how to get hacked in 5 easy steps
TRANSCRIPT
Cybercrime Made Easy
The Truth That You Don’t Know
“There are only two kinds of companies in
today’s business world. Those that have
been hacked… and those that don’t know
that they’ve been hacked.”
Is Your Company Next?
How to Get Hacked
In 5 Easy Steps
1. Social engineering
2. Carelessness
3. Spearphishing
4. Malware and virus attacks
5. Poor or non-existent authentication
How to Get Hacked #1
LEAK PLENTY OF INFORMATION• Afraid of the NSA?
– Google, Amazon, Facebook and Instagram know more about you than the NSA ever will
– With this information they can change the email address on your account
• It is being used against you in ways you can’t imagine…
How to Get Hacked #1
WATCH A GENIUS
How to get Hacked
Step #2 - CARELESSNESS• Over 500,000 laptops were lost at airports LAST
YEAR – Encrypt and password-protect them– Attach a business card or engrave them with info– Add authentication to login
• Passwords on sticky notes under the keyboard
• Passwords that can be easily hacked (1 billion/minute)– Send them to HowStrongIsMyPassword.com– Have your IT department require 1 upper/1 lower/1 special
character
From: eBay [email protected]
Subject: Important - eBay Password Reset Required
Date: May 26, 2014 at 4:35 AM
Important - eBay Password Reset Required
IMPORTANT: PASSWORD UPDATE
Dear eBay Member,
To help ensure customers' trust and security on eBay, I am asking all eBay users to
change their passwords.
Here's why: Recently, our company discovered a cyberattack on our corporate
information network. This attack compromised a database containing eBay user
passwords.
What's important for you to know: We have no evidence that your financial
information was accessed or compromised. And your password was encrypted.
What I ask of you:
Go to eBay and change your password. If you changed your password on May 21 or
later, we do not need you to take any additional action at this time.
Changing your password may be inconvenient. I realize that. We are doing
everything we can to protect your data and changing your password is an extra
precautionary step, in addition to the other security measures we have in place.
If you have only visited eBay as a guest user, we do not have a password on file.
If you used the same eBay password on any other site, I encourage you to change
your password on those sites too. And if you are a PayPal user, we have no
evidence that this attack affected your PayPal account or any PayPal financial
information, which is encrypted and stored on a separate secure network.
Here are other steps we are taking:
Oops!
How to Get Hacked Step #3 –
SUCCUMB TO SPEARPHISHING
• An attack that individualizes the come-on
– Cyber criminals are jerks but they aren’t stupid
– Incredibly sophisticated-looking emails
• Never, ever, EVER click on links in an email
• Don’t believe every email – hover over links
From: American Express Statement [email protected]
Subject: Your April 2014 Online Merchant Financial Activity Statement from American Express is now available
Date: May 21, 2014 at 12:06 PM
To: [email protected], [email protected], [email protected]
View Your April 2014 Online Merchant
Financial Activity Statement
Keep track of your account with your latest Online MerchantFinancial Activity Statement from American Express. It's available foryou to view at this secure site. Just click to select how you wouldlike to view your statement:
View/Download as a PDF
View all EStatements
So check out your statement right away, or at your earliestconvenience.
Thank you for managing your account online.Sincerely,
American Express
Please do not respond to this e-mail. If y ou have any questions about this inquiry
message or your American Express
Merchant account, please speak to a Customer Service representati ve at 1-800-
374-2639
View Our Privacy Statement
Add Us to Your Address Book
Unsubscribe
American Express Customer Service Department
P.O. Box 297817 | Ft. Lauderdale, FL 33329-7817
Copyright 2014 American Express Company. All rights reserved.
AGNEUOMS0006001
From: American Express [email protected]
Subject: [Spam] Fraud Alert : Irregular Card Activity
Date: June 24, 2014 at 9:44 AM
Irregular Card Activity
Dear Customer,
We detected irregular card acti vity on your American
Express
Check Card on 24 June, 2014.
As the Primary Contact, you must verify your account
activity before you can
continue using your card, and upon verification, we will
remove any restrictions
placed on your account.
To review your account as soon as possible please.
Please click on the link below to verify your information
with us:
https://www.americanexpress.com/
If you account information is not updated within 24 hours
then your ability
to access your account will be restricted.
We appreciate your prompt attention to this important
matter.
2014 American Express Company. All rights reserved.
AMEX Fraud
Department
From: American Express Customer Service [email protected]
Subject: American Express - Safe Key
Date: June 24, 2014 at 8:48 AM
Amex Logo Safe Key
Create your safe key now
Please create your Personal Security Key. Personal Safe Key (PSK) is
one of several authentication measures we utilize to ensure we are
conducting business with you, and only you, when you contact us for
assistance.
American Express uses 128-bit Secure Sockets Layer (SSL) technology.
This means that when you are on our secured website the data
transferred between American Express and you is encrypted and
cannot be viewed by any other party. The security of your personal
information is of the utmost importance to American Express, please
click here to create your PSK (Personal Safe Key).
Note: You will be redirected to a secure encrypted website.
The contained message may be privileged, confidential and protected
from disclosure. If the reader of this message is not the intended
recipient, or an employee or agent responsible for deli vering this
message to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is
strictly prohibited.
Sincerely,American Express Customer Service
Contact Customer Service | View Our Privacy Statement | Add Us to Your Address BookThis is a customer service e-mail from American Express. Using the spam/junk mail function maynot block servicing messages from being sent to your email account. To learn more about e-mailsecurity or report a suspicious e-mail, please visit us at americanexpress.com/phishing. We kindlyask you not to reply to this e-mail but instead contact us securely via customer service.American Express. All rights reserved.DTWEUSDP1535320
How to Get Hacked Step #4
OPEN THE INTERNAL GATES
• Malware
• Trojans
• Keyloggers
All from downloading an innocent-looking file, cartoon,
video, discount offer or any other way to get you to click a link
How to Get Hacked #5
DON’T BOTHER WITH 2-FACTOR
AUTHENTICATION• ID/password systems just aren’t enough
• Use an additional “factor” of authentication
– Something you have (cell phone, token/key fob)
– Something you know (password, challenge)
TextKey™ is OMNI-Factor
Authentication
• Strongest security solution available
• Easier for users (= more participation)
• Lower cost than other solutions
• Simplified implementation
“Ironclad protection”(Network World Magazine – May, 2013)
TextPower, Inc.
www.TextPower.com
888.818.1808