5 Hacking Methods That Don’t Involve a Keyboard

5 Pretexting

Cybercrime might be a high-tech field, but some relatively luddite approaches are still effective. For example, pretending to be someone else. Pretexting involves assuming a different identity, whether over the phone or in person, in order to gain information. Usually, this information seems perfectly innocuous, but provides hackers with angles to either later hit that person with a detailed phishing attack, or possibly to have better information on the system they’re planning to break into. 

It can even be a way to get answers to security questions, which aren’t nearly as protective as their name implies. It could be a fake job interview used to learn more about a company’s security, or calling someone with a fake survey that finds out common security answers like first pets or first concerts.

4 Quid Pro Quo

Again often carried out over the phone, quid pro quo sees the hacker offering something the target wants in exchange for access to their system. Despite the name and that description, it’s not as cut-and-dry as “I’ll send you money if you give me your log-in credentials.” Instead, it’s usually an offer of something that's common enough that it's likely the person might need help with it — slow internet speed or cable issues, for example. If you were to cold-call people in New York City saying you’re from Spectrum, and asking if they’re having internet problems? Probably 70 percent of people are, and if they’re not on their toes, they may hand over stuff like account information or their social security number. 

If you’ve ever gotten a call saying that your Windows system has a problem, and offering to fix it? You’ve been on the other end of a quid pro quo attempt.

3 Piggybacking

Piggybacking, also called tailgating, is a sometimes physical attempt to get access to a computer or network via an approved user. Someone using a work laptop in a public space might be asked by a stranger with a supposedly dead phone if they could quickly google something. Or, they could borrow a phone itself, supposedly to text someone, but in reality to get access to stored information. Piggybacking can also take the delightfully corporeal form of asking an employee to hold the door to get into private areas, where they might have network access that’s prevented from the outside.

2 Baiting

Most social engineering attacks rely on human nature, and baiting relies on one of the strongest human instincts there is: curiosity. Malicious software is installed, probably in a hidden partition, on a flash drive, which is then left sitting around. If a passerby makes the mistake of wanting to know what’s on the flash drive bad enough to plug it into their computer? Kaput. 

They might not even know anything happened, as the flash drive might appear empty — contrary to popular belief, most hacks don’t immediately spawn a dancing skeleton on your desktop — which then enables the infected hardware to spread that program to others. If you’re doubting the efficacy? Baiting is possibly responsible for the Stuxnet hack that destroyed Iran's nuclear weapon system.

1 Guessing Passwords

The oldest trick in the book still works just fine, despite website’s best efforts to thwart it with special characters. Sure, you can recommend that people use a random 32-character hash for their email password, but most humans like to know their own password, which leads to them choosing something relevant to their life, and often something that’s central in it. Pet’s names, children’s birthdays, where they went on their honeymoon. 

Even when they’re forced to add a special character for security, that password just becomes an exclamatory “MrPickles!” And often, it’s made even easier by the Post-It Note sitting on the side of the monitor with “MrPickles!” written out on it.