This question originally appeared on Quora: What are some computer hacks that hackers know but most people don't?.
Answer by Kevin Borders, Former NSA Employee, Security Researcher
Social context is more important than technical sophistication.
The most effective hackers insinuate themselves into existing social contexts to exploit human trust and override common sense. A hacker might do the following:
- Find a list of your possible contacts through LinkedIn, Facebook, or your employer's/school's website.
- Spam everyone you know with common malware that has a low success rate.
- Once a few gullible people are hacked, search through their e-mail and social networking accounts to find existing threads that you have with them.
- Use a low-tech payload that would normally arouse suspicion (like a password-protected zip file), but associate it with an ongoing conversation. Example: "Excited to meet up for dinner next week. Check out the menu I found for the restaurant, the steak looks really good!"
Such a well-crafted attack could catch even the most tech-savvy target off guard, because the context makes you assume that it is coming from a real person you trust.
How can you protect yourself?
This type of attack is really difficult to prevent. Never opening e-mail attachments or clicking on links (even as part of ongoing conversations with known associates) is not practical, but here are some other things you can do to help:
- Always keep your system up-to-date with the latest versions of your operating system, web browser, document readers, Flash, Java, etc.
- Restrict your privacy settings on social networks so that the names of your friends are not public.
- Treat context-aware e-mails from friends with the same level of caution as anonymous e-mails. Still beware of any fishy file extensions or types (.exe or .zip file).
- If something looks suspicious or out of place, call the sender and ask if the message is legitimate.
For a more in-depth discussion of this topic, see: Social networks and context-aware spam
More questions on Quora:
- Technology: What are some of the best marvels of engineering?
- Computer Security: Why is the Heartbleed bug being called one of the biggest security threats the Internet has ever seen?
- Privacy: How many Google employees can access Gmail data?
- Computer Science: Why is computer science generally viewed as "uncool" by teenagers?
- Hackers: What is the best strategy for creating unique but memorable passwords?