susan from Planned Parenthood, we have her test results. If you could have her call me as soon as she can? It's urgent, thank you! [Mom faints] She's not going out with anyone tonight! [All giggle]
Regina's social engineering is fun to watch (and we could all learn a thing or two from her), but let's now look at some common techniques used by typical social hackers to gain sensitive information about you or your company. This article will focus more on the no-tech, physical approach. To protect yourself online check out Null Byte's Anti-Doxing article.
Shoulder Surfing
One mistake people make is being too casual when using their computer in public places. Someone could easily come and stand behind you, nonchalantly texting on their phone, pretending to wait for someone. However, in reality they could be watching what you are doing on the computer, taking pictures with their phone.
I am astonished at how many times people have asked me to watch their computer so they could go to the bathroom or something? I do not even know these people! I was just studying for a test on the couch. Also, when I am in lectures, everyone has their laptop open and they are doing all sorts of stuff. I could easily target someone and simply sit behind them and watch without anyone ever getting suspicious.
If a malicious social hacker comes by, they could glean an email addresses that you trust and pose as them, or if they deem your laptop valuable, they might attempt to steal your computer. It is amazing what someone can do with a little seemingly innocuous information.
How to Prevent Shoulder Surfing
You could always use a Snuggie to prevent anyone from seeing what you are doing on your computer...
But I think the following steps are a bit more practical.
- Never leave your computer unattended. Also, don't trust the stranger next to you to be responsible! I mean, someone could come up and grab the computer and if another person questions you, then you simply say you are their friend and they asked you to come get it for them. Most likely, no one would be the wiser.
- Avoid using your computer in public places. This is where you are most vulnerable. If it is absolutely necessary, then try and get a seat that doesn't allow someone to look over your shoulder.
- Purchase a privacy filter, which essentially makes it so that you can only see the screen from one angle. This is great, but the fact that you have a privacy filter might tip someone off that you are protecting private information, a sort of catch-22.
- Be wary of everyone around you. As with most predators, they look for the easiest target with the biggest gain. Follow the preceding steps (and this one) and you should be relatively safe. Using caution and common sense are excellent weapons against attacks. Always assume everyone is a malicious social hacker and a crazy driver, as I always say.
Dumpster Diving
You might also be surprised what people throw away in the garbage. You can learn a ton about someone by looking at what they throw away and what sites the visit on the Internet. We are often under the illusion that our privacy is somehow magically protected simply because no one is standing right behind us. This is not the case. We leave digital and physical footprints everywhere, so you need to tread lightly and/or cover your tracks.
* If you didn't already know, it is not illegal to look through someone's garbage, as held up by the Supreme Court decision, California vs. Greenwood. Anyone can come and snoop through your garbage and there is nothing, legally, that you can do!
It may seem self evident, but it is extremely important that everyone has a personal shredder. They are not that expensive and they greatly hinder the efforts of attackers. Now that we've got that out of the way... the next most important question is what do I and don't I need to shred?
My philosophy—when in doubt, shred it. I pretty much either shred my mail or put it in a special place. Basically, anything that has your full name or signature and other identifying features, such as IDs, PINs, SSNs, etc. should be shredded. For a more comprehensive list, click here.
There are really many vectors of attack besides just these two, since we live in the information age. Any time you put information in the open you should think: What information am I potentially giving out? Who could access it? How well do I trust them? Why should I trust them?
- Stay tuned for more Invisible Computer articles!
- Follow us on Google+ or Facebook!
- Questions? Ideas for new articles? Visit our forum or message me!
Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.
6 Comments
These are all great facts. I remember being young and dumpster diving for logs at the local telecom office. This was many years ago and back then they would transmit and print passwords in plain text!
Haha, wow! I bet you had fun with that? :)
For some reason, I'm over paranoid when it comes to physical documents. I shred everything. I even cut out my name and address on all of my junk mail and shred them. But that's just an old habit that's probably overkill now, since anyone with a computer can probably find my address.
Yes, geographical information is quite readily available if you can find just a few tidbits about someone. Mostly you don't want them to be able to gain information associated with your name, such that they can now impersonate you.
I do love the Snuggie idea. That's gold.
Snuggies: protect yourself from malicious social hackers! Call now and you only pay $19.99! :) Now the can add that to their infomercial? haha
Share Your Thoughts