Most people assume when they get hacked that it's due to high-tech methods. Frances Zelazny, Vice President at BioCatch spoke with TechRepublic's Dan Patterson about how low-tech hacking techniques are not only popular, but still work. The following is an edited transcript of the interview.
Dan Patterson: Can you share a story that you encountered recently about the low-tech methods of hacking to extract pretty sensitive data?
Frances Zelazny: Pretty much on a daily basis, we come across stories of people who are tricked into divulging their passwords or to letting people in. A lot of it has to do with a phone call, or an email, or something that they get, that says you know, "There's a problem in your account. If you would just down TeamViewer of LogMeIn, and this way we can share the screen together, and I'll walk you through process." So that's been the most traditional way that these social-engineering or remote-access attacks has happened.
SEE: Network security policy (Tech Pro Research)
But there's actually a whole thread on Facebook going around, about a guy in the UK who recently encountered a very sophisticated scam, where he gets a text from his bank, saying that it appears that there's a fraudulent transaction, and if he would just respond with a Y, conforming that that transaction was indeed fraud, they would be able to help take care of the problem. So in the process, he's get some other text confirmations from the bank, it was all from the system that is generating, so he recognized the number. In the process, he went to his online bank to check it out, and he saw the fraudulent transactions. But what really happened is, by responding to the SMS, he let the fraudster in.
These things are just getting more and more sophisticated, and we really need to understand all of that, and just go back to basics. All of the breaches are exposing our personal information, so that means phone numbers, mother's maiden names, email addresses, all these things, and the fraudsters are using that information to trick people, and the more information the fraudsters have on you, the more easy it is for them to trick you to believing that they're legitimate.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Orbitz says hacker stole two years' worth of customer data (ZDNet)
- Dark Web: The smart person's guide (TechRepublic)
- Yahoo users can sue over data breaches, judge rules (ZDNet)
- 5 ways to build your company's defense against a data breach before it happens (TechRepublic)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.