Dear Black Bag Confidential Reader,
In 2014, Stephanie Carruthers won the Social Engineering Capture the Flag competition at DEF CON, one of the world’s largest hacking conferences.
Stephanie is known as a “white hat” hacker, meaning she’s an ethical hacker. She is one of the good guys who helps others protect their information by showing them their weaknesses.
Major companies — including Fortune 100 members — will hire Stephanie to conduct different types of phishing campaigns and physical security penetration against their company. She carries out these hacking attempts to show her clients where they need to improve their security to avoid being the victim of a true criminal — or “black hat” — hacker.
Stephanie’s area of expertise is social engineering, which is an increasing area of concern since social media is so popular — and it exposes a huge amount of personal information.
Frankly, there is no better person to share the secrets of hackers than one of them. Here are Stephanie’s top three suggestions to help you stay safe.
Think Before You Post
According to Stephanie, the No. 1 thing you need to remember is the phrase “Think before you post.” I realize this is easier said than done when you’re in a hurry, but you need to consider what information you are sharing about yourself on social media.
Basically, analyze your post from a hacker’s perspective. Look at any pictures you share and examine what’s in the background. Are your house numbers visible? Is the license plate on your car readable? You would be surprised at how many teenage drivers will post a photograph of their new driver’s license, which gives criminals a ton of personal information.
Another common mistake people make on social media is when new homeowners share a picture of the keys to their new home. The problem with that is any criminal with a little bit of skill can duplicate a key based off a picture.
Lie Like a Rug
How many times have you set up an online account and been asked pertinent information such as your birth date or mother’s maiden name? If you’re asked for this information when creating a new account — make it up! Just be sure to make up something you will remember if you ever need to recover your password.
The reason you should lie is because these details are pretty easy to figure out using social media (another reason you should be wary of what you post). Let’s say you post a picture of your mother. From there a hacker would be able to look at your mother’s social media accounts and they could easily find out her maiden name.
Ultimately, you shouldn’t even use your name when you create an account. Instead, use another word you will remember such as “Hawaii” or “peanut.” The fact is a harmless social media post about a family reunion could turn into a big mess if the wrong person sees it and does a little bit of digging.
Go Back to Basics
One of the best things you can do to keep your information safe is use good passwords. Never reuse a password on multiple websites and be sure to regularly change your passwords on ALL of your accounts.
In addition, always enable two-factor authentication for logging into websites. This will require you to use another form of identification — such as entering a code sent to you by text message or email — as well as the password you created.
Another option to consider is using a password manager such as LastPass. This will help you securely store all your different passwords for your online accounts.
Cyberattacks are easy to get away with and difficult to stop, which means they’re only going to increase. The thing is cybercrimes are simply a numbers game. That’s the reason so many hackers are so successful and rarely get caught.
According to this white hat hacker, the most important thing to remember is that these types of crimes aren’t going away anytime soon. The more you can do to secure your online accounts, the better.
If you make it tough for hackers to penetrate your accounts and collect critical information, the more likely they are to move on to another target who isn’t as secure.
Stay safe,
Jason Hanson
