Five cybersecurity and hacking questions you need to know the answer to
Want to reduce your risks of being hacked of falling for a scam? You need to know the answers to these five cybersecurity and hacking questions.
Did you know that, on average, 1.4 billion social media accounts are hacked every month? 98% of cyberattacks rely on some form of social engineering (ie. tricking and manipulating people) to compromise their target, meaning sometimes it’s hard to know if you’ve even been involved in a scam¹.
To find out more, the experts at Independent Advisor VPN collaborated with Dr Phil Legg, professor at the University of West England and cybersecurity expert at Independent Advisor, to provide answers to five common cybersecurity and hacking questions and give tips on how to stay secure online.
What is the hardest type of scam to spot?
Spear-phishing campaigns are becoming more and more sophisticated. They require time and effort to build a convincing case for somebody to interact. Again, this does also come down to the level of perceived risk – most people are not going to be the target of a spear-phishing attack, since an attacker can make much more money going to high profile targets than an everyday user.
Information: Spear-phishing is similar to phishing, but the attacks prioritise quality over quantity. Spear-phishing emails, texts or phone calls are highly personalised for a specific organisation or individual. They are more likely to deceive potential victims due to the amount of time and research spent personalising messages that appear to be from legitimate senders.
What are the tricks and techniques scammers are using more of that you think are the most clever?
AI will become a major part of how the volume of attacks are conducted in the future, be it brute force password attacks or phishing campaign emails. The ability to generate sheer volume of content will mean that it will become harder to identify legitimate content in time, as AI generation improves over time.
Are there any ‘bad habits’ people have on social media that could be revealing sensitive information to hackers?
Historically, people would over-share information such as pet’s name or school names, that could relate to weak passwords.
Oversharing of information can still remain a problem – for example, hackers targeting an organisation may make use of LinkedIn profiles, and use information about you against your organisation. I would often take the view that if you would not be comfortable saying something out aloud in person (say in a busy pub), then do not say it online – you do not know who may be reading/listening.
If you were a hacker, what’s the first thing you look for on a social media account?
Most cyber criminals are not targeting individuals, they are targeting organisations. It is important to realise that cyber criminality is an ever-increasing business model, and so it is about the financial incentive in most cases. Therefore, information you provide on LinkedIn about your employer may be used against them.
However, it is also possible that if an organisation is compromised, the employees or customers may be targeted next, since the hackers would have information about them that could help support an attack – always think twice before acting if there are suspicious emails or phone calls that claim to be from an organisation.
What’s one thing you wish more people were aware of when it comes to protecting their identity online?
Use haveibeenpwned.com to check whether your email address appears in recent data breaches. This can help to identify accounts that have weak security, and where credentials should be changed. Some platforms, such as Apple and Dashlane, have now built in this level of monitoring into their own password managers.