Social engineering is the manipulation of people. Simply put, it's a skillful deception. Typically, to control someone, you need to gain their trust, intimidate them, or convince them of something. If you receive an email asking you to change your password for a payment system or any other service, be extremely cautious. The email could be fake, sent not by the service's support team, but by cybercriminals.
If you do decide to change your password, try logging in to the website using your usual login method: for example, a link saved in your Favorites, or perhaps by manually entering the address into your browser. Never click on a link offered in an email. It's quite possible that this link will lead you to a fake website, indistinguishable from the real one, specifically designed to harvest passwords from unsuspecting users.
Another example: a network administrator receives a call from an office employee asking for a duplicate password for the corporate network, supposedly forgotten. No one can guarantee that the caller isn't an intruder trying to gain access to the company's information system. Administrators sometimes invite users to their account to reset their passwords themselves, and this is perhaps the best defense against such tricks.
Information leaks often make computer systems vulnerable to hacking. A simple example is an email login and password written on a sticky note. Often, several people use the same note, attached to a computer. The room where the computer is located is regularly visited by visitors, and if one of them wanted to snoop on these credentials, they could easily access someone else's email account. Obviously, in such a situation, the note with the password should be removed and hidden away. Or thrown away altogether. But even here, caution is essential, as it's quite possible that an intruder might decide to rummage through a trash can or wastepaper basket and discover your personal information.
I think the ways to combat deception and information leaks are obvious. First, cultivate more skepticism and mistrust, and second, treat sensitive data that might be of interest to someone as if someone were specifically targeting it.
It's not recommended to store any important passwords electronically on your PC. It's best to set aside a separate notepad and write them down there. “But someone can read them even in a notepad!” you might object. Yes, they can. So, either keep it in a safe or a locked drawer, or write down the most important ones using some simple (or complex) encryption.
For example, you can write passwords interspersed with the letters of a word you know. Let's say the keyword is book. The password you want to encrypt is qe23rty. First, write the first letter of the keyword, then the first letter of the password, then the second letters, and so on. If the word ends but the password continues, you can write the ending as is, or you can continue writing the keyword again.
Here's what we got: we wrote down the password and the word, repeating the word after it ends – bqoeo2k3brotoy. Obviously, to decrypt it, we need to remove all the letters of the word “book” and put together the remaining characters of the password.
An attacker would struggle for hours trying to crack even such a simple cipher. But what if they used a longer word, and not a meaningful word, but a random string of letters? What if the password letters were pre-mixed in a special way? Incidentally, this is just one of many encryption methods available for quick implementation. But even it will reduce the likelihood of your account being hacked if the encrypted data falls into the hands of an attacker.
And don't forget that when choosing a password for any service, you should choose something long and nonsensical enough to make it difficult to guess. One method for hacking accounts is brute-force passwords. Obviously, a password just a few characters long is fairly easy to crack. A simple password can be cracked using a dictionary of commonly used passwords or a standard English dictionary.
One more piece of advice: If you're selling a computer, hard drive, flash drive, or throwing away an unwanted CD, floppy disk, or audio cassette, check to see if there's anything you shouldn't let fall into the wrong hands. For example, it's best to repartition and format a hard drive, or (this also applies to other storage devices) use a special program to permanently erase the data.
