Brutal Truth, Even You Can Get Hacked!

Cybersecurity for Salespeople

Even savvy people can get tricked. I wrote this column by request since salespeople seem especially susceptible. I know I have some followers who work in cybersecurity, so I’m asking them to correct anything I get wrong and add further suggestions.

I’ll cover public Wi-Fi, social engineering, passwords, password apps, employment scams, Social Media, and phishing via email and phone. Most of these involve social engineering rather than actual hacking. Social engineering uses deception in information security to manipulate individuals into divulging confidential or personal information. Some use this information for fraudulent purposes.

My first brush with Cybersecurity at work was when I started traveling and using public Wi-Fi around 2007. I had no idea going on Wi-Fi in an airport or at my hotel put me in danger. Someone hacked my 401k and withdrew $4,000. I got the money back, and then I started learning about Cybersecurity. No more public Wi-Fi for me! VPN or tethering to my iPhone are much better options.

This tip comes from my friend Sherrod DeGrippo , a threat intelligence expert. I asked her about password apps, and she recommended them. They make it much easier and more secure than putting all your passwords in a text file, which is insecure.

I’ve been surprised by how many people use the same password for multiple accounts or make them easily hackable. To create a strong password, include numbers, symbols, and uppercase and lowercase letters. Avoid using words found in the dictionary. For example, monkey1 would be a weak password. Random passwords are the strongest. Also, longer passwords are stronger.

There are lots of ways hackers try to get you. When you get an unexpected email:

1. Check out the actual originating email address.
2. Be very careful about clicking on any links.
3. If the email sounds urgent, that’s a great time to slow down, stop, and think.
4. Contact the sender via another channel if you have questions about the email's legitimacy.
5. If you get an email or a call from any organization asking for personal information, don’t give it out. Instead, go to the number or website you used to contact the company and inquire there.
6. It may be tempting to respond to phishing emails with a nasty message, but that lets the hacker know that your email is live and someone is checking it. Resist!

Sadly, there are many scams tied to employment. Here are some common ones:

• Legitimate employers don’t require applicants to pay money before starting work. This includes paying for training or background checks.
• Job offers from companies you don’t remember applying to are a huge red flag.
• Job postings that promise high pay, little effort, or a guarantee of employment may be scams.
• If the job posting or email is not proofread, it may indicate that the company is looking for anyone desperate enough to apply.
• Scammers may want your bank details or other personal information.
• Don’t put your full address on your résumé. City and state are sufficient. Never, ever put your Social Security number on there.
• All communications may be on chat apps instead of email.

If a recruiter approaches you, check them out on LinkedIn. Look up the company. If you have any questions about the legitimacy, call the company based on the number they publish.

Many companies have disclaimers on their career site if they’ve recently been targeted by people trying to gather information fraudulently from candidates. If anything sounds too good to be true, it probably is.

I look at more career sites than most people, and yesterday,?Bitsight?won for best warning. (https://www.bitsight.com/about/careers)

Here’s a story about how I caught a hacker. When I worked at New Scientist Jobs, a man called me wanting to place an unusually large buy with me—large enough for me to want to meet him in person. I saw his ads on Monster which made me think they were legitimate. But I needed to be convinced.

I again offered to come to see him, and this time he sounded nervous. I turned down the buy. I looked up the company’s phone number outside of their website. The REAL owner had been frantically trying to solve this problem. The man I spoke to had hacked her website, changed her name and phone number, and placed recruitment ads on job boards to gain access to candidate information.

I recorded all my calls with him and gave the business owner that information to give to the police. She regained control of her website, and the Monster salesperson caught on shortly after.

Besides employment, social media is often a target of scammers.

Social Media, especially Facebook, leaves people open to several issues. Posting that you’re going on vacation lets robbers know your house may be vulnerable. I’ve also noticed many people getting spoofed and thinking they got hacked.

This is what spoofing on Facebook can be. Someone steals your picture, copies your friends’ list, makes a fake account, and then messages your friends, telling them that “you” need help and asking for money. People may think it’s you and get tricked into paying them. Besides deleting your Facebook account, hiding your friends list is the easiest solution. Then scam artists can’t copy them onto the fake account they’ve made of you.

Some Facebook accounts also ask questions that could reveal a password or identity clue. They ask things like, what was the number one song the year you were born? If your friend answers them, you’ll see it in your feed. The best way to get rid of these posts is to block the account doing the phishing rather than your friend. You can train the algorithm to show fewer if you do it enough.

I’ll wrap this up with phone calls. The IRS is never going to call you. That’s not how they operate. If you get a call from any company claiming to be Social Security, the government, Visa, MasterCard, or other slightly scary official bodies, take their name and number and disconnect. Then, use your research skills to contact the entity and determine if it’s legitimate. It’s very likely not.

Be careful out there, and I hope that this was helpful.

My employer, NAS Recruitment Innovation, can help with your messaging and career site.

All opinions are mine.

Jessica L. Benjamin