Three Common Hacking Methods and How to Spot Them
Hackers aren’t lone criminals camped out in basements; they’re massive, well-funded, and well-organized groups. Over the last decade, hackers—also referred to as threat actors—have become increasingly opportunistic. They don’t necessarily have you in their crosshairs; they’re after opportunities, and unfortunately, your employees might be one of them.
Heads Up: Your Employees Are Your Most Vulnerable Asset
There’s no shame in admitting your employees are the weakest link in your cybersecurity chain. Cybercriminals often exploit human error, emotions, and naivete to gain access to your systems. It’s a good first step to accept human behavior has its weaknesses, so the best thing we can do is educate each other about how not to fall victim to classic hacking attempts.
So… How Does It Actually Happen?
Here’s a quick introduction to the most common hacking events businesses may encounter, how to spot them, and what actions you can take now to protect your data.
1. Phishing Emails
Phishing emails are among the most prevalent methods hackers use to target employees. These bogus emails often impersonate trusted entities or individuals, like a boss or coworker, to trick recipients into revealing personal information, login credentials, or clicking on malicious links. Often, these emails look 100% legitimate and show up in the form of a PDF, UPS or FedEx tracking number, bank letter, or bank notification—material we see all the time.
Don’t Take the Bait! Here’s How to Spot Them:
- Check the sender’s email address carefully. Does it match the name of the real website? (Or is “Amazon” actually spelled “Anazon”?)
- Look for unusual language and overly urgent requests.
- Hover your cursor (don’t click!) over any links without clicking to preview the destination URL. Ensure it matches the expected website. Here’s an example of a fraudulent site linked within an email:
Source: UPenn Law
What to Do:
- Do not click on any suspicious links or download unknown attachments. It’s not worth it!
- It’s okay not to trust an email. Verify the information in a different and trusted method (for example, call the person you think is involved with the email and confirm with them).
- If you’re not sure what to do, report it to your IT department or security team, or just call Stratti.
Pop-ups often appear while you or your employees are browsing the internet, masquerading as legitimate notifications or warnings. These can lead to malware infections or attempts to obtain personal information.
How to Spot Them:
- Be skeptical of pop-ups claiming your system is infected (like the one below) or you’ve won a prize, especially if they seem too good to be true.
- Never provide personal or financial information in response to a pop-up.
What to Do:
- Close the pop-up immediately using the “X” button or by right-clicking the browser icon and selecting “Close Window.”
- Avoid clicking on any links or buttons within the pop-up.
- Ensure your browser’s pop-up blocker is enabled to reduce the risk of encountering such pop-ups.
3. Facebook Scams
Social media platforms like Facebook and Instagram are not immune to cyber threats. Hackers often exploit the trust and connections within your network to spread malware and steal personal information.
How to Spot Them:
- Be cautious of unsolicited messages from unknown profiles and from profiles with pictures and sign-offs that look sensationalized, like this one:
- Check the content of posts and messages for sensational claims or requests for personal information.
- Watch out for shortened URLs or links in posts or messages.
What to Do:
- Don’t accept friend requests from people you don’t know personally.
- Report suspicious profiles or content to Facebook’s security team.
- Do not click on links or engage with unsolicited messages. Block the sender instead.
By staying vigilant and educating your employees about the various forms of cyber threats, you can significantly reduce the risk of their falling victim to hacking events.
Not sure how to get started? Give Stratti a call for a free 15-minute assessment.