If you’re like me you’ve probably gotten an email or Facebook comment with a subject like “OMG! I can’t believe he did that! http://crazyvdiueo.co.ul.tz” from a good friend or co-worker. Most people quickly realize that their friend’s account has been compromised. There’s no doubt the victim then gets a message from several people stating “Your Facebook account has been hacked.”
I’ll admit this sort of thing scares me. Not only can it be embarrassing depending on the ‘nature’ of the message sent but I start to question what else these hackers did with all the information in those accounts.
I recently enabled Google’s 2-Step Verification on my account. I have to say I certainly feel a lot better after setting it up. In my line of work, I am in a constant battle with security versus convenience. It’s been said that if you really want to protect your computer, then unplug it from the Internet. In our cloudified world, we need to take reasonable steps to keep our data secure. By the way, 2-Step verification, or two-factor authentication, is not a new concept. It’s been in the enterprise for quite some time and you might have run into it at some point.
How does this whole thing work? Let’s start with the Google Account.
Setting Up Two-Factor Authentication with Google
If you’re a Facebook user, odds are you’ve seen it. Joe Smith posts a new status that says something to the effect of, “Check out the picture I found of you.” It is followed by a link consisting of a series of random letters and numbers. Now, the dilemma ensues.
OMG! Joe has a picture of me?! OMG! I just have to see it. I know it looks shady and it might be a virus, but if there is even a chance that there is some random picture of me out on the Internet, it is totally worth the risk of costing my company countless IT engineering dollars too fight a potential virus.
The user can’t resist and decides to click the link. It produces a “Page Not Found” error. “Well maybe if I click on it 7-8 more times it will come up.”
At this point, that little bot that was downloaded on the first attempt now has 7-8 little bot friends. In a couple days they are going to have a web browser pop-up party on the user’s screen and their Google home page will be redirected to some site of questionable moral fiber.
The user isn’t going to report it right away because they are so embarrassed. When they do report it, they have been doing NOTHING but work for the past 2 weeks and would not even think of surfing Facebook during work hours. It is officially the anti-virus software and the IT administrator’s fault. Lengthy Safe Mode scans with software like Malwarebytes or SuperAntiSpyware find numerous infections in repeated scans eventually prompting the need for a full rebuild of the PC.