Best defense against most hackers is still you

It’s easy to picture hackers as computer geniuses — and some are just that — but many of the most successful computer crooks use a tool more powerful than any known technology to separate you from your money.

There’s no software that you can install — no firewalls, no anti-malware programs — that will stop these guys. That’s because they have an insider who does all the heavy lifting when it comes to robbing you. It’s someone you know very well.

It’s you. These hackers use what is called social engineering to break into your computer. But there’s a better name for this. Social engineering is too fancy a phrase for what they do. These are just old-fashioned con men, who trick you into opening the gate to all your personal information and your finances.

Today we’ll talk about how they do that and what you can do to stop them.

There’s trouble on the line

The phone rang and then I heard this: “Mr. Husted, good morning, I’m Alex from Microsoft and we’ve noticed some problems with your computer.”

If you don’t turn off your common sense, you should already know what is going on here. Microsoft — or really any ethical company — doesn’t sit around monitoring every computer in America looking for problems. First, it’s impossible. Second, even if it were possible it would be an enormous undertaking.

So your next move is easy. Just hang up. The guy is a crook and he wants you to help.

These crooks fall into two camps. The best of them — the least harmful — just want to steal a set amount of money from you. They’ll try to sell you a service contract at an inflated price to fix the problem and keep your computer running correctly for the next year. You’re lucky if that’s the offer you get. Turn it down and go on your way.

The most harmful camp wants to get inside your computer to steal all that’s stored there, including banking information. They’ll say that — to fix the computer — they need online access to your computer. So you’re told to install a program, or go to a website, that will let them do that. Imagine that. You literally hand them the keys to your information.

If you hang up at the start of the call you won’t have to worry about which camp the crook falls in. And that’s the thing to do.

I know your mom’s maiden name

Many websites and email services ask you to answer a series of security questions when you establish the account. That’s so that, in case you forget your password, you can successfully answer the questions to prove you are who you say you are and then — even without knowing the password — be allowed to get back into the account.

That sounds like a good way to do things until you spend a moment thinking about it. In many cases it’s easy for anyone — including hackers — to find the answers to those questions and get into the computer themselves. Let’s use me as an example so I can explain. If you cruise the Web skillfully you can find out that my mom’s maiden name was Key, that my high school was Arkadelphia Senior High. So if I truthfully answer those questions when setting up an account I’m making things easier for someone who wants to hijack my log on information.

Here’s what I do, I offer the same nonsense answer to all these questions. Believe me it won’t mess things up. You’ll still correctly set up your account even though the answer doesn’t make sense. So — and please know this is an example and is not the answer I use — for the purpose of those questions my mom’s maiden name is Godzilla. And my high school was Godzilla. That was also the name of my favorite pet.

Even the cleverest hacker won’t be able to guess all that. And there’s a side benefit. It’s easy to remember the answers yourself since you are dealing with the same answer for each question. That way if you are forced to go through that process yourself — if you really do forget your password — it’s easy.

I’ll bet that your own free email account has been breached at one time or another. Or if it hasn’t I’m completely sure that you know someone who got into that fix. Now you know how it happens, how easy it is to do.

Take today’s tips to heart and follow them faithfully. Having a mom named Godzilla isn’t so bad. She worked with computers, so I’m sure she’d approve.

Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.

Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.

X