If You Give A Hacker Your Email Address…
Most parents and kids I speak to regarding online safety seem to have a bad case of the ‘it-will-never-happen-to-me’s.’ Stories of hacking and social engineering seem like far away ideas, or things that happen in a Spielberg movie, but not an everyday occurrence. I get it. In fact, I used to be one of these people.
In an effort to more clearly shine a light on the importance of protecting your information online, I made a new friend. A hacker friend. We’ll call this friend Oz – yes, as in ‘Oz the Great and Powerful.’
I’ve never met Oz in person, but the credentials shared with me characterized Oz as a white hat hacker. White hat is defined as an ethical hacker, and a black hat would be the opposite, meaning a hacker who uses their powers for evil, not good.
As I typed up my first message to Oz, I noticed that my heart was racing. This person scared me, in fact, at one point I turned to my colleague and covered the webcam on my computer, whispering, “Can they see me?!” My co-worker laughed and responded, “Why don’t you ask?”
Oz suggested email as a means of communication, to which I nervously asked what he could find out about me from an email address. Oz was witty and quick – told me to relax and promised he is one of the good guys. I obliged and created a new email account that I would use only to communicate with Oz. My first question, “If I met you at a coffee shop and we got to talking, ultimately deciding that we wanted to stay in touch, using only my email address, what could information could you uncover?”
Within an hour, Oz responded with my work phone number, home phone number, home address, birth date and year. The last sentence of the response, “Btw (by the way), cute pic – when did you meet him?” with a link attached. Without a second thought I clicked on the link, a picture of myself and Lt. Governor Gavin Newsom popped up, and almost immediately, so did another email from Oz.
“Once you clicked on that link I also found out: Looks like you enjoy your [name of internet browser I was using], and you are also using [name of the specific operating system I was logged in to]… I also now know your IP address info [which means he found my geographical coordinates].”
Oldest trick in the book, clicking an unknown link. Something I tell kids and their parents not to do ALL the time. And I fell for it.
The moral of this story? Be careful of what information you share on the web, and ALWAYS consider the source of a link before clicking.
I can’t wait to share everything else I learn from the hacker-verse.
Do you have questions for Oz? Share them below, or tweet them to me @tctompkins