The Atlanta Journal-Constitution
Don’t fall victim to hackers; they count on willing prey
When most folks think of a hacker, they picture an evil genius — fueled by Mountain Dew and dayold pizza — hammering away at a keyboard while attempting to break into the computer of some poor schmuck in Boise.
In reality — like so much else these days — the invasion of most home computers comes through an automated process that captures whoever wanders into the traps. It takes advantage of poor practices on the part of the owner of those home computers.
There are so many home computers that it just doesn’t make sense for a hacker to spend time targeting each one individually. Instead, these computer criminals depend on specialized software that automates the hacking process. It’s sort of like fishing with a giant net — the hacking programs are scattered around the Internet — and the hacker checks his traps to see what he’s caught each day.
The hacking programs can be, and often are, embedded in spam emails that are sent out by the millions. In some cases the emails carry attachments. Once clicked, the hacking program is triggered and it opens the door to all your data.
Or the email may urge you to click on a link that takes you to what seems like a legitimate website. It may masquerade as a bank you use, or your Internet provider, or some other brand-name business.
You are asked to use your password to log on. When you do that, your password is captured for the hacker’s use.
As you can see, in each case the hacker depends on your help — either clicking on the attachment or following the link and providing your personal information. There are dozens of variations on this theme as far as what the email says, or how the websites are con- structed. But the basic mechanics are the same. It all depends on action from you.
Once you understand that — and the fact that your own mistakes help the hacker through the door — it’s easier to protect your data. As drastic as this seems, the best practice for home users is to avoid opening attachments, to shy away from clicking on links in emails.
Here’s why it’s best to make this a universal practice. When these scams are done skillfully — and they often are — the email seems to come from a business you know and trust or even from the hacked email account of a friend or family member. And the websites can be perfect imitations of the real ones.
Obviously there are times when it is OK to open an attachment or follow a link. But — to be safe — you must regard each decision with great paranoia and check to make sure that it is legit. Start by assuming it is not.
There’s another way that hackers use you as an unwitting accomplice. It’s much more personal than these automated traps and very old-fashioned, a simple con game that your parents would recognize. The computer criminal telephones you and says your computer has been infected and he’s here to help. He often claims to be from Microsoft or some computer company associated with Microsoft.
When he finds a sucker willing to believe his story, the crook follows one of two paths. The least harmful one ends up in the home computer user signing up for some worthless service that promises to protect their computer.
The second path is even worse. You are asked to install software on your machine so that the con man can fix the problem he has found. Once that software is installed the crook uses it to invade your computer. So it’s very much as if a burglar had knocked on your front door and asked for your keys. Again you have aided a criminal in stealing from you if you cooperate.
The solution here is to hang up when you get one of these calls.
The pattern is easy to see. In 90 percent of all computer break-ins, the criminal relies on you to help. So that means you must be suspicious to the point of paranoia when you deal with calls or emails.
But don’t worry about adopting this cynical outlook. They really are out to get you.