When we think of hacking what comes to mind? Green letters, flashing lights, someone tearing up the keyboard? These days, hacking doesn’t look quite like this anymore. It looks like emails that ask for information, fraudulent websites, and password leaks.  We live our lives online and security is ramping up everywhere–but human error is real and it happens every day. 

Our security is only as good as our most vulnerable touch point, which is us. 

Online privacy is one of the most important things to think about. But while you can load up on privacy software, what we don’t normally notice is the human factor of hacking. When infiltrators use psychological schemes and play on your good nature, it’s called Social Engineering.

Social Engineering is a new phenomenon where shrewd black hats (jargon for bad hackers) leverage one of the biggest weaknesses in our defenses. That weakness in the wall is usually getting us to divulge information without realizing how sensitive it is.

Here are some common ways social engineers worm their way past our defenses.

The most common scam human hackers use are phishing scams. They are links in messages that lead to fake sites mimicking legitimate platforms such as Facebook or YouTube. They are login pages and we are so accustomed to logging on, we’ll just enter our information.  Once you log in, however, you’ve given them your credentials and they can wreak havoc on your online presence. 

How to guard against it:

Two-factor Authentication (2FA) is one way to guard against phishing, but another is using a password manager. Password managers keep all your passwords for you so you can have a different password per account, even the throwaway ones. This way, when the scammers do get ahold of your password, you can limit the damage. 

This one is especially important to teach any older non-digital natives in your life. Install this on their phone and you will avoid having to help them deal with getting their accounts back later. Remember that Facebook is a big part of their social life too!

The next most common scam is baiting. Baiting happens when you get some sort of invitation and they ask you to confirm your identity by answering a few questions. Once the scammers have that personal information, they can answer your security questions for your various online accounts. Another common way to bait unsuspecting social media users is to post those “Star Wars name” or “Stripper Name” memes. You’ll notice those memes always look for your first address, or your pet’s name which are common security questions.

How to guard against it:

Don’t answer questions from places that contact you from unknown numbers. Always double-check and confirm their identity. 

The last common online scam is Pretexting. This is when scammers pretend to be a legitimate party they call you and seem to have your information but they are looking for you to divulge more sensitive information. You should be especially wary if they talk about credit card info, billing information, and anything involving money. 

Pretexting is easily avoided by switching channels to communicate. Ask to switch to email or to continue your conversation via an official app and scammers will let up immediately.

How to guard against it:

Never give your credit card number over the phone–always ask to go through an official channel or app. Triple-check the names of people if you are sending money. And never ever send an OTP to a third party. 

Another scam that might catch someone is Scareware. Scareware comes in popups that warn you about your impending online doom. Disregard these; if you have protective measures in place you shouldn’t have this problem, and your computer will manifest these problems differently. 

People who are not used to logging in and out of various accounts can be victims of Tailgating. This is more of an IRL problem. 

How to guard against it:

Remember to use best practices when it comes to your machine. Lock the screen if you are stepping away from your device, log out of every account when you are finished using a shared computer, and be very very mindful of the networks that you connect to in public places.

Sometimes these scammers will play the long game. They might impersonate a technician or a support person. You could get calls from a “call center” asking you to confirm your info. You could get an impostor trying to connect with you on social media Vigilance is more and more important in our online spheres.

Think before you post. Don’t allow non-friends to see your posts and take your elderly relatives through some of these guidelines–because they need this information as much as you do. 

It’s normal for people to want to follow you especially if you are posting compelling stories, but when you don’t know the people you are adding, you might be adding bad agents. You are giving them a free pass to your life. 

Every time you post a vacation story publicly, you are broadcasting that you are not home. If people are thinking of breaking in, this would be a good time to do so. Better to wait until you return home before posting pictures.

This might seem like second nature to all of us, but we are busy people. We are endlessly creating accounts and using the same passwords and logging in and out of computers. We are using public WiFi and connecting to different networks. But we are only human and, being human, sometimes we skim websites or don’t read the message when it says “OTP”. We have so much screaming for our attention that we become the weakest link in our own security. 

Time to step it up!