Episode Details

Have you ever received calls either at work or at home where the caller wants you to verify some information about yourself or someone else in the company? This could just be someone updating their records or it could be the start of social engineering.

Our guest today is Jack Rhysider. Jack is the host of the podcast DarkNet Diaries: True Stories From the Dark Side of the Internet. His podcast is about hackers, breaches, shadow government activity, hacktivism, cybercrime, and all things that dwell on the hidden part of the net.

• [0:45] - Jack originally went to college to study computer engineering and wound up getting a job managing firewalls for many different clients. In that time, he went to conferences and listened to podcasts to learn about the different types of hacking.
• [1:40] - DarkNet Diaries is a podcast of telling the stories behind hackers and different situations.
• [2:15] - Jack explains how social engineering started decades ago where a man traveled around selling things he didn't own.
• [3:31] - Today's social engineering is more about conning people within a company in order to gain access to data.
• [4:44] - Jack breaks down the levels of people within a company and why everyone is a target for specific reasons.
• [5:00] - Phishing is all about sending a link to someone to click that is harmful. When a phishing email is sent to a CEO, it is called Whaling.
• [7:27] - Even the nightly cleaning crew could be a target for social engineering.
• [7:58] - Individuals could also be hacked, especially if they use bitcoin or other form of value.
• [9:29] - There is a difference between phishing and spear phishing. Phishing is a lot of the time random, but spear phishing is when the hacker takes the time to get to know their target.
• [11:29] - People are the weakest link but are unintentionally the weakest link. But on the other hand, people who are aware and trained are often the strongest link in protecting companies from social engineering attempts.
• [12:28] - Oftentimes social engineering attempts are time sensitive, so if you get an unusual call or email that is pushing you to act on something very quickly, that is a red flag.
• [14:10] - If you get a call that you are unsure of, hang up and call the people they claim to be directly to verify their identity.
• [16:02] - Jack recommends you also make sure you keep everything updated, like apps on your phone, your operating systems on your phone and computer, etc.
• [16:37] - Jack also recommends using a password manager on your computer which gives you a long crazy password and remembers it. These passwords are very difficult to crack.
• [17:44] - The harder you make it to hack your information, the more resources it would take for a hacker to gain access. They will give up and move on.
• [18:05] - One of the biggest issues with social media is the amount of information people are giving out for free that make them vulnerable.
• [20:18] - Jack shares a story about how Sarah Palin was hacked simply because the answers to some of her security questions were public knowledge online.
• [21:10] - Two factors authorization is a must and Jack also recommends you take steps to secure your email addresses.
• [23:42] - In Gmail, there is a way to see what IP addresses have accessed your email.
• [25:50] - J