“Watch those ways how you talk and mind the way you walk…watch out for the hackers them creeping from the dark…watch out for the big bad guys who think that they smart”…Lots “hackin-ing” in Guyana these days…eh!
Non-technical people are favorite targets for malicious hackers, from data dealing crime rings to targeted corporate espionage attacks.As we’ve seen in far too many recent instances where difficult, large targets have been infiltrated and bled from within over a period of time, sometimes all it takes is one person clicking the wrong thing at the right time.
Oftentimes, these fateful entry points are created by people who have no idea what’s going on; non-technical employees (or even executives) who serve as an unwitting vector for exploitation.
You can’t make every employee tech-proficient, and that’s troubling in an era where attacks are constant. What you can do is learn the top ways malicious attackers exploit your weakest links, so here we go…

Banking and retail break-ins
Let’s just take the US for example, Target- JP Morgan Chase, Verizon, Home Depot… the list goes on. The Identity Theft Research Center’s 2014 report summary of data breaches paints a disturbing picture of 2014 to date-as of October; there have been 606 known and reported major breaches and 77,577,208 records stolen.
The Banking, Credit and Financial sector has seen 24 breaches so far, with 1,172,320 records compromised; Business is at a stunning 211 breaches with 64,407,359 records stolen; Medical/Healthcare has also been hit hard this year with 259 successful hacks and 7,151,542 records pilfered.
On the hacker’s black market, these records get used in many ways. As well as identity theft, the records get compiled into databases used for spear-phishing and other targeted attacks… and the cycle begins again.

Mobility…Not everything that glitters is gold…
The lion’s share of internet access is now mobile and in 2013, 80% of the time spent online on mobile devices was through apps.
Access to online content for mobile users is primarily through just two companies: Apple iTunes apps and Google’s Chrome Store apps. For phone and tablet users, the internet as we once knew it is being gradually replaced by mobile apps.
Ask most Android users what malware is, and you’d likely get a blank stare-despite the fact that 97% of mobile malware and Trojans are on Android.
What’s worse, mounting evidence shows that app makers haven’t put user security first. Because even the most negligent apps repeat offenders like “Snapchat” aren’t bring brought to heel, it’s only a growing attack vector for the non-technical victim (who might otherwise take operational security precautions).

Phishing, phishing and phishing
Phishing is an incredibly popular attack-because it works. Today’s typical phishing attack is an email or text message disguised to look familiar, fooling the unwitting to click on a link or download an attachment, or image.
The URLs within the message may look correct, or almost-correct, or may look right but go to a redirect page; either way the links lead to infected web pages. Sometimes the pages are hosted on the actual site’s server, with the host having been compromised long ago.
One attack uses popular trends, emailing front-page news headlines as if from a friend or a newsletter. Another angle is an email that looks like it comes from a friend or a fellow employee, with a foul link, or a malicious attachment.
The bottom line is, if you’re not expecting it, be suspicious. If you get an official looking email from a bank, or any other business that handles your sensitive information, go directly to the website: Don’t click links in emails or texts.

Social engineering
It’s been a known quantity among hackers that social engineering isn’t rare in hack attacks, but the past few months have revealed to the wider public that social engineering attacks on regular people are far more common than previously believed.
Far too many non-technical people have personal information exposed or easily findable. Many don’t know that information like their home address, phone number and family names are available for purchase on so-called ‘people finder’ websites, which are a gold mine for digital social engineering.
Bad password practices
Password cracking is still one of the top ways malicious hackers do their smash and grab break-ins — it doesn’t help that the majority of people have been thrown into the end without being told how to make a safe password.

In fact, most people:
Don’t block “shoulder surfing”
Reuse the same password; use passwords that are easy to guess
Can get conned into telling anyone official-seeming (or a malicious log-in) their password
Don’t set passwords on their phones, tablets or computers
Don’t use a password manager.

Stop setting passwords that involves anything about yourself or family (name, favorites, etc)…you
know in Guyana we say “no name no warrant”!