6 Deadly Digital Vices That’ll Get You Hacked
Since the beginning of time,” a wise sage once told me at a Vietnamese pool hall as he slapped the eight ball into the corner pocket and collected his dongs, “there’s been two types of organisms. The suckers and the sucker [expletive deleted]s.”
In 1849, Samuel Williams, the first suckee to take the label “confidence man,” snatched more watches over his years than he could count. And all he had to do was ask one simple question: “Have you the confidence in me to trust me with your watch until tomorrow?” Not wanting to offend this new charismatic friend, the strangers obliged — and, of course, never saw the man again.
And every suckee worth his salt has read, “Yellow Kid” Weil: The Autobiography of America’s Master Swindler — an incoherent, but incredibly entertaining, collection of the greatest con man in history’s greatest cons.
So innovative was the Yellow Kid, many of his more mild cons are now modern business practices (like giving away high-priced premiums to sell commodity goods or by “discounting” shiny, flashy and crappy goods so much, they look like an absolute steal).
His more elaborate scams, though — some of which included huge casts of people and elaborate sets — are what made him a legend in the wild world of conning.
No matter how much things change, some things never do. Conning is the world’s second oldest profession. And just like the first, we don’t see it going away anytime soon.
Indeed, the game is nothing new. Today, though, with modern technology, the con game is now borderless, frictionless and can happen at the speed of light. Today, in fact, you can be conned from the comfort of your own home.
Social engineers, today’s digital Yellow Kids, are the real ones to fear. Rather than relying solely on fancy hacking toys, they are adepts at exploiting human psychology, too.
They might trick you into leaving a door open. They might weasel you into visiting a fake web page and plugging in your login information. They might rope you into downloading a document with rabid code. They might insert a USB into your computer (or trick you into putting it in yourself) which gives them access to absolutely everything.
Social engineers are crafty creatures. By the time they decide to approach you, they’ll know more about you than some of your closest friends.
They’ll know much of your Internet history. They’ll know your baseline emotional state. They’ll know what drives you. They’ll know what keeps you up at night. They’ll likely know where you live. Maybe even where you sleep. They’ll likely know how you generally feel about your job, your wife, your car… your life. They’ll know. And they’ll use it against you. Which is why it behooves you to not fall prey to the seven deadly digital vices that’ll, if you’re not careful, get you hacked.
Vice #1: Thoughtlessness
Sarah Palin, you might recall, was hacked by a social engineer who simply guessed her password reminder question. The hacker simply googled the question and… blammo… he was in. (And then, soon after, he was in prison.)
Another social engineer, Christopher Chaney, hacked the email accounts of about 50 celebrities. One of which was Scarlett Johansson, whom he posted nude photos of on the Internet. (He also got 10 years in prison.)
There’s a lesson here…Takeaway: Make sure your security answers are something you wouldn’t post casually on Facebook or can’t be found through a quick Google search. Please.
Vice #2: Apathy
Last November, agents at San Francisco’s Municipal Transportation Authority were met with a message locked on their screens: “You Hacked, ALL Data Encrypted” The attackers demanded 100 bitcoins — about $73,000 at the time — before they would release the code which ran their payment system.
Fortunately for the Muni, they had all of their systems properly backed up. Rather than paying the ransom, they just let San Franciscoans ride for free for the day until the systems were up and running. “We never considered paying the ransom,” agency spokesman Paul Rose told USA Today. “We have an IT team on staff who can fully restore all systems.”
But not everyone has been so lucky. A hotel in Austria was forced to pony up a bitcoin fee when hackers broke into their electronic key system and locked all of the doors — keeping some guests out and trapping others in their rooms. (Fortunately for the hotel, the hackers only wanted $1,600.)
Ransomware, where hackers capture and encrypt all of their victim’s files and code, is on the rise. Once the hacker has control of the data, he or she demands a ransom in bitcoin, usually starting at around $500. The more the victim waits, the higher the price goes.
Takeaways: Small to medium-sized businesses account for 41% of these attacks. And most of them happen because an employee downloads an attachment or clicks a link that wasn’t safe, normally via email.
1.] Backup your files regularly and test your restore functions at least once a month.
2.] Always be wary about emails from people you don’t know. First, check the sender’s address. Check it closely. Social engineers work hard to make their email addresses look legit. Be diligent.
Second, don’t download attachments from email addresses you aren’t familiar with. If you do download any attachments, run them through an antivirus before opening. Third, don’t click links. If the email is sending you to a website to log in, opt to type it in yourself. Social engineers can make elaborate websites which look like your bank website, Facebook, Gmail… don’t underestimate them.
Vice #3: Gullibility
In 2017, a man walked into an ABN Amro bank in Belgium and walked out with safety deposit boxes full of diamonds and other gems weighing up to 120,000 carats. Here’s the crazy part…He came in during regular business hours and walked casually out with about $27 million worth of jewels. And he didn’t use a lick of technology.
“He used one weapon — and that is his charm — to gain confidence,” Philip Claes, spokesman for the Diamond High Council, told the Independent. “He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were. “You can have all the safety and security you want,” said Claes “but if someone uses their charm to mislead people it won’t help.”
Takeaways: If someone is revealing too much about themselves too early, this is a red flag. If they are showering you with gifts for no reason, beware. If he or she is being overly flirty out of the blue and out of proper context — they might be trying to manipulate you. Don’t fall prey to the charmer. Trust people, sure. But don’t trust them with information you wouldn’t give out publicly.
Vice #4: Curiosity
Whoever has refuted that curiosity doesn’t kill has clearly never heard of the USB Killer. This little bad boy is programmed to blast a load of volts to the USB plug with negative voltage. This type of blast would definitely kill your computer — and potentially even seriously harm you, too.
Tarandeep Singh of Geeknizer explains how it works: “Put simply, the bits inside the USB drive draws max amount of current from the port to charges the battery (capactor) inside. When a certain level of potential is reached, it returns the power to the source, i.e. your USB controller on your PC’s motherboard.
The amount of power returned overloads the circuits, blowing it into smoke. In worst cases, it can blow up the motherboard with loud flames hurting the user.”
The USB Killer is only one type of USB hacks social engineers use. Hackers can put anything they want on USBs and the moment you plug it into your computer — game over.
Takeaway: Don’t use random USBs you find laying around. Social engineers drop them on busy streets, in airports, in malls, etc., because they know a curious cat is going to come by and wonder if there’s something juicy inside. Moreover, never let anyone you don’t know plug anything into your computer — never.
Vice #5: Vanity
Imagine receiving this email from a friend you haven’t talked to in a while…“Nice drunk picture on Facebook. Real classy. HAHAHA! Where was this taken?”
If you’re anything like me, a shot of anxiety might run through your veins. Oh dear lord. How bad is it? Who has seen this? Where WAS it from?
Obviously, you have to click the link immediately, right?
But what if Facebook asks you to log in? That’s weird. You were already logged in. Something’s fishy about this…Nevermind that. You have some pictures to delete. You put in your details. Boom. You have been hacked!
For the social engineer, social media is like shooting fish in a barrel.
The hacks go from simple to sophisticated, depending on the patience of the hacker. Those playing the long game might create a fake LinkedIn account as a respectable figure, maybe someone you admire. Then he’ll strike up a conversation. Flatter you a bit. Slowly, over time, he’ll pull all the information he needs about you or your company as you gladly tap away, believing you’re speaking to your hero. The most common hacks social engineers use play on your vanity. Why? Because it works.
Takeaway: Always double-check to see if someone online is who they say they are. Contact them on another platform to see. If there’s no response, ask them why they haven’t responded/friended/added you yet. Also, always log into your social media accounts manually. Always check email addresses to see if they match up perfectly with those you have on file. When in doubt, trust your instincts.
Vice $666: Greed
“A public treasurer in the Michigan county of Alcona,” reads a 2007 article in The Register, “stands accused of embezzling taxpayers out of more than $1.2m, at least part of which was used to cover costs he incurred falling for a Nigerian banking fraud".
“Thomas Katona, the former Treasurer of Alcona County, was charged with nine felonies. According to the Michigan Attorney General’s office, the 56-year-old beancounter, who held his post for 13 years, also plowed $72,000 of his own money into the fraud.” You probably remember when the Nigerian email scam was all the rage. {Ed Mezvinski was the alleged originator - ED}
The best story of this era was when the Massachusetts psychotherapist — a man who studies irrational desires for a living — fell hook, line and sinker for the Nigerian scam immediately. (The New Yorker unravels the yarn here.) Thing is, people are still falling for the same trick.
Yet new versions of this old advance-fee scam (which dates back to the 18th century) are being tried and tested. And they’ll never go away. Which is why you should stay vigilant.
Takeaway: The promise of a “sure thing”… the allure of easy money… it can do strange things to people’s brains.
Always do your due diligence. Never feel pressured to jump into something when you don’t have all the details. Patience, when it comes to dealing with money, is always a virtue.
Remember what my pool hall sage said: “Since the beginning of time, there’s been two types of organisms.”
Indeed. And if it sounds too good to be true, beware. You might be about to get sucker [expletive deleted].