Once the domain of fake Nigerian princes and phony bankers who couldn’t spell, hacking has turned sophisticated, taking cues from social media posts to compel you to open files with malware that can take over your computer.
So warns Kevin Mitnick, a reformed hacker-turned-security consultant and author, who spoke at the Fort Worth Club on Tuesday.
“It’s a scary thing,” he said. “No matter how hard you try, they can always get in.”
Mitnick should know. He was once one of the most elusive computer break-in artists, which resulted in a federal prison sentence including a year in solitary confinement, he said during the event sponsored by BBVA Compass Bank.
While he did serve time more than a decade ago, Mitnick noted in an interview that he never made money off his hacking or caused any internal damage to a company.
“It was not about the money,” he said. “To me, it was a game. I did it for the intellectual challenge.”
Now Mitnick runs a firm that does “ethical” hacking, where companies pay him to identify their system’s vulnerabilities and show how fix their weaknesses.
Keeping aware of evolving scams and updated protection software are critical to keeping your identity and company safe, Mitnick said.
Phishing — or attempting to get personal information by impersonating a trusted source — is getting very sophisticated, he said.
In addition to using social media to personalize phishing scams, Mitnick said con artists are mimicking the integrated voice systems of banks and other institutions to gain personal information.
“The way this works is they spam people with an email saying there is a new offer or fraud on their account, then ask them to call a customer service representative and give a number,” he said. “They call in, give the account information, are told there has been a problem with the account and then put on hold with music playing, forever.”
The account holder has just given away their account number and name.
Perhaps the scariest demonstration Mitnick gave was when a volunteer from the audience provided only his name and state. Mitnick then quickly used two websites and spent just $2 to easily find the volunteer’s Social Security number, date of birth and driver’s license number.
Mitnick said he could then go to FreeAnnualCreditReport.com and, using information from the person’s social media pages, gain access to a credit report, which includes account numbers for credit cards. He could then reset email addresses and access the cards.
“All of the data is already out there,” he said.