Unfortunately, many of us who become victim to any sort of information security breach won’t know until someone else tells us. For example, we might get a message or call from a friend asking why we sent that “spammy” email with a link to a free Amazon gift card. Have we been hacked? Spoofed? And how do we prevent it from happening again? Here, we’ll discuss the difference between hacking and spoofing, plus provide some simple tips to help protect your personal information. Spoofing Vs. Hacking Let’s start by taking a look at what happens when you’ve been spoofed versus what it means to be hacked. Spoofing. You might think of spoofing as something like falsifying a letter sent via the USPS. Anyone can write a letter, sign someone else’s name, and put that individual’s return address on the envelope. If you were to receive that phony letter, you would likely believe that it came from the individual who supposedly signed it and from the return address indicated. In reality, it could have been sent from anyone, anywhere. Spoofers often forge the header information of the emails they send (i.e., the To, From, and Subject lines, as well as the time stamp and path that the emails took to arrive in your inbox). They do this in an attempt to make it appear as if their messages came from someone or somewhere you know (e.g., a friend or familiar organization like Bank of America). The goal? To get you to respond to their spam or to click on the malware-laden links or attachments in their phony messages. When an email address has been spoofed, the spammer doesn’t gain access to your email account. Hacking, however, is a different story. Hacking. This is when a criminal actually gets into your email account. He or she can do this in a number of ways—by sniffing your activity on a public Wi-Fi network, through a phishing email, or via password-guessing software. Once in, the hacker will have access to all the information stored in your email account. This might include your contact list, bank account numbers, credit card information, online transaction receipts, and emails from other organizations confirming changed passwords (making it easier to identify other accounts of yours that can be hacked). Read More
|