Sports

Information Security Tips Series
How Social Engineering can destroy digital life

0 Photo

Imagine your smartphone has suddenly broken down. You plugged it back but found it rebooted to the setup screen. You attempted to restore from the Cloud service provider but found you no longer could logon your account of the Cloud service provider, and later you found you could not access your email account as well. To make matters worse, your Twitter account was spreading hatred and racist messages, and your mobile devices, including the notebook computer, were remotely wiped. Everything, including the precious photos and memorial pictures, was gone.

This is not a story but a true case. What actually happened?

It was found out later that the hacker was not targeted on the victim but the email accounts of the victim only. Destruction of the victim's digital life is just a step towards capturing the accounts.

How the hacking was done?

The hacker found the email address of the victim from his website and got the victim's billing address in the Internet as well. The hacker then used the information to make calls to various random online stores (like Bestbuy or Walmart), impersonating the victim. With social engineering techniques, the hacker eventually found that the victim had an account in one of them and added a new email address to victim's profile. The hacker sent an email requesting password reset. Using the new password, the hacker then accessed the victim's profile of the online store and identified other personal identifiers. Afterwards, the hacker called the technical support of the Cloud service provider and got control of the victim's account and email account by supplying the victim's billing address and other personal identifiers just obtained. The hacker could wipe devices of the victim. Similarly, the hacker could take control of the victim's other accounts.

Simply exposing a billing address, email address and account could cause a disaster.

There are many things we can do to reduce the damage:

1.	Always backup your files. If you are using online backup services, you should consider using a separate hard drive to perform one more backup.
2.	Think twice before sharing your personal information at social media sites or on Internet. If you have to share them, spend some time to customise which friends have access to them and remove them immediately if the information is no longer required.
3.	Consider using two-factor authentication for important online services if provided. If two-factor authentication has been set up, the hacker would not be able to view any part of the victim's account, and the whole hacking may not happen.

Spend some time on security and you will have your digital life saved.

<<Back to Features>> <<Back to Top>>