Social Engineering with Jack Rhysider
Have you ever received calls either at work or at home where the caller wants you to verify some information about yourself or someone else in the company? This could just be someone updating their records or it could be the start of social engineering.
Our guest today is Jack Rhysider. Jack is the host of the podcast DarkNet Diaries: True Stories From the Dark Side of the Internet. His podcast is about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all things that dwell on the hidden part of the net.
- [0:45] - Jack originally went to college to study computer engineering and wound up getting a job managing firewalls for many different clients. In that time, he went to conferences and listened to podcasts to learn about the different types of hacking.
- [1:40] - DarkNet Diaries is a podcast of telling the stories behind hackers and different situations.
- [2:15] - Jack explains how social engineering started decades ago where a man traveled around selling things he didn’t own.
- [3:31] - Today’s social engineering is more about conning people within a company in order to gain access to data.
- [4:44] - Jack breaks down the levels of people within a company and why everyone is a target for specific reasons.
- [5:00] - Phishing is all about sending a link to someone to click that is harmful. When a phishing email is sent to a CEO, it is called Whaling.
- [7:27] - Even the nightly cleaning crew could be a target for social engineering.
- [7:58] - Individuals could also be hacked, especially if they use bitcoin or other form of value.
- [9:29] - There is a difference between phishing and spear phishing. Phishing is a lot of the time random, but spear phishing is when the hacker takes the time to get to know their target.
- [11:29] - People are the weakest link but are unintentionally the weakest link. But on the other hand, people who are aware and trained are often the strongest link in protecting companies from social engineering attempts.
- [12:28] - Oftentimes social engineering attempts are time sensitive, so if you get an unusual call or email that is pushing you to act on something very quickly, that is a red flag.
- [14:10] - If you get a call that you are unsure of, hang up and call the people they claim to be directly to verify their identity.
- [16:02] - Jack recommends you also make sure you keep everything updated, like apps on your phone, your operating systems on your phone and computer, etc.
- [16:37] - Jack also recommends using a password manager on your computer which gives you a long crazy password and remembers it. These passwords are very difficult to crack.
- [17:44] - The harder you make it to hack your information, the more resources it would take for a hacker to gain access. They will give up and move on.
- [18:05] - One of the biggest issues with social media is the amount of information people are giving out for free that make them vulnerable.
- [20:18] - Jack shares a story about how Sarah Palin was hacked simply because the answers to some of her security questions were public knowledge online.
- [21:10] - Two factors authorization is a must and Jack also recommends you take steps to secure your email addresses.
- [23:42] - In Gmail, there is a way to see what IP addresses have accessed your email.
- [25:50] - Jack shares a story about how he was targeted as a teenager buying a camera on eBay.
- [27:04] - Past experiences are great lessons to learn about how to use the internet safely.
- [29:00] - Anything that is outside of the norm, like paying a bill with a different credit card, purchasing gift cards to pay for something, or wiring money through Western Union are all big red flags.
- [29:45] - There is a huge criminal market in India that is targeting individual people, specifically elderly people.
- [31:49] - This type of awareness is the first level of security for yourself.
- [33:29] - Chris and Jack discuss the most recent issue of hackers using stimulus check reasons to gain information.
- [34:12] - Another recent scam is a man spamming ex-drug addicts pretending to sell pharmaceuticals to tempt them into sending money to him.
- [37:32] - Jack’s podcast DarkNet Diaries covers stories from victims, law enforcement involved in cases, and even from the criminals themselves.
Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.Links and Resources: