Social Engineering and Website Security

Security – People are not who you think they are online.


So the Come Fly With Me clip highlights a very real problem with online security, that we make assumptions and there are trust indicators we just implicitly, well, trust.

My Skype account was hacked recently, a very good friend and contact in business sent me a link

Here’s the transcript – bearing in mind it came from a friend who I trusted implicitly.

DEE: My new blog  hope to get your support^^ thank you!

ME: Good to hear from you Debbie, hope all is well – the link you sent over takes me to a Skype login page. I tried (link) but nothing, happy to have a look just point me at the right domain!

DEE: need login skype (sic)

ME: logged in, what now? 🙂 just takes me back to me account admin

DEE: pls try later, thanks

ME: ok

Within 30 seconds I was logged out of Skype, and my password and email address was changed.

Looking back I question now the short, poor grammatically challenged answers, but I was busy, distracted somewhat but pleased an old friend was pinging me and wanted to respond asap.

Turns out is was a Chinese Hacker, we traced back the IP and got as far as a possible name on an account, but who knows if that is even a real name?

It took 4 days, Fri, Sat, Sun, Mon of badgering Skype, who have the least responsive and least helpful “customer support” team I have had the misfortune to have to rely on. It was a nightmare and all the while Skype sided with the hackers and allowed them to send out these links via my account. Luckily not one of my 300+ contact on Skype took the bait, which I really am thankful for.

The problem wasn’t with my security, I had a VERY long password with numbers and symbols and runes and hieroglyphs and all sorts. The issue was my personal relationship was hacked, social engineering is the term used and I was well and truly “phished”.

We can have great passwords and layers of security but when you voluntarily hand the login details to the hacker then no security in the world can help. So how do you avoid this happening? Here’s a checklist to ensure you don’t get Socially Hacked

1) Phishing attacks may appear to come from trustworthy sources; bank, charities and friends/relations are all used, but are not an exhaustive list. Hackers often take advantage of seasonal events, disasters and other high profile news events.

2) If contacted out of the blue by someone then look to see if the language and conversation is natural, question THEM about certain information that they should know easily. Even if it is a bank, you are perfectly within your rights to question the caller “what are the last three digits of my account?” or “What is the first line of my branch address” could foil an attack. If the person calling refuses to play along then refuse to speak, ask for a call back number and then use the phone numbers you have for the bank, do not trust the number they gave, until you verify it.

3) Do not reveal personal or financial information in email, by text or Skype, and do not respond to solicitations for this information or follow links, call numbers or use other materials sent to you to provoke a response. Hackers use some of the very best marketing tactics in the world to provoke responses!

4) Is your website and hosting up to date with the latest security patches? A lot of hacks are invisible, hackers place monitoring software and gather up information like passwords and usernames, then use these on other websites as people use the same passwords across many different accounts. DON’T!!! Use different emails and passwords on different sites.

5) Be vigilant, place a post-it note next to your monitor and on it write “THINK SECURITY”, this will prompt you to remain vigilant and cautious when approaching your web communications. A gentle reminder that not everyone is who they say they are, that there are people who are out there looking to take advantage.

I don’t want to alarm people unnecessarily, but just like we take precautions when we leave our premises or houses we have to do the same online, not get into panic mode, but take relevant sensible precautions to ensure the safety of our business online.

I wish you well, and yes I did eventually after much begging and proof providing get back into my Skype account, but it cost me at least 4 hours of my time on just trying to get the account back and telling people to avoid it in the meantime.

Many thanks for reading and all the best in your online endeavours, stay safe and as Shaw Taylor on Police 5 used to say “Keep ’em peeled!”

If You Wish to Let us Know Your Thoughts, Add to the Discussion or Comment on the Above Post, Feel Free to Leave a Reply

Your email address will not be published.

About Stuart Morrison

Stu Morrison's background in marketing, entertainment and web development has fused him into a guy thirsty for results in marketing. His regular talks on marketing and web conversion help others to gain more revenue from their websites. He also has a big moustache.