The most effective hackers insinuate themselves into existing social contexts to exploit human trust and override common sense.
There should be a lot of clever answers to this one, but here’s an important one that is trivial and impacts a lot of everyday people.
Hackers expect that you’re probably using the same shitty password on everything you’ve ever logged into because its the easiest way for you to use the internet.
Free software. I’m not talking about free as in free coffee. And NO, Mr Linux guy, I’m not even talking about free as in speech either. I’m talking about free as in stolen. I have a few different programs on my computer that cost several hundred dollars. I also have a few that cost one or two hundred dollars PER YEAR. I also have one program in particular that costs about $3000 per year. How much have I paid, you ask??? Absolutely nothing. I pirated them. I believe that if you’re smart enough to get around DRM, you deserve a little something for free for wasting all your time learning how to do it. This is illegal, however, and if you’re in law enforcement or NSA or one of the companies whose software I stole, I am completely making this up just to get attention.
Disposable email. This one is a bit more common, but still, I’d say less than 20% of computer users know about it or use it. You know all those sites you want to use once or twice, but you know you’ll forget about it, and you don’t want to use your real email address because then you’ll get all that spam??? Use a disposable email address. It’s quick, easy, and you can just leave it there to rot once you’re done with it. This also works if you want to sign up for something more than once.
Bot net. This one is absolutely illegal, and again, if you’re the authorities, I’m lying about this one too!… Anyways I have a network of computers that I “own”. They’re not mine. They’re not in my house or building. They’re random computers across the world that I have stolen. Their owners decided to be stupid and either download my modified version of a popular software, or open the email I sent them containing a microsoft office document that contained a macro, which downloaded a separate program to their computer. This program listens over the internet for instructions from me. When it gets instructions, it uses the other person’s computer to do it. So basically I’m getting free processing power or free network usage.
For a hacker, this means if they’ve hacked you anywhere, they’ve hacked you everywhere, even if it’s a complex password. Simply, some websites do a crappy job keeping your password a secret from hackers, and hackers can grab it from one of these crappy websites and use it on websites that you care more about.
More often than not a hacker wouldn’t be targeting individuals specifically but processing some kind of password dump for fraud or spam of some kind which would include you.
Tips For You:
Use unique passwords on every site under the assumption that it someday may end up in the hands of someone that will use it on your bank, your email, social networks of choice, etc.
It’s annoying and it sucks, do it anyway, and cross your fingers with me that someone will figure out how to fix the internet’s crappy password situation.
2 Factor authentication is great and you should use it on your most important things. Here’s Facebook’s, and Google’s: 2-Step Verification, your bank probably has one too.
Password managers can be a good thing (I’m personally a fan of LastPass) which also has 2 Factor authentication.
Lastly, if you’re one of those really-smart-people that know all this stuff already, make an effort to make sure your family / friends / coworkers do too. Getting hacked is the worst.