Use a long password with letters, numbers and signs. Do not use your name, nor the date of your birthday. Do not use the same password for everything either. These tips, which are taken as the Holy Grail in the fight against cybercriminals, only defend us in reality against attacks by brute force – making many attempts to start a session – or the most obvious attempts at social engineering.
The social engineering is the technique used by cybercriminals to access our information and login data by exploiting the weakest link in the chain: we, the users. Because when we talk about “hacking” we usually talk about criminals who access the user’s data by means of cheating, not master codes stuck in a terminal to the CSI in two or three seconds.It happened in 2014, with the famous filtering of famous photos. It was ruled out, despite the initial panic, that hackers compromised the Dropbox or iCloud servers. Those affected were those who, without realizing it, provided their email and password to log in. This technique is known as “phishing” and consists of replicating the access form without the user perceiving the trap. And more and more the attempts are made because it is increasingly juicy, for criminals, the information we keep in our emails and social networks.
This Wednesday, a user of Reddit detected an email that came from an account he knew and that linked to a Google Doc. Upon entering, he detected the accounts that he himself uses in the office suite when requesting access to them. In the give permission button, the trap is detected: Google does not ask for it, but an external one used to compromise the email addresses. The tricky thing is that in this way the authentication is skipped in two steps and you can access all the Gmail accounts to continue stealing information and increase your spam network.
Google solved it in just minutes. But what would have happened in a service of a smaller company? Most likely no one would notice until several hours or days later. It is worrisome and the only remedy that exists is prevention.
Set unique and safe passwords help. Using your phone number as a verifier in two steps helps even more. But checking every suspicious email we receive and the permission we give to applications to access our emails and social networks is more important than ever.
Giving permission is not like a sheet of legal terms and conditions that we always tend to ignore. It is important to know what permission is given and why. Each application to which we give permission is another door through which criminals can sneak.
About2ZF77
