September 2016

Protecting Your Personal Information Online

The Threat

Identity theft and credit card fraud have reached epidemic proportions. You can scarcely go a day without reading a newspaper story about a major company losing thousands of customer records. Hackers use a variety of methods in order to compromise and steal your information. Learn about some common hacking techniques and how to protect yourself.


Hacking Techniques

Hacking takes patience, know-how, and an understanding of how websites and browsers work. Hackers can choose from several types of attacks when they plan to steal your personal data.

Phishing is one of the most common ways hackers gain access to personal information. Fraudulent yet official seeming emails are sent to a recipient. These emails generally urge the recipient to enter their user name and password in the hopes the recipient will be tricked. Afterwards, the hacker uses this information to compromise their account.

SQL injection is another common type of attack. SQL injection takes advantage of poorly created queries by injecting commands into code that is sent to the backend database. Big companies such as Macy’s and Adobe have fallen victim to SQL injection hacks.

Keyloggers are another type of common attack. These small programs run hidden in the background on a computer, completely invisible to the user. Keyloggers systematically record every keystroke made by the user and send the information to the hacker. Hackers then filter through the keystrokes and extract login credentials and personal information.


How You Can Protect Yourself

In this day and age, protecting yourself is more about mitigating the damage from a compromised account rather than preventing any given attack.

One of your best defenses is to create unique passwords for each site. You can’t control if a website is going to be compromised. However, you can prevent the information gained from being used to access additional accounts. Using a unique password for each of online account prevents an attacker from compromising all your accounts with a single attack.

It’s especially important to use a unique password for your email. If a hacker learns your email password they can easily reset the passwords on any of your linked accounts, possibly even gaining access to your financial accounts.

Another important step in protecting your information is enabling two-step verification. Two-step verification is becoming increasingly common for financial institutions. HSBC, Bank of America and others are looking to this technology as a way to protect their account holders. Financial institutions aren’t the only ones looking to protect their users though.

For example, Google has a two-step verification option. You enter your user name and password on a new computer and Google sends a security pin to your phone. You then enter this pin to log in. This process secures your Google account from third-party access, protecting not just your email, but also everything across the Google platform.

To defend against keyloggers, install an anti-spyware application. While not 100% effective, many of these applications can detect and quarantine software-based keyloggers. Then, they’ll disable or purge them.

Finally, be cautious of any emails with red flags such as those that request you to login and verify your information, or reset your password. Even if the email “from address” looks correct, and the link or URL appears legitimate, you cannot be sure. Contact the company directly to ask them about the email.