Page 23 - Leisure Living Magazine Spring 2017
P. 23
What Can Be Done About Hacking?
“Law You Can Use” Courtesy of the Ohio State Bar Association
Q: What forms of hacking should concern me?
A: Phishing scams, password hacking and social engineering are most commonly used to gain illegal access to your personal information.
Phishing scams attempts to steal your identity. Usually, the scammer uses fraudulent e-mail messages, appearing to come from legitimate businesses (e.g., eBay, PayPal or Best Buy), that may fool you into divulging account numbers, passwords, credit card numbers and Social Security numbers.
For example, in 2003, many eBay Inc. customers received e-mail notifications that their accounts had been compromised and were being restricted. The message included a hyperlink to an “eBay web page” where customers could re-register. Customers were told to provide credit card data, ATM personal identification numbers, Social Security numbers, dates of birth and their mothers’ maiden names. However, eBay hadn’t sent the original e-mail, and the web page didn’t belong to eBay.
One password-hacking technique involves repeatedly guessing a password based on knowledge of certain limited data sets about you. In 2016, Facebook CEO Mark Zuckerberg had a number of his accounts hacked. Because he’d used the same, overly simple, password (“dadada,” referring to his new child) for multiple accounts, the hackers accessed many accounts with one correct guess.
Another technique employs software that repeatedly churns out various word/number combinations in an attempt to crack your password. To address this, many sites now limit the number of password attempts that can be made. Failure to gain access after a few attempts locks you—and any other unauthorized persons—out of your account.
www.LeisureLivingMagazine.com
LeisureLiving Spring 2017 | 23
are
Social engineering involves use of the phone or impersonation to manipulate individuals into performing actions or divulging confidential information. For example, a hacker may use an office building’s lobby phone to get passwords by claiming to be performing a backup or security scan of an employee’s computer. The employee, seeing the familiar number, is fooled by the criminal’s false identity and gives the criminal access to the company’s network.
Or, you may receive a call, purportedly from “your bank.” By verifying your name, date-of- birth, and Social Security number to the caller, you’ve already provided most of the information a criminal needs to harm your identity.
Q: How can I protect myself from these hacking methods?
A: To avoid a phishing scam, remember that legitimate businesses will NEVER ask you to send personal information via e-mail. If verification is needed, a link will send you to the business’s website, and you will be asked to answer a series of questions to verify your identity. Before clicking on a website link, however, review the URL carefully. If you question its legitimacy, call the company!
Protect yourself from password hacking by choosing a password that is eight digits or
Continued on page 24
