Say the word hacking and one might conjure up mental images of sophisticated black hat programmers writing complicated code and viruses to steal your data. Although the high tech hacks and ransomware attacks generally make the news, most hacking techniques are very low tech.
Low Tech Hacking Techniques are Common
By far, most data breaches, especially on the smaller scale are accomplished via low tech methods. Many of us might not even consider them to be hacking – but the damage that can be done is just as bad.
In many cases, lots of the big new hacks started off with something very low tech such as an email or a phone call where someone was tricked into giving away confidential information.
#1 Social Engineering
From phone calls to emails to text messages, social engineering is a pillar technique used by malicious hackers. It’s probably the most commonly used tactic to acquire access to a system.
Social engineering occurs when the attacker pretends to be someone they’re not in order to convince you to hand over information they can use to access your accounts.
Example: Phone Call from Your Bank
You get a call from someone claiming to be from your bank. They alert you that your account has been frozen because someone was trying to gain access and that in order to unlock it, you just need to verify some information.
They then begin to ask you to verify things like the last 4 digits of your Social Security number, your zip code, and your date of birth. But, they’re not from your bank; they’re a malicious individual. Once they have enough information they call your bank pretending to you and verify their ‘identity’ with the information you just gave them and begin withdrawing all of your money.
Example: Email From Your Boss
It’s just another day at your job and you get an urgent email from your boss saying she’s in a meeting with a vendor and needs you to contact accounts payable and arrange a $1500 payment to a foreign bank account.
You notice she appears to be using her personal Gmail account and question it, but she gets irritated and threatens your job. This is a huge account and if the company loses it, it’s gonna be on your. So you quickly head over to AP and hand off the email to them. Accounts Payable makes the payment.
You find out later that your boss never sent any email and the Gmail account you got the message from isn’t hers. Your company has just been taken for $1500.
Social Engineering Attempts can Come from Anywhere – Literally
The examples above may seem like they have obvious red flags and you might be thinking, “I’d never fall for that”. But these things do happen, and people do fall for them. Both of these examples are pulled from real life experiences and the folks who fell for them aren’t dumb; they just got caught at a bad time and had a momentary lapse of judgement. And that’s what hackers are waiting for.
Of all the hacking techniques out there, social engineering tends to be the most effective and it can be a springboard for more sophisticated activity once access is obtained.
#2 Lookalike Websites
Building an entire website might not seem low tech, but it really doesn’t take a lot to set up a website nowadays. With a plethora of website building platforms, it’s easy to set up a great looking website without a very small investment of time & money. And this hacking technique doesn’t require you to set up an entire website – you really just need one web page.
Generally the attack starts with an email that appears to be from your bank or some other provider that requests you to click a link in the email to verify your information. When you click the link, you land on a page that looks like your bank. It’s got the logo and the styling and colors look right.
The page has a form asking for your information such as address, phone number, birth date, etc… You fill out the form and click submit. The web page responds saying, “Thanks for updating your information!”.
But it didn’t update anything because you weren’t even on your bank’s website. You were on a lookalike website and everything you put in that form was just sent to the website owner who can now use it to access your bank account.
#3 Shoulder Surfing
By far one of the lowest of the low tech hacking techniques, shoulder surfing is exactly what it sounds like. Someone physically standing right behind you watching what you’re doing on the computer in order to observe enough information to use it later to access your accounts.
Unlike the previous methods, this attack generally comes from someone who is some type of insider. It could be a fellow employee or a customer, but more often, it’s a professional visitor from a competing company.
Industrial espionage is a real thing. From electronics manufacturers to the aerospace industry, many foreign companies go out of their way in an attempt to grab trade secrets from their American competitors. I used o work at an aerospace manufacturing company and visitors from big customer companies were kept under strict controls; what they were allowed to see on computer screens was very limited.
#4 Physical Security
Of all the low tech hacking techniques out there, this one really goes unnoticed in lots of places. Essentially, it’s someone taking advantage of poor security practices that go beyond the high tech realm.
This could mean taking note of doors to restricted areas that are frequently left ajar, or shoulder surfing someone in a man trap doors to noting the security code they punch in to enter the building.
While many people wouldn’t consider these types of compromises to be hacking techniques, the reality is that the information to access systems can be readily found by those who’ve already gained entry.
#5 Default & Common Passwords
Let’s face it, typing 4 words into Google and hitting the Enter key is pretty low tech. Did you know that you can literally type into Google “Cisco default password list” and get a list of the default usernames and passwords for every Cisco switch & router on the market? Well, even if you didn’t know that, do you know who does? Hackers.
One of the most common hacking methods used to hack even large organizations is when a hacker scans exposed equipment for vendor default passwords. It only takes one vulnerable piece of equipment and they’re in.
If you doubt the validity of this low tech hacking technique, ask the cyber security guys at Home Depot or
Being aware of the low tech hacking techniques out there in the wild will empower you to stay protected. Unlike the sexy high tech hacks you hear about in the news, even non-technical people can have a big effect on stopping the low tech guys.