Millis, MA, USA – April 26, 2018 – Data-greedy villains are constantly lurking in the shadows, ready to take full advantage of their next victim. They prey on every opportunity they can find to get their hands on personal and sensitive data for their own personal gain. Though online hacking is today’s “Gotham City,” criminals have used similar tactics to breach personal information and scam people and organizations for centuries.
The good news is that with a little education, awareness, and some savvy sleuthing, you can be a superhero to protect yourself, your family, and your organization from these scoundrels and their vicious, evil tricks and deceptive tactics. Never let your guard down, especially when your emotions are about to override - be wise, use your instincts and always be one step ahead of their evil tricks.
Here are a few evil tricks villains use, and the Superhero counter punches you can utilize to thwart their evil ways.
Evil Trick #1: Deceiving You With Fake Emails
I received an email just the other day in my personal email box that looked very much like it was from my bank, telling me that my online account had been compromised and locked out, so I needed to login with “this link” to reinstate my account. It looked official, with the bank’s logo, bank address and even branded graphics and colors. In a brief moment of blind shock and anger that came over me thinking that my account had been compromised, I almost clicked on the link, but something didn’t feel right. I hovered over the link instead without clicking to see where it would go, and sure enough the link was an unusual, false link that would have taken me far away from my bank’s secure domain. When I typed in my bank’s URL directly into a browser and logged in to my account, there was no issue, no lockout, no compromise. I compared the email to other emails I had received in the past, and only then it became quite clear that it was a fake email.
These email tactics are becoming more and more popular, and hackers are getting better at their evil deceptions with them. The malevolent trick here is to get you to override your intuition by giving you an emotional situation that will make you blind to your own instincts.
They also try to blanket as many people as possible, by sending emails that look like they are from large accounts or big name brands- like large banks, retail brands, or popular social media sites to try to ensnare as many people as possible.
They send emails that claim an attached invoice is in severe default and you are being demanded upon for immediate payment, or your paypal account has “expired” and needs to be renewed, or your bank is asking for verification of your login information, or your grandmother is stuck in Cuba and is in desperate need of immediate cash. Clicking on links in these emails can lead to downloading viruses, loss of money, gaining access to your accounts, or even downloading malware, which could get into your computer and wreak havoc on your system and network.
Superhero Power Punch #1:
- Be scrupulous with emails using X-ray vision. Always scrutinize an email first – even ones that look official from your bank or favorite retailer, by taking a closer look at it. True we really don't have x-ray vision, but you can examine an email first with a level of scrutiny that will protect yourself from clicking on something malevolent. Don’t click on any links unless you have fully assessed the email to ensure it is from a trusted organization. Don’t let your initial emotions of an email draw you in to clicking right away on a link. Instead, if you have an account, go directly to the website URL of your account in a browser and login from there. Even something as simple as a Facebook notification could be counterfeit, and clicking on a link could lead you to a malicious website. If you have questions about an email, call the organization directly.
- Watch for bad English or grammar. If you find grammatical, punctuation and spelling mistakes, chances are it is fake. Hackers are getting better at this, but still they will often leave something out, or misspell words that can be a vital clue or a red flag.
- Watch for strange or unusual hyperlinks. If the text appears to be legitimate, double-check the link by hovering over it (without clicking on them), the hyperlink on the word should reveal as a popup with the first part of the link being the secure domain of your account like www.yourbank.com. If it looks nothing like the domain of your account, or looks weird, DO NOT click on it. Also watch for links that look official, but aren’t. Links like Amaz0n.com or linkedn.com may look legitimate, but a misplaced zero for an “o” or a missing "i" could make all the difference in the world.
- Look at the recipients. The recipients of an email can often be a clue also as to the validity of an email. If an email was sent to “undisclosed-recipients”, instead of just you, consider moving it immediately to your spam folder.
- There are often other clues as well to watch out for. Always question the validity of the email. Sometimes subtle clues can tip you off that something is wrong. For example, an email you receive on a regular basis may suddenly be missing key brand elements or something doesn't look right. If the subject seems suspicious, delete it. If the sender is suspicious, delete it. If it seems too good to be true, delete it. If it’s from someone or an organization you know, but only has a hyperlink in it with no message, delete it. Your instincts are vital for discerning valid email from the bad.
Evil Trick #2: Stealing Your Precious Jewels
It’s no secret that the crown jewels of hackers are credit card numbers, bank account numbers, retail account numbers, passwords, birth dates, addresses and social security numbers, yet it is still surprising how many individuals pass out this information to anyone like it were free cheese samples. Keep this information protected at all times and never freely share it with anyone- either online, over the phone, or in person. Often times though, websites or organizations you are affiliated with might ask you to verify this information, and you will have to use your good instincts. If your conversation is with a legitimate account you have worked with in the past, they should have this information already. If you can pass on providing this information again, avoid doing so, otherwise, challenge them, and ensure first that the person you are verifying this information with is a trusted employee of the organization you called, and/or that the website is secured with “https” and is a legitimate website of the organization. Often times though when challenged, an organization may ask for a PIN number instead to validate whether you are the right person.
Superhero Power Punch #2:
- Never give out this information freely to someone who has cold-called you or sent an email to you, as this could be an attempt to steal your information. Legitimate organizations will not cold-call you and ask you for this information over the phone. They may ask you only if you called them directly, in order to verify if it is you. Hackers are using this trick all the time to prey on the elderly by calling them and pretending to be something that they are not. Never give out any information to someone who has called you directly no matter how legitimate it sounds.
- Protect your personal information at all times. Be very meticulous with whom you share your account numbers, social security number, password, birth date, and address by checking and verifying with whom you are talking to. Challenge those who ask you for this information, and if a PIN number is acceptable for verification, go that route instead.
- Carrying a hardware encrypted flash drive containing your personal information is ideal for this purpose. Your files are password protected, preventing any unauthorized access to your files, even if you lose it (have a secure backup somewhere else just in case). Kanguru has a number of flexible options in the Kanguru Defender® Family of hardware encrypted drives.
- Keep personal tabs on where your personal information might be, and be watchful. It’s unfortunate, but in today’s hacker-hungry society, it is important that we are conscientious wardens of where our own personal information is stored. Your doctor’s office, last hospital visit, banks, mortgage lender, tax preparer, employer, cable company, government, registry, utilities, credit cards and favorite retailers all keep personal information on you. If you notice a security breach, a move, an office/store closing, or even a death, be proactive and ensure that your data is protected. Watch your online accounts, and bank statements carefully and often for any suspicious activity. Report it immediately if you see activity that you are not familiar with.
- Never give out personal information to someone that sent you an email or cold-called you. This could be a malicious attempt to steal your data. If you must, hang up, and call the organization back with a phone number you already have in your own directory or from the official website. Verify that the phone number you are calling, or the website you are visiting is legitimate, secure, and trusted. This simple procedure can help you be in control of your data.
Evil Trick #3: Your Trash Is Their Treasure
We throw away tons of paper each day with account numbers, passwords, social security numbers, birth dates, addresses and even scribbled passwords on them. Hackers know this and will stop at nothing to get this information. Dumpster diving, trash-picking, and even dump-sifting is a real problem.
It’s not just paper though, individuals get a new iPhone and throw the old one away, or they buy a new computer and toss out the old one without a thought. Even worse, people sell it or give it away without wiping their personal information off of the devices.
With technology changing almost daily, a device used to store data yesterday can be quite different from the device used to store data today, and even more different than the device we will use for tomorrow- leading to forgotten devices, lost devices, thrown away devices and even stolen devices. Kanguru provides encrypted flash drives and hard drives that not only encrypt your personal data today, but keep it encrypted for the future. If you forget your device, lose it, or it gets stolen, a password-protected device is the perfect solution for protecting your data not just for today, but for all time.
Superhero Power Punch #3:
- After you pay your bills, shred them, or store them in a safe place until you can shred them.
- Be meticulous with the information you throw away or recycle. If it contains any personal information, shred it first- Better to be safe than sorry.
- Be mindful of old CDs, DVDs, floppy disks, videotapes, cassettes, hard drives, computers, mobile phones, and flash drives. Do not throw them away without ensuring that your data has been verifiably wiped. Then destroy them. Never leave even as much as an old floppy disk or zip drive available to be found and rummaged through. If your organization has a lot of hard drives that you want to wipe clean of sensitive data, Kanguru Duplicators have secure wiping functions that will permanently delete personal data. This is especially ideal for meeting the new GDPR requirements - (right to be forgotten).
- Store sensitive data on password-protected devices. Protect data on Kanguru hardware encrypted flash drives and hard drives.
Evil Trick #4: Phishing Your Online Profiles (FaceBook, Linkedin, Instagram, etc.)
Another evil trick that villainous hackers will use is to study public online profiles for juicy information they can use to get access to other things in the future. If your Facebook profile is not private, and contains personal information about you, hackers can use this information to gain knowledge about you, and use it to access other things. Your posted email address can be used to drive Evil Trick #1. Profile photos could be used to create fake profiles that could lead to disastrous results and identity theft.
Facebook is always trying to get me to confirm specific personal information like “where I went to school”, “where I live”, etc. It even wants me to confirm that certain people are family like an Aunt or Uncle in my account. This may seem innocent enough, but any hacker who searches this information would see personal data, which might often be used as security questions for personal accounts.
Facebook has also recently been under scrutiny in the news for allegedly selling personal information. Whether it is true or not, why provide more detailed information to something that is only going to use it to advertise to you?
Facebook is also notorious for obscure surveys, and cute cat videos. Though they may seem harmless, fun and adorable, they could be evil ticking bombs placed by villains, and clicking on them could expose you to harmful scams, viruses and phishing. Hackers could use them to gather intuitive information about you to ascertain account information, or even help guess passwords. For example, if a survey reveals that your favorite color is red and you love fast cars, chances are good that you might have a souped up car in your garage, take risks, and have a password with “racer” in it.
Superhero Power Punch #4:
- Keep and maintain strong privacy settings on your online social media accounts. Check that your settings are private, and only share information that you are comfortable with.
- Don’t allow social media accounts to confirm your personal information. Why do they need to know? There is enough information already searchable on Google without providing even more juicy data for hackers.
- Never post personal information that you do not want the world to see. Stay away from providing more details than you have to.
- Be meticulous with what you click on. Stay away from online surveys and clicking on suggested videos or advertisements.
- Stay away from a new profile that wants to connect with you from a friend or colleague you are already connected with. This could be a sure sign that someone has hacked that person’s profile, and is trying to connect with you.
Evil Trick #5: Compromising Your Passwords
Strong passwords are great for protecting personal data and accounts, but far too many individuals are careless with them. Lazy passwords are a villain’s specialty. If your password is “password1” or “Me123”, you might as well hand over the keys and pull out the welcome mat for hackers for full access to your accounts.
Sending passwords online through email or instant messaging communications is another way to open the door to hackers. If you email passwords, or send them through instant messaging, you may have just provided a hacker with the very keys they are looking for. Never assume these communications are secure.
Since the average person has over 25 different accounts, it’s often surprising how many individuals store passwords under unprotected means. This could be a non-password protected spreadsheet or Word document, a careless piece of paper at your desk, or a post-it note on your computer screen.
Also, if you click on the box in the login window that says “Remember me”, you are providing every person behind you an open door to access your account if they can get onto your computer.
Superhero Power Punch #5:
- Always protect your passwords. Never send passwords over online email or instant messaging communications. If you must provide a password to someone for a shared account for some particular reason, it’s best to deliver it orally, and as privately as possible. Don’t forget to ensure that they will protect the password as well.
- Never store your passwords by unprotected means. If you have your passwords on a spreadsheet, make sure that spreadsheet is password protected with a good password you will never forget. You can also carry an encrypted flash drive which would require a password to access all of your files. Kanguru Defender Elite30 is perfect for this.
- Do not store passwords on a paper or post-it note near your computer.
- Change your passwords often. This helps you keep one step ahead of any hackers who may be following you.
- Never click the box in the password login window of your online accounts that says “remember me”. Although it makes it convenient, you are allowing the computer to save your password, which gives anyone full access if they are able to get onto your computer. Typing in your password each time only takes a few seconds, and can help you remember your password better anyway.
- Don’t be lazy. Make your password something difficult to hack. If you have trouble remembering passwords or coming up with new ones, make up a system that only you can understand- like your favorite exotic foods, family events, or obscure cartoon characters with number/letter schemes mixed in that no one would ever know.
Evil Trick #6: Eavesdropping On Publicly-Accessible WiFi
We’ve all used them, but hotel, restaurant, and transportation public wi-fi network access is dangerous and should be avoided if possible. Although eavesdropping goes all the way back to the old days of telephone operators, hackers snooping on today’s online activities could be far more destructive.
Superhero Power Punch #6:
- Try to avoid using publicly-accessible WiFi networks if possible. At the very least, do not conduct financial transactions, credit card transactions, or provide personal information over these networks.
- If you must use public WiFi, check first to ensure that the network you are selecting is the legitimate one, by asking the front desk or receptionist what the correct setting is. Don’t select any settings that are similar which could be used by hackers as a trick to make you think you’ve accessed the service.
Evil Trick #7: Sending Fake Apps and Bogus Software Updates
It’s sad, but hackers may try to use opportunities where we usually trust the expertise of others, to hack and destroy. Downloading apps on your iphone, or making software updates are no exception.
Superhero Power Punch #7:
- Before you trust those updates, it’s always best to check the original secure website first for more information. If there are ways to verify that the update is real, follow your instincts. If you don’t trust it, hold off.
- Be aware that if you download an app, it most likely will gather information from you or gain access in one way or another. Be aware of dangers, understand what you are about to download, and always read the fine print.
Evil Trick #8: Decoy Links to Fake Websites
The internet is constantly changing to make transactions more secure with browser updates and security, and one particular area is the “https” or “Hypertext Transfer Protocol Secure”. Websites that conduct confidential transactions are required to use the HTTPS extension, along with SSL certificates in order to verify the website. This “handshake” between the SSL certificate, the secure domain, and the security of the browser verifies that a website has been vetted and is secure. If you are conducting transactions on a website that does not show the HTTPS extension, you are doing so at great risk.
Superhero Power Punch #8:
- Never conduct any transaction over a website that has “HTTP” or indicates an unsecure connection. Ensure that a secure lock icon shows in the URL, and that the URL begins with the “HTTPS” extension. These are standard browser configurations and are regulated for valid ecommerce.
- Again as in Trick #1, watch for strange hyperlinks that pose as a legitimate hyperlink. Double-check them first by hovering over links (without clicking on them.) The hyperlink on a word should reveal a legitimate hyperlink, like www.yourbank.com. If it looks nothing like the domain, or looks weird, DO NOT click on it. Also watch for links that look official, but aren’t. Links like Amaz0n.com may look legitimate, but a misplaced zero for an “o” could make all the difference in the world.
- If you can type the URL directly into the URL window, do so. It may take longer, but that simple step could protect you from a lifetime of grief.
Evil Trick #9: "The "FREE!” Lure
One of the oldest tricks in the book are goods and services that are offered for “FREE”. When a company or service wants to provide something for free, it is most often to get something in return. If it is a legitimate free offer, they want your business in the future. However, most “free” things nowadays in today’s digital age could potentially download surfing software, spyware, keylogging, or at its worst, load damaging viruses or malware.
On the soft side, advertisers use this technique to provide more targeted services, advertisements, or coupons by enticing you to buy into something free, and in turn you provide them with your name, email, phone number, address, and they can spy on your buying habits.
On the criminal side, free software downloads, apps, and “free offers” can lead you down the path of destruction with a malicious download.
Hackers could even go so far as to try to infiltrate an organization by manipulating a cheap thumb drive’s firmware and hijacking it with malware. Then all they have to do is leave it precariously on a sidewalk or bench outside of an organization, and curiosity takes over. An employee, a student, or a staff member will pick it up, bring the rogue thumb drive inside and plug it in to see what’s on it. Voilà, the organization’s network is compromised.
Superhero Power Punch #9:
- Be very cautious with free stuff. Do not give away personal information to “win a prize”.
- Do not be immediately enticed by free offers. Test them first, check for legitimacy and ensure that your personal data will not be compromised, or you will be taken advantage of.
- Do not be enticed to plug in just any cheap thumb drive - even if it’s just to find the owner. For organizations that have real concerns about a “badUSB” attack or malware, Kanguru Defender hardware encrypted drives contain digitally-signed, RSA-2048 secure firmware that protects from firmware-tampering, and can be whitelisted on a network or infrastructure with Endpoint Security, to fully protect the infrastructure.
Evil Trick #10: Finding The Unlocked Door To Your Data
And finally, storing personal data by unsecured means is by far the easiest way for hackers to steal your information. Storing personal data in the cloud with very little password protection is the first ticking time bomb, and storing it on an un-password protected computer or storage device is another.
Superhero Power Punch #10:
- If you store personal sensitive information, be sure to store it using encrypted password protection. Kanguru Defender hardware encrypted flash drives and hard drives are ideal for data storage protection, and even include on-board anti-virus protection. By encrypting the data, you automatically prevent any unauthorized access to your sensitive data- and not just for today, but for tomorrow, and forever- even it is lost or stolen because only you have the password.
- If your organization is concerned with monitoring the location of particular data on secure flash drives and data storage drives, Kanguru offers Remote Management for secure USB drives. Administrators can use remote management to set security policies, delete or disable lost or stolen drives, report on the location of drives, and even schedule password changes.
For more information on securing your data, or if you have any questions on becoming a superhero by customizing a security solution for your organization, feel free to contact the Kanguru Sales Team at 1-888-KANGURU (1-888-526-4878) or email us at firstname.lastname@example.org.
Kanguru is a global leader in manufacturing high-security storage products, providing the best in FIPS 140-2 and Common Criteria Certified, hardware encrypted, Defender® secure USB drives and fully-integrated remote management security applications. Kanguru also manufactures duplicators for Blu-Ray, DVD, Hard Drives, SSDs and more, along with high-speed flash drives, optical drives, and solid state drives. For more information on Kanguru, please visit www.kanguru.com.