It seems almost every day we hear about another corporation or government agency getting hacked. How do these criminals do it?.
"When I'm going out and doing my research i look for things that people are posting online." Stephanie Carruthers spends her days trying to infiltrate and crack into corporations. But she's not a criminal, the security expert works for IBM and teaches companies how to keep the bad guys out.
Carruthers says hackers often break into a company's network by targeting an employee. "I was able to find information on you once I Google searched you."
Using a CBS NEWS reporter an example she did a quick search of Twitter and discovered where she went o college and an email asking me to speak at an event. “And this email address looks so realistic, it's unbelievable."
She even bought the address alumni@syracuse.education, almost exactly the same as the real one (alumni@syracuse.edu). "Little tricks like that often people will overlook.”
It's how criminals get people to click on a link loaded with malware. And if you click a link or downloaded an attachment, what would happen? The hacker would be able to have access to your information, to anything on your machine, and possibly even get on your network.
Experts say employees should also be careful what they post online - photos taken at work may have proprietary info in the background. And you can't even trust the phone. Carruthers downloaded a spoofing app. She was able to enter my mother's phone number and then call me.
Even a flower delivery without a card can lead to a hack. The person who got them may scan the QR code to find out who sent them and unknowingly let a hacker in their phone. "And this is one of the ways that we really would like to show the organizations that we work with that there's more than one way attackers can come in."
Whether it's a delivery, email or phone call, Carruthers says employees have to always before of potential dangers to keep their company and their own information safe.
