Hollywood has helped create an image that instantly pops into our minds when we hear the term cyberattack. Many of us think of a group of devious hackers led by the likes of Hans Gruber from “Die Hard.” While people like Gruber exist, most cybercriminals are simply common thieves looking to rip people off.
Names, email addresses, usernames, passwords and credit card information are some of the prime pieces of information criminals steal in data breaches. Tap or click here to learn about one of the scariest cyberattacks of 2022. The dangers are real, and threats could be closer than you think.
Common equipment or technology might serve as unsuspecting threats hiding under your nose. Let’s go over six unexpected data breach dangers lurking inside your office or home.
1. Unsecured connections
Even though it’s invisible, Wi-Fi is all around you. It only takes a glance at your phone’s list of available networks to see how many signals are broadcast in your area alone.
Each of these networks provides a gateway to the internet. The bad news is if you connect to Wi-Fi, anyone on that network can find detailed information about you and potentially steal anything you’re sending and receiving.
The internet connection at your home and office should be alright, but you need to watch out for public Wi-Fi networks. If there’s no getting around it, you should use a VPN.
A virtual private network is a layer of protection between your devices and the internet. It hides your IP address and location, encrypts your data after leaving your device and travels to whatever website you’re visiting.
By accessing the internet through a VPN, you can keep your most sensitive and personal information private and, more importantly, protected. We recommend using our sponsor, ExpressVPN.
Protect your privacy with ExpressVPN. Get three months free when you sign up for one year at ExpressVPN.com/Kim.
2. Charge (or transfer) smarter
If your iPhone runs out of juice at work, it can cause serious panic. It could cloud your judgment and lead to you doing something rash — like plugging your phone into a random cable found in the office.
A white-hat hacker known by the moniker “MG” revealed a clever project: A proof of concept for a malicious lightning cable he’s dubbed the “O.MG Cable.”
From the outside, the accessory appears identical to an ordinary Apple-branded cable; however, inside lies an advanced array of Wi-Fi equipment and malicious payloads that can completely compromise any phone it’s plugged into.
RELATED: 5 things you must do to protect your phone from hackers
Unlike traditional security exploits for Apple devices, the O.MG Cable is a bait-and-switch that relies on the user to compromise their phone. The accessory is so covert that even your computer can’t detect that the cable has been altered.
It’s only when MG activates the Wi-Fi receiver inside that the O.MG Cable truly comes to life. Once inside, he can remotely control a phone as if he were holding the device — making it an extremely dangerous threat.
Since MG is a white-hat hacker, he says he won’t make the malicious cable available to the public. But, if he was able to create one, someone with not-so-good intentions could as well.
Needless to say, you should avoid charging cables you didn’t bring to the office yourself. Even at home, if you find a random charging cable and have no idea where it came from, don’t use it. It’s always better to be safe than sorry.
3. That little drive could pose a threat
Another piece of tech that seems harmless is the standard thumb drive. You may use one to upload and transfer files without giving it a second thought, but it’s a bad idea. Here’s why: someone could have loaded the drive with malicious code that can infect your device with malware just by plugging it in.
It doesn’t necessarily have to come from bad actors within the company or from a visitor who “accidentally” left it at your house. A few years ago, IBM warned customers it mistakenly shipped some USB flash drives containing malicious files. Tap or click here to find out how it happened.
Another threat that could be loaded on a thumb drive is keylogging software. Keyloggers are hidden programs that can be installed on computers to record keystrokes.
Legitimate uses for keyloggers do exist. Businesses might install them on employees’ computers, especially if they deal with highly sensitive information; however, malicious keyloggers could be used to steal your information or a company’s data.
4. Did your boss really ask you about that?
By now, you probably know all about phishing attacks. This is when you receive an email from a criminal trying to trick you into clicking on a malicious link or opening a corrupted file that will infect your device.
Scammers were careless with their messages in the early days of phishing. Most were packed full of typos and bad grammar. Fast forward to today, and they’ve upped their game. They use tools to spoof company logos and websites that make their messages look real.
Now, some of these crooks aren’t just targeting the average Joe. Instead, they’re going after companies and their employees in what’s known as a Business Email Compromise scam (BEC).
Scammers don’t just know where you work but also what you do there. They might even use some of your personal information to keep your guard down.
Popular BEC scams include when a crook pretends to be the company’s CEO and contacts employees with access to the company coffers. They’ll send an email requesting a money transfer for a client or other company and say it has to happen as soon as possible.
You might quickly look up the email address before carrying out the instructions, but there’s a good chance it’ll look real. The account where you’re supposed to send the money might even look familiar, but with a couple of character changes, it will send money to the crooks’ account.
Another scam is when they pretend to be HR and ask you to update your direct deposit information. Then there’s one where your boss wants you to quickly go out and buy hundreds or thousands of dollars worth of gift cards (with your own money) under the guise they’re last-minute gifts for clients and you’ll be reimbursed.
There are more types of BEC scams to watch out for. Tap or click here for more examples and ways to spot phishing emails at work. So the next time you receive an email from your “boss,” make sure to confirm with them by starting a new message or calling them — never reply to the email.
5. Are your printers connected to the internet?
Smart appliances, such as printers, webcams and routers, can be used as tools by cybercriminals. Internet of Things (IoT) devices can easily be hacked simply because they’re connected to the internet.
They are typically used as a botnet in distributed denial-of-service (DDoS) attacks against websites. DDoS attacks occur when servers are overwhelmed with more traffic than they can handle, causing one or more websites to crash.
However, some printers have been found to have even more serious flaws. Here are some of the malicious things hackers could do if these flaws are exploited:
- Steal sensitive information – Criminals could remotely steal information from the documents you print.
- Shut down or hijack networked printers.
- Capture passwords – These printers could be used as an entry point to steal network credentials.
- Malware – hackers could infect your printer with malware.
- DDoS – They could also be used in the traditional example as a botnet to take part in a DDoS attack.
6. Huge mistake when getting rid of old equipment
Does your company own all of the equipment used around the office, or does it lease? Either way, think about all the sensitive information things like desktop computers, laptops and even printers hold.
Now, imagine that data getting into the wrong hands. The device doesn’t necessarily need to be stolen, either.
When a company’s lease of a desktop computer ends, they typically return it for a newer model. The same goes for printers and laptops. If the company owns the equipment, it will most likely donate or sell it when it’s time to upgrade.
But are they wiping the equipment’s memory before getting rid of it? If not, that could be disastrous! Before letting office equipment go, you must permanently erase sensitive data. This should be done with your personal devices, too.
Don’t know how to erase the data? Tap or click here and we’ll walk you through the process of erasing data from a Windows PC, Mac, iPhone and Android devices.
This is excellent advice for your personal equipment at home, too. Donating an old computer or selling a used smartphone is nice, but you don’t want to hand over sensitive personal information. Remember to wipe all of your old equipment before getting rid of it.
Bonus: The best way to protect your devices
If you don’t have antivirus software, you’re putting every internet-connected gadget you own at risk. But not all antivirus programs are created equal. You have to stick with software that you can trust. We recommend our sponsor, TotalAV.
TotalAV has you covered, whether you use a PC, Mac, iPhone or Android. Its all-in-one security software works across all your platforms. Its industry-leading security suite is easy to use and offers the best protection in the business.
Get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com.