NEW YORK (CBS) Stephanie Carruthers spends her days trying to infiltrate and crack into corporations. But she’s not a criminal, the security expert works for IBM and teaches companies how to keep the bad guys out.
“When I’m going out and doing my research, I look for things that people are posting online,” Carruthers said.
Carruthers says hackers often break into a company’s network by targeting an employee.
“I was able to find information on you once I Google searched you,” Carruthers told CBS Reporter Hilary Lane.
Using Lane as an example, Carruthers did a quick search of Lane’s Twitter feed and discovered she graduated from Syracuse University. She customized an email asking Lane to speak at an event. She even bought the address firstname.lastname@example.org– almost exactly the same as the real one.
“Little tricks like that often people will overlook,” Carruthers said.
It’s how criminals get people to click on a link loaded with malware.
Hilary Lane: And if I clicked a link or downloaded an attachment, what would happen?
Stephanie Carruthers: On my side, I would be able to have access to your information, to anything on your machine and possibly even get on your network.
Experts say employees should also be careful about what they post online. Photos taken at work may have proprietary info in the background.
And you can’t even trust the phone. Carruthers downloaded a spoofing app. She was able to enter Lane’s mother’s phone number and then call Lane.
“Oh, my gosh, it says Mom! And I would answer this because I would think it is my mom,” Lane said.
Even a flower delivery without a card can lead to a hack. The person who got them may scan the QR code to find out who sent them and unknowingly let a hacker in their phone.
“And this is one of the ways that we really would like to show the organizations that we work with that there’s more than one way attackers can come in,” Carruthers said.
Whether it’s a delivery, email or phone call, Carruthers says employees have to always beware of potential dangers to keep their company and their own information safe.