Social Hacking and Protecting Your Information

What could you afford to lose?

Access to your bank account? Your PayPal account? Your E*Trade portfolio? Your Picasa photos? Maybe your personal email account?

Probably none of them. But hacking technology is becoming increasingly sophisticated, with Arbor Networks reporting record highs in bandwidth for Distributed Denial of Service (DDoS) attacks that target and cripple websites. Cybercrime has gone well beyond lone hackers developing programs just for kicks–those programs are being used by organized crime to steal from unsuspecting internet users, and the losses have been in the billions.

These mounting attacks occur in an era when accounts are increasingly linked, making them more susceptible to bombardment. Having linked accounts makes the average internet user vulnerable to a technique called social hacking, which starts with low-risk accounts by approximating answers to security questions, and then uses the information in that account to hack into other accounts. If your Hulu account is hacked, a hacker can view your email address and the last four digits of your credit card number, which he may use to reset your Apple account. The more accounts a social hacker gains access to, the more vulnerable your information becomes.

These attacks are especially insidious because they prey on people’s honesty for their security questions when the answers to some security questions are searchable online.

Where were you born?

Chances are, you might be able to find yourself on Spokeo or WhitePages. In which case, someone who’s looking for you could too.

What was the make and model of your first car?

Do you have any photos of it posted to a public account? Are your social media sites set to private, or can any site member view your information? This is much less common information to find online, but it’s still possible. Same as your best friend’s name, the name of your elementary school, and so on.  Social hacking survives on using any discernible information it can get to gain access via these biographical gateways, making it another method of identity theft.

The simple answer, aside from having long, robust, and complex passwords, is to take similar measures for your security questions. If the name of your first pet was “Mittens,” substitute a nonsensical answer that you’ll remember. Maybe it’s not as nostalgic remembering your first cat “Former President Rutherford B. Hayes,” but it’s almost certain to frustrate the efforts of social hackers.

Here’s a list of tips to ensure maximum online security:

  • Use long, alphanumeric passwords, at least 16 characters with special punctuation.
  • Don’t use the same password for more than one account.
  • Don’t use biographical information when answering security questions.
  • Be very wary of unsolicited emails. Make sure that the site has an “https” to begin the URL or your browser has a lock icon.
  • Be proactive. You can ask Spokeo and WhitePages to have your information removed to protect your privacy.
  •  Compartmentalize your accounts as much as possible. If you can effectively use one email account for your financial information that is separate from your personal email account, do so. It sounds painstaking, but it can help contain damage if your personal account is hacked.
  • Use offline storage to backup your personal files. If a hacker gains access to your account, your personal documents, photos, etc. are almost certainly gone forever unless you’ve made copies to a hard drive. We recommend using an external hard drive for the worst-case scenario of a hacker gaining control of your device.

Hackers are an unfortunate and unpredictable part of the internet experience, but being vigilant against likely threats is the only action any of us can truly take.