Como evitar un ciberataque Cybersecurity

May You Have Exposed Sensible Information, but You Don’t Know It Yet?

24/06/20 6 min. read

You want us to make it a little bit harder to the hackers?

I’m sure your answer is a resounding yes, or so I hope. I invite you to read on to learn about some anecdotal cases of private and sensitive information that was there, in plain view, but we didn’t “see” it until it was too late. I will also teach you some simple techniques used by hackers in what is called “social engineering” that will help you avoid exposing your confidential data.

Rule #1: Cybersecurity starts with yourself ✋

There are many users who continue to be a vulnerable group and in some cases do not perceive insecurity and do not put in place the minimum means necessary to protect themselves. Sometimes it is ignorance of the impact that falling into one of these crimes can have, not knowing how to avoid them, and other times it is seen as something unreal or from science fiction movies.

Cyber-attacks occur mainly for two reasons:

  • Vulnerabilities in computer systems
  • For deceiving people. Social engineering would be part of this group. But you will see that many times it is not necessary to reach the deception, but that we ourselves are the ones who give the information without realizing that we are doing it.

?Do you know how a cyber attack works??

There is too much personal information available on social networks. We voluntarily share locations and habits on a daily basis through sports applications (for running or when cycling), or through photographs or videos in real time on social networks (Instagram, YouTube, Facebook, etc.), through which we can obtain behavioural profiles of a person quite reliably.

Examples of famous “hunted” who did not apply Rule #1 ?

Who is not aware of the publication of images on social networks that contain more information than desired? Famous or relevant people who have shared more or less confidential information on social networks by mistake, and nothing better than seeing the following examples:

Paula Vazquez shared on Twitter a medical report (the simple fact of sharing medical information is already a nonsense by itself) where, in addition to medical data could be seen her personal phone number and address. The information began to spread through the network and although she deleted the message when she became aware of it, the damage was already done and the phone received hundreds of calls and messages.

Ex soccer player Manolo Sanchis mistakenly posted his shopping list on Twitter. This fact would be no more than an anecdote if it weren’t for the fact that some of the items listed were bullets and Brandy, a dangerous combination…

?You should keep in mind these tips for your social networks?

What if sensitive information is exposed? ?

There are cases of more relevant characters for whom the compromised information was published in the media with data that for the expert eye exposes more information than for the rest.

Contraseña en el post it del Ministro del Servicio de Inteligencia de Grecia
Responsable de la falsa alarma de misil en Hawaii

This case went unnoticed in the article, but was later used to send SMSs to the population of Hawaii reporting a missile attack that was not real, but that triggered panic. This is a good example of how something as simple as a picture of your regular workplace can show more information than you think.

Regarding the risk of writing down passwords like that and having them in visible places, we will write another article talking about attacks from inside. The so-called Insiders.

These cases have served as examples because of their repercussion, the impact they have had or the relevance of the information published, but not only the “celebrities” or the media expose data, and not only they have relevant information. We all have valuable data to take care of.

Shoulder Surfing, one of the easiest techniques a hacker can use ?

In addition to the information we share, there is information we do not protect as you have seen from the examples above. For these attacks, there is no need to think about complex attack techniques.

On public transport you can access social networks or banking applications without noticing the eyes that may be watching, the same thing that happens when you enter your PIN at the ATM to withdraw money.

These techniques are called: shoulder surfing, or looking over the shoulder. And although it may seem trivial, once again an expert eye is capable of discovering relevant information in the simplest and most everyday action.

There is no need to be alarmed, but neither should we relax, just take a few precautions. Imagine this situation: you are paying with your card in a shop and for the amount of the purchase we are asked for the card’s PIN. You insert it into the dataphone without taking the precaution of covering the keyboard with the other hand because you see that the clerk is not looking and there is no one around to tune the eye, with these you would be avoiding shoulder surfing, right? But what about the local security cameras that usually point at the counters?

Espionaje en el banco

No one is exempt from being attacked or falling into a fraud, so we must always be aware in making things truly difficult for the attackers. Awareness can dramatically reduce the instances in which these attacks are successful, at both the business and user levels. And with education and training for children, a more complicated future can be assured for hackers, as well as protecting the population group that is perhaps most vulnerable to these attacks because of trust, ignorance or innocence.

We’re going to end with a challenge. The following image was published by Lisa Kudrow (I’m sure you know her as Phoebe in Friends) on Instagram to echo an article that was published with her new work. I’m sure, even if the resolution of the image is not the best, you know where to look:

Contraseña Lisa Kudrow

Although I know you won’t need it at this point, here’s the solution:

Contraseña del ordenador

? Be careful, it’s worth it! ?

Carlos Seco

Carlos Seco

Santander Global Tech

Several years of working in different areas of cybersecurity have made me have more unknowns each day, more curiosities and more pleasure for my work.


? My LinkedIn profile


Other posts