3 sneaky ways hackers exploit uninformed employees

Featured image

Share this article

usb on binary code

We recognize and combat phishing attacks everyday, but there are also lesser-known, underhanded hacking methods to consider.

Here are three sneaky methods used to exploit the weakest security link – employees – and how you can foil them. 

The unfamiliar USB drive

Everyone has stumbled upon a lost flash drive or was handed one randomly by a friend, but how many would connect it to their computer without hesitation?

A 2016 University of Illinois study discovered the answer by dropping 300 USB drives throughout the campus. Ninety-eight percent were picked up; out of these, 45% had at least one file opened.

This is alarming as some drives are manufactured to carry disguised viruses that can infect upon connection.

Phony charging cable

Like USB drives, charging cables are available for purchase everywhere and can be found/given as easily.

Hackers can (and do) construct fake cables that give them remote access when plugged in.

In a recent experiment, a hacker used a rigged Apple USB Lighting cable called O.MG to run commands remotely when plugged in.

Thankfully O.MG was developed to generate awareness of victim-deployed hardware rather than exploit the technology.

Such a cable in the wrong hands, however, could shut down or damage a business quickly.

Once connected, an attacker can remotely control the affected computer to send realistic-looking phishing pages to a victim’s screen, or remotely lock a computer screen to collect the user’s password when they log back in.

Deceitful browser add-ons

The third duplicitous method employs a different type of plugin: the browser extension.

Third party add-ons, used by most popular browsers, extend a browser’s capabilities and are handy to users.

Who wouldn’t want to block ads, find coupons, or translate webpages with a simple add-on?

Unfortunately, the wrong extension can be malicious, such as AdBlock and ublock for Google Chrome, thankfully removed from the browser in September.

How do we inform employees?

Blocking a browser extension can be as simple as restricting its use. More than anything, however, common sense and employee awareness are imperative.

Keep security up-to-date and ensure employees understand the risks of bringing personal drives or cables.

It may seem like the “nuclear” option, but organizations can greatly help reduce risks by not allowing usb drives to be used, which is much easier to accomplish with so many HIPAA compliant file sharing and encrypted email solutions.

Not allowing personal items to be connected to your organization’s network is another way to insure that if an employee is hacked, then there is less chance it can compromise company data.

Tell them not to connect or download anything without research or provide these tools/information yourself.

With such underhanded hacking, knowledge and awareness are vital security needs.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Rick Kuwahara

Rick Kuwahara is COO and Chief Compliancy Officer for Paubox.

Read more by Rick Kuwahara

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022