The New Tricks Hackers Are Using to Get Information From You

Hackers are like viruses. While a viral strain constantly changes shape to trick immune systems into allowing them to establish ground behind enemy lines, malicious hackers adapt constantly to find the most efficient and conniving way to gain access to private information. Thus, it is important to stay knowledgeable about new information risks, so that you can detect and mitigate them.  

Most people who spend time around computers and mobile devices are now familiar with the concept of phishing. Hackers know this and recognize that they need to get smarter in order to trick you into clicking on links that give them access to your information. In this article, you will learn about four techniques hackers are using today to compromise your security, and tips for recognizing and avoiding these attempts. 

The first new risk is called Smishing, when hackers use SMS messaging, including but not limited to iMessage, Slack, WhatsApp, and Skype to send you fake messages encouraging you to share information. 

How to recognize Smishing:

  • The sender is rushing you into making a decision.

  • The message asks for personal information that the sender likely doesn’t need access to.

  • The message sounds too good to be true.

  • The wording doesn’t sound like the person who is allegedly sending the message to you. 

How to avoid being a Smishing victim: 

  • Take a moment to calm down and think before responding to messages. 

  • If you get an alarming message from an official organization, contact them directly to determine the message’s validity. Most government agencies would never contact you via text, anyway. 

  • Be aware of messages that combine email and SMS attacks.

The second technique that has recently resurged is called Bait and Switch. Hackers purchase pay-per-click advertising links through Google’s advertising platform (previously DoubleClick, now called Google Ads) and disguise them as ads for actual well known brands, but the links, when clicked, actually redirect the user to a malicious page. This method is particularly effective because hackers can achieve incredibly high exposure of these pages if their link climbs into Google’s top results. 

How to recognize bait and switch:

  • Check to see that the link Google provides above the hyperlinked headline text matches what you think you’re clicking on. For example, if the blue text says something about a sale at your favorite department store, but the link above says something about bitcoin, you’re likely looking at a Bait and Switch

How to avoid being a Bait and Switch victim: 

  • Be cautious of clicking on ads directly. You can always type the name of the brand you want to explore into the text bar and execute a search to ensure that you’re visiting the verified site. Advertising links on Google are marked with the word “Ad” in the top left, so when you see this mark, be on high alert and check carefully before clicking. 

A third technique hackers employ today to steal your data is called Cookie Theft. Though the name sounds innocent and might conjure up memories of mischievous childhood deeds, cookie theft is no laughing matter. By mimicking cookies pulled from unprotected networks, hackers can impersonate a user on that same network, allowing them to obtain passwords, make posts under the user’s name, pull money from bank accounts, and obtain access to other highly sensitive information!

How to recognize cookie theft: 

Cookie theft is incredibly dangerous because it’s hard to recognize. Monitor social media accounts for posts you did not make, and keep an eye out for any suspicious activity in financial accounts.  Where offered, set your financial accounts to alert you of any transactions over a dollar threshold or any online transactions.

How to avoid being a Cookie Theft victim:

  • Use private WiFi networks and don’t share information with other devices on a network. 

  • Disable cookies when possible. 

  • Ensure the website you’re using is following “https” protocol; this can be verified by clicking the link in the browser search bar and seeing if an https tag appears at the beginning of the search. If not, do not log in or conduct business on the site. 

The fourth and final technique is another new hacking method that is based in LinkedIn -- we’ll call it Hackworking. Cybercriminals will look for signs on social media accounts or simply by exploring profiles on LinkedIn to determine a person’s employer and their role, and then create a fake LinkedIn profile that resembles what a co-worker’s profile might look like. Next, the hackers send the target a message from the fake profile with a malicious link. When the unsuspecting user clicks the link, trusting it to be a valid source sent from someone at their company, their device becomes infected. 

How to recognize Hackworking: 

  • You receive a LinkedIn message that seems a little off, or isn’t appropriately topical for a work related message. 

  • The message is encouraging urgent action. 

  • When you hover over the link (which you should always do), the address does not match the hyperlinked text. 

How to avoid being a Hackworking victim:

  • Explore the sender’s profile before clicking any links or taking action. Creating a realistic profile page from top to bottom is time consuming and difficult for hackers, so looking for clues that the account might not be valid is the best way to catch Hackworkers in the act. 

  • Send a separate message to someone you know in the company and ask if they can confirm that the sender is actually an employee. 

  • DO NOT connect with people you don’t know on LinkedIn without first carefully verifying their identity and their account. Connecting with complete strangers is risky -- you may want to send a networking email or meet in person before connecting on LinkedIn. 

Remember, the most important thing is trust your intuition and be alert at all times. If something seems off, it’s better not to click or respond, and to report the hacking attempt by emailing [email protected] 

If you think you have fallen for Smishing, Bait and Switch, Cookie Theft, Hackworking, or any other form of cyber-attack, please report it to us immediately.