Hey, I don't need your Passwords!

Hey Stranger, I Don’t Need Your Passwords to Get Your Information!

Posted on August 6, 2013 by Katya for RoboForm 

                                                

Hackers are finding more and more ways to steal everything from company documents to personal information, even if they don’t have your passwords. We here at RoboForm are constantly researching various ways that hackers attempt to take advantage of the public, then educating our users on how to keep themselves safe.  Below is one type of scam that we’ve seen growing in popularity in recent years, and some ways that you can protect yourself from it.

The E-mail Hack Scheme- No Passwords Needed

First, the hacker does in-depth research on a company and finds a couple of employee’s names. The hacker signs up for an email using one of the employee’s names and sends another employee of the company an email with a friendly subject, such as ‘Company Party’ or ‘Days Off’. There will also be an attachment to that email with a similar label, such as ‘Party Planning’. If the target employee opens the attachment, malware will begin installing a “backdoor”.  This is a method of bypassing normal computer authentication and securing illegal remote access to a computer, all while attempting to stay undetected. After the backdoor is installed, information like documents and passwords on the company’s network are collected by the malware.  In addition, even more backdoors are installed on other company computers. These files are compressed and are transferred via a hijacked server located in the country or state of the company. This is done in order to avoid attracting attention to the hacker’s location. After this seemingly friendly email, the hacker obtains all of this information, most often with the user being completely unaware that he or she has been hacked.

What You Need to Do

There are some easy, yet effective tips to avoid this disaster. First and foremost, know who is emailing you at work. If you get an email from somebody’s non-work account, check with them in-person or through any other trusted communication to see if it’s legitimate.
Now, if there is an attachment, check the three lettered identifier, or file extension, after the attachment name (for example: Cute_Kitties.JPG). The file extension will show what type of attachment it is. If the file extension is in this list of potentially dangerous attachments, do not open it unless you were expecting this sort of attachment and know that it is legitimate. The file extensions that are usually safe are GIF, JPG or JPEG, TIF or TIFF, MPG or MPEG, MP3 and WAV. There are also three special files extensions: DOC, XLS and TXT. These could be infected with malware, but these files are generally work-related and can be opened if you know who is emailing you these. If you cannot see the attachment’s file extension, generally, you can change it in your email’s options or preferences.
Overall, it’s important to be smart and use common sense when you are dealing with emails and attachments and remember to never give out personal information like passwords, SSN, address, etc.  Also, you aren’t the millionth visitor to a website, nor have you inherited $1M from Nigeria.  Understand who is emailing you and why, keeping you and your coworker’s information, passwords, and documents safe. Goodbye from RoboForm and happy online surfing!