As Halloween approaches, horror fans will line up to be terrified by men in masks, creepy dolls, slashers, monsters, and everything ghoulish and gross. Meanwhile, a more sinister threat lurks in your inbox.
“So what?” you might say. Getting scammed or hacked is dangerous, but it only happens to huge companies or the most tech illiterate, right? Wrong. For the spookiest month of the year, we’ve prepared three cyber security horror stories that will chill your blood.
Or, at the very least, make you change all your passwords. (Password1? Come on, guys!)
Story #1: The Good Samaritan (Who Makes You WannaCry)
It’s a dark and stormy night (of course), and you’re at home. You know the risks of cyber crime. You’ve got antivirus software, your data backed up, and you update regularly. That’s when you get a message from Microsoft confirming your worst fears.
You’ve been hit with ransomware.
A notification pops up and urges you to call tech support. You dial the numbers, the sound of your heartbeat pounding in your ears. Someone picks up and you explain the disaster.
The woman on the other end puts your fears to rest. She’s here to help. She walks you through setting up some anti-ransomware software for $300. It’s a bit much but worth it to save your data.
Reluctantly, you fork over the fee and give her remote access to your computer. After a few minutes, she thanks you and assures you your computer is ransomware-free.
One week later, you’ve nearly forgotten the incident. During your morning coffee, you turn on the news and see a story about a local scam. Your eyes widen in horror.
That’s when you realize you were never hit with ransomware. The woman you talked to wasn’t from Microsoft. She was a scammer. And you let her into your computer.
According to UK’s fraud and cybercrime center, Action Fraud, criminals have been exploiting fears around WannaCry by offering tech support after they fake a ransomware attack. During their “tech support,” they charge ridiculous amounts of money and can even install malware on your computer.
“It is important to remember that Microsoft’s error and warning messages on your PC will never include a phone number. Microsoft will never pro-actively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.”
And this isn’t limited to computer users. Some Android apps like, “WannaCry Ransomware Protection,” promise safety but instead install buggy adware on your phone that will expose you to a ton of annoying and potentially dangerous ads. They’re available on Google Play and even have high star ratings.
What can you do? First, know that Microsoft, or any other big organization, will never send you a tech support number in an error message. They will likely not reach out to you unless you’ve asked them first. Second, do your research before you install anything on your phone or computer. Check out these articles for tips on how to avoid fake virus & malware software and learn how to recognize fake virus warnings.
Okay, that was a pretty mild story compared to some. From here on out, it gets worse. Are you ready?
Story #2: Let the Right One In
It’s a lazy Wednesday afternoon in the office. You’re in charge of supplier relations at a company that buys and resells wholesale products. It’s your job to make sure big orders come and go without hassle. The clock is striking 2 pm and your mid-morning coffee buzz has worn off.
You’re debating whether or not a Snickers is technically cheating on your diet (it is) when you get an email from a vendor. It’s a company you regularly work with. They tell you they’ve received over $20,000, but weren’t sure what you ordered. They want your account info so they can sort it out.
Your heart jolts. You’ve got deadlines to meet and if you don’t get this out, you’ll be in big trouble. You click the attachment and scan the invoice, confirming they have your account and some of your bank info. You send them an email with payment info so they can sort it out.
They respond promptly. It’s been taken care of. You breathe a sigh of relief, happy you’ll be able to tell your boss you’ve already fixed the problem.
A few weeks later, you get a strange call. One of your clients is complaining their order never came. That’s strange, you’re sure you remembered. You dig back through your inbox to find the email.
That’s when you take a closer look at the invoice. You’re used to working with this company, but you thought for sure their name was spelled differently.
That’s when it hits you. This isn’t from your vendor. You’ve given an enormous amount of money and your company’s banking info to a scammer. By opening the pdf with your account information, you’ve also exposed your company’s entire network to heaven only knows what.
And there’s nothing you can do to stop it.
While we associate Nigerian phishing scams with sketchy deposed kings and poor grammar, cyber attackers continue to adapt in more serious and pernicious ways. One such scam targets suppliers, customers, commercial organizations, and delivery services who have data access to a greater pool of victims.
Nigerian phishers would send a legitimate-looking invoice and ask recipients to clarify product pricing or goods. They’d even register similar domain names to the companies their victims worked with. Then, they’d send their victims attachments with trojan-spies or backdoors.
“Using the newly registered domains, the cybercriminals are able to carry out a man-in-the-middle attack: they intercept the email with the seller’s invoice and forward it to the buyer after replacing the seller’s account details with the details of an account belonging to the attackers. Alternatively, they can send a request on behalf of the seller for an urgent change of bank details in addition to the seller’s legitimate email containing the invoice.”
This type of attack is an especially big risk for industrial companies that buy from wholesalers and resell. They lose out on the money the scammer stole and have to deal with replacing the order that didn’t go out.
What can you do? The best advice in this situation is to always, always think twice before clicking. The difficult thing about these attacks is they appear to come from people you know. Ask yourself, how well do I know the source? Am I expecting this information? Make sure to double check the spelling of the sender’s address and name against previous emails from them. And, of course, make sure all your data is backed up. Strengthen your network, and, if you think your computer has been compromised, shut it down immediately.
If you think that’s bad, just wait. We saved the worst for last.
Story #3: Destroying Your Digital Life
You get home after a long day. You sit down, happy to spend some time with your one-year-old daughter. As you play, you realize your iPhone shut down. Since you’re expecting a work call, you plug it in.
Instead of bringing up your familiar lock screen, it takes you to the setup display you saw when you first bought it. Weird. And annoying. You figure it’s probably just a bug and, luckily, you’ve backed everything up on the iCloud. You hook your phone to your laptop so you can enter your Apple ID and restore your data. When you open it, a message pops up letting you know your Gmail information is wrong. It asks for a four-digit pin.
But, there’s just one problem… you never set up a four-digit pin.
A twisted, burning hole in your stomach confirms it before you can even think it. You try your laptop. No luck. In horror, you start checking your other accounts. Your Google account is gone. Your Twitter has been hacked and is sending out an ugly stream of racist and homophobic tweets.
Fearing for your household network, you shut down the laptop and disconnect your router. You call Apple support. During your call, you think of everything you could lose. It’s bad enough that you’ll have to recreate all your work, notes, data, and maybe even create new online accounts. What’s even worse is that you realize almost every picture you’ve taken of your daughter’s first year on earth was on that hard drive. That can’t be replaced.
On your tech support call, they mention this is the second call you’ve had with them today. But that doesn’t make you sense, you insist. It’s the first time you’ve called them today.
That’s when you realize. The first call to tech support was from the hacker, posing as you. It took them less than an hour to destroy your entire online existence. You have no idea what to do next.
Mat, a tech journalist, revealed that the scale of the devastation was due to the fact that information from one account let the hacker get into his other accounts. A hacker got his address and the last four digits of his credit card from the support staff at Amazon. From there, they got into his AppleID, his Google account, and his Twitter.
Fortunately for Honan, the hacker wasn’t interested in his bank account or the people on his contact list. So why did this hacker ruin Mat’s digital life?
For his Twitter handle.
The hacker was interested in Mat’s rare three-character Twitter handle. For that reason, they laid Mat’s data to waste.
Fortunately for Mat, the team at the Apple store managed to restore over 75% of his hard drive, including the photos of his daughter. It didn’t come cheap at a hefty fee of $1,690. Not everyone has the time or the resources to retrieve memories like the one below.
What can you do? First of all, two-factor authentication is your best friend. This links your accounts to a phone number. Every time you log into a new device it will ask you to enter a code that’s sent to your phone. It will also send you an email to let you know when and where someone logs into your account. Second, back up everything. The cloud gives us a false sense of safety. Sure, it backs up all your data, but if it’s hacked you will lose everything. An external hard drive could be your savior.
Protecting Your Data
Whether it’s at home, work, or even across your devices, cyber attacks can affect even the most tech-savvy among us. It could be as simple as opening an attachment or setting up accounts for convenience rather than security.
Though ghosts and ghouls will haunt many nightmares this month, cyber security is a real and present danger we face every day. For most, the best offense is a good defense. The National Cyber Security Alliance provides online safety tips and has info on the ever-evolving world of online fraud, theft, and crime.
If you’re interested in joining the fight in a more hands-on way, there’s never been a greater need for talented pros. By 2019, there will be a global shortage of two million cyber security professionals. Even now, employers are struggling to fill 40,000 information security analyst positions and over 200,000 other cyber-security related roles, according to cyber security data tool CyberSeek.
We’ve all seen it. The rapidly flashing screens. The confusing jumble of nonsensical numbers and symbols. Or, the lame PS1-esque graphics that Hollywood seems to think makes a mega hacker. Movie hacking is corny, goofy, and a convenient plot device when you want something to seem futuristic.
Before we establish what hacking is, it’s important to establish what it isn’t. The answer is, well, basically anything you’ve ever seen on TV. It’s not Newman telling Samuel L. Jackson he didn’t say the magic word and infecting all the computers as in Jurassic Park.
It’s not a man in a black light gyroscope twirling around while his green body dissolves into a swirling nightmare vortex as he says, “I’m in,” as in Lawnmower Man.
And, perhaps most importantly of all, it’s not trying to stop a real-time hacker with the most effective method of all. JUMPING ON THE SAME KEYBOARD TO DOUBLE YOUR ANTI-HACKING SPEED. (As seen in 2 idiots, one keyboard from NCIS fame.)
This all bring us to another question which is, why do we see hacking portrayed again and again in these increasingly silly ways? Well . . .
Why Does Hacking Look So Stupid in Movies?
It can be easy to think that Hollywood writers and executives are doofuses who don’t know the first thing about a keyboard, let alone hacking, but that’s not always true and things are changing as the public understands tech more.
For example, the tech-savvy show Mr. Robot actually employs a team to ensure that all of the tech stuff rings true. As for other shows, well, take a look at this video of someone doing a live hacker challenge and see if you can spot where this might not translate into film.
Turns out real hacking looks a lot like staring at a text editor for a long time, testing vulnerabilities, finding a way into the system, and then building yourself a backdoor so you can get back in. Text editors are notoriously nonsexy and nonexciting. You see the problem.
However, one of the biggest reasons that tech looks so silly is, well, everyone is trolling you as shown in this article from Gizmodo.
If you see something too dumb to believe, it’s probably a joke. Or at least a setup; the punchline of which is when you lean over to your date and exasperatedly explain that there’s no way that could happen since no CTO worth his salt would ever let that kind of information be remotely accessible instead of just relegating it to an isolated intranet, and besides that’s not actually what VPNs do.
With all this in mind, let’s dive into the truth behind the Hollywood glitz.
What is Hacking Really?
The word hacking has kind of become a catch-all for cyber attacks and cyber terror in general. Technopedia defines hacking as, “an unauthorized intrusion into a computer or a network.” Hackers may use the system or security features to accomplish a goal that differs from the system’s original purpose.
It specifically includes the following techniques under the umbrella of hacking:
Vulnerability scanning (checking computers on networks for known weaknesses)
Packet sniffing (apps that capture data packets in order to view data and passwords in transit over networks)
Spoofing attack (websites which falsify data by mimicking legitimate sites, and they are therefore treated as trusted sites)
Rootkit (programs which work to subvert control of an OS from legitimate operators)
Keyloggers (tools designed to record every keystroke on the affected machine for later retrieval)
However, there are a number of different ways that people who identify as hackers try to exploit networks and systems for their own gain. A Distributed Denial of Service (DDoS) attacks makes an online service unavailable by overwhelming with traffic with the sole purpose of shutting down a website.
Little known fact, one-handed standing laptop hacking is the most effective method.
And not all hackers are created equal. While the word may conjure up images of a ski-masked man in a hoodie in a darkened room hunched over his laptop, ethical or “white hat,” hackers make up an important part of keeping networks safe.
Black Hat, Gray Hat, & White Hat/Ethical Hacking
Hackers are divided into three groups: White Hat, Grey Hat, and Black Hat. Named for the different colors of hats worn by characters in Westerns, Black, Gray, and White basically boils down to bad, questionable, and good, but the truth is a little more nuanced than that.
White Hack hackers are hired by companies to help identify security bugs in their systems. To catch a hacker you have to think like a hacker. They play an important part in security.
One of the strongest weapons in the fight against cyber criminals has been hackers themselves. Professionals with a deep understanding of how to penetrate the security of an online infrastructure are commonly deployed to find vulnerabilities that those on the other side of the moral hacking spectrum would seek to exploit.
Black Hat Hackers have a clear malicious intent. Whether it’s to extort money, crash a system, or just cause general chaos in a person’s life, they do what they do for personal gain in a way that harms others.
Many career paths that lead to white hat hacking are unconventional. Again, there is controversy in the industry about hiring black hat hackers turned white hat, but, even for those who start firmly on the ethical hacking path, it can be twisted.
In the case of Ben Miller, he got a degree in computer systems and networking . . . right before the dotcom bubble burst. Ouch. After a few rough years, he was hired as a networking administrator for a hospital and focused on strengthening systems while making sure they were HIPPA compliant.
His company offered a Certified Ethical Hacking course. He took it, loved it, and was hired one year later in ethical hacking by his instructor. Now Miller works trying to think like a hacker while stopping them dead in their tracks.
His recommendations for up and coming ethical hackers? Always be listening and reading, communicate with your client, getting certifications can help prove your abilities, and always document what you’re doing.
Want a Career as an Ethical Hacker?
If you’re interested in helping companies protect their data and stopping hackers dead in their tracks, certified ethical hacking might be for you! At LeaderQuest, we offer a 5-day Certified Ethical Hacker (CEH) course to help you get trained, certified, and hired. Through our career services team, and personal job coaching with your very own Employment Development Manager (EDM), you’ll also get help with your resume, interview tips, and access to employers in the industry.
With room for growth and a zero percent unemployment rate in cyber security, it’s clear that a certification like this will make you highly employable for a long time to come. To make training easy for you we offer classes during the day, at night, online, or on campus to fit any learning style or schedule. When it comes time to take the test, we not only cover the cost of one certification attempt per course but also have approved testing facilities on campus.
If you want to join a career fighting for the good guys, don’t wait. Though sadly, this job will not involve two people typing on one keyboard. (Sorry NCIS.) Become an ethical hacker today!
From Equifax to Uber to WannaCry, the dangers of unsecured data have never been more apparent. While organizations are hungry for cyber security talent, a good cyber security professional is hard to find.
But the cyber skills gap goes even deeper than you might think. In this, “Assessing the IT Skills Gap,” downloadable from CompTIA, you’ll learn just how many organizations feel sunk on cyber security.
Read on for the problem with the skills gap, why you should care, and how it can be solved.
The numbers speak for themselves. By 2019, the nonprofit group ISACA predicts a global shortage of two million cyber security professionals. Meanwhile, an estimated 240,000 information security analysts and other cyber roles go unfilled every year, according to CyberSeek.
“Organizations rank data security as the most pressing cybersecurity skills gap domain, reflecting the growing importance of data across every industry sector of the economy.”
–“Assessing the Cyber Skills Gap”, CompTIA
Despite the fact that nearly 6 in 10 large-size firms report a growing gap, only 1 in 3 organizations has a formal plan in place to address these changes. The remaining two-thirds have only an informal process if they have one at all.
Why It Matters
One of the biggest ways this gap has manifested is through high profile hacks, leaks, and more. However, that’s not the only reason that skills gaps are bad for business.
Such gaps hold businesses back from achieving further success, and negative impacts from the skills gap have been reported in 94 percent of organizations surveyed. Moreover, more than half of businesses report lower staff productivity while one-third experience lower sales or profitability.
How We Can Fix It
Most employers are focused on improving their current IT staff in the short-term rather than thinking about the future. With the looming retirement of almost 800,000 IT workers through 2024, this problem is only going to get worse.
One of the biggest challenges is getting candidates relevant work experience and on-the-job training. One solution? IT certifications. In a market this starved for qualified applicants, certifications provide a powerful way to upskill employees quickly, or hire trained applicants. Because certifications are governed by their issuing companies and administered through examinations, they provide an objective, 3rd party verification of skills that employers respect.
With the existing skills gap already so large, and the looming retirement of so many professionals on the horizon, you can see what a huge problem this will be. But for those with the right training to be part of the solution, this is a huge opportunity as well. Starting a career in cyber security is a timely choice that will pay dividends for years to come as cyber professionals expand on their skills and continue to advance their careers.
Get the Full Report!
Want to learn more about the cyber skills gap and what it means for you? Enter your email address below to get this exclusive report from CompTIA giving you all the stats you need to understand the scope of this problem that’s sweeping the IT world.
Fill out the form below and we’ll send you, “Assessing the IT Skills Gap” along with cyber security updates and more!
* required info
Already subscribed? Drop us a line and we’ll send you, “Assessing the IT Skills Gap.”
Interested in Cyber Security Training?
If you want to be on the front lines of fighting the cyber security skills gap, we can help! We offer instructor-led IT training classes online, on campus, and during the day or at night. Our live labs ensure that you have practical, real-time experience so you’re prepared to start your new career
With flexible schedules, you’ll get trained, certified, and jump into the cyber security industry as quickly as possible. Once you’ve completed your program, our career advisers can help you revamp your resume and get you in touch with recruiters.