Most errors are caused by humans
Source
Yesterday I had a training about cybersecurity and the risks people take online and offline.
like in many of these kind of trainings often breaches are cause by humans at first.
Ransomware
For instance ransomware comes in different files but (almost) always first a user has to click on that file to activate.
So often, when a ransomware attack is happening, human interact caused the incident. So (have been told often) never click on a link or file from which you don't know the origin. If you get a file or mail from someone you know ALWAYS contact that person if they really sended that file or mail to you to be sure it's safe... and even then....
Social Enginering
The instructor gave us some great examples of social enginering and the things you could do with it.
For instance the information people put online, birthdate's , locations and sometimes even their telephonenumbers.
Hackers or troll's use that information to create a profile of that person. For instance whenever you call a bank or a serviceprovider often the company ask's a verification to check if it's the right person who's on the telephone. Often that would be a birthdate or the last three digit's of a bankaccount.
The birthdate is often quiet simple to get, the bankaccount number isn't that hard neither. If someone throws his receipe of a transaction away after they paid in the supermarket you have that numeber too.. (when the person paid with a bankcard).
Social enginering also take place a lot in companies, imagine this scenario:
Hacker calls company: "Hello with Robert, I want to speak with the lady of the financial administration please"
Telephone operator: "Hello sir, which lady do you mean, there are several here"..
Hacker: "eh...yes I spoke to her yesterday, can't recall her name, she had a dark voice"
Telephone operator: 'Ow ok than it has to be Jane Doe"
Hacker: "Yes that's her"...
When the telephone operator want's to put the hacker trough on the line he hangs up the phone.
He now has the name of a woman on the financial administration.
Then when he looks online if he can find something about her, information he could use, he wil save that.
He visit's the company's coorperate website to see if he can find their naming convention for the email, when he does he can quiete wel guess what her email should look like. With that information he then can try to spoof or hack her mailbox. If a hack works he can gather information about financial things of the company, suppliers etc.
In worst case he can then approach clients with fake-bill's and steal money in that way... and remember, the first step was only to find out her name..
While this sounds very overdone, these things are real life examples, that's how simple a hacker is able to get the right information for his actions.
Another example, a famous Dutch presenter was victim of a burglary although no one knew where she lived. Turned out that she always posted her posts on Intagram with geo-location on, on her phone. If you then post a lot of posts with the text "Nice workout @ home" or "Relaxing on the couch @ home".... then yo make it easy to reveal your home isn't it..
So be wise with the informtion you share
- Never use public of free wifi (or with a VPN)
- Avoid sharing personal information as much as possible
- If you have no need for your geo location turn of the option
- Verify always the information someone sends to you and you weren't expecting it.
- Don't click on files you don't trust or have verified..
Stay safe
Have a great day
They are the creators of Steemify, THE notification app for your Steemit account for IOS.
ǝɹǝɥ sɐʍ ɹoʇɐɹnƆ pɐW ǝɥ┴
lol :) Thanks for dropping by :)
Great info. I had to help a client with a ransomware attack one time. It was not fun at all. We had some backups but basically I just had to tell them to start over. Paying the ransom wasn't an option at all. It was just crazy. Always a good idea to be careful.
No, with the ransomware yo have to reinstall everything and hoping that you have a good back-up. A lot of people forget to do it.... Paying isn't of any use because you have to reinstall anyway. Even if they unlock your files, I wouldn't take the risk that they still have a sleeping virus on your machine..
Tell me about it. Do you know what I've been asked to do? Remove all the logs from the app... because they are wasting space.
Next time there's an error report, I'll answer:
Another good bit of advice - keep your software up to date.
I deal with a lot of WordPress blogs and some of them don't auto-update. I keep telling the owners: "Make sure you process all the updates. Here's how to do it..." Every six months I have to go in and fix the viruses and hacks that have come in becuase the plugins weren't updated.
Indeed , wordpress is a really risky application when you don't update it regulary...
Hi, @verhp11!
You just got a 0.67% upvote from SteemPlus!
To get higher upvotes, earn more SteemPlus Points (SPP). On your Steemit wallet, check your SPP balance and click on "How to earn SPP?" to find out all the ways to earn.
If you're not using SteemPlus yet, please check our last posts in here to see the many ways in which SteemPlus can improve your Steem experience on Steemit and Busy.
Hi @verhp11!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 3.357 which ranks you at #7538 across all Steem accounts.
Your rank has not changed in the last three days.
In our last Algorithmic Curation Round, consisting of 199 contributions, your post is ranked at #79.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server