7 Cybersecurity Threats That Can Sneak Up on You

From rogue USB sticks to Chrome extensions gone wild, here is a quick guide to some basic risks you should look out for.
USB stick
Photograph: Mykhailo Polenok/Getty Images

There's a certain kind of security threat that catches the headlines—the massive data breach, or the malware that hijacks your computer for a ransom—but it's also important to keep your guard up against some of the lesser-known attacks out there too.

These threats may not have the same high-level profile as an unfixable iOS bug, but they can still do some serious damage as far as your data and privacy goes. Here's what to look out for, and how to make sure you aren't caught out.

Rogue USB Sticks

A small USB stick may not look very dangerous, but these portable drives can carry a major threat—particularly if they've been specially engineered, as some are, to start causing havoc as soon as you plug them in. You should be very, very wary of connecting a USB drive to your computer if you're not absolutely sure where it's from.

Even if the USB stick isn't configured to release some kind of payload as soon as it's attached, it can carry disguised viruses as easily as email attachments—and experiments have shown that we're often far too curious when coming across USB sticks we don't know the origin of, so apply some common sense.

Besides being cautious, the usual rules apply to stay safe against this sort of threat: Keep your computer operating system right up to date, make sure effective security tools are installed, and keep them updated as well. If you're not sure about files on a USB drive, run a virus scan on them before doing anything.

Zombie Accounts

In this fast-paced, hyperconnected age, it's all too easy to forget about all the social media, language-learning, job-finding apps and sites that we've downloaded and used. But every account you leave behind gathering dust is another one that could potentially be hacked into.

As we've previously explained in detail, it's important to take the time to shut down these accounts rather than just uninstalling the associated app from our phones and then forgetting about them. If any of them should then suffer a data breach, for example, your data won't be included if you've scrubbed the account.

It's also worth running a regular audit on the third-party apps and services linked to your main accounts, like dating apps you might have hooked up to Facebook, or email apps connected to your Google account. These give hackers more targets to aim at, which is why you should regular disconnect and delete the ones you aren't actively using.

Untrusted Browser Extensions

The right browser extensions are able to add useful functionality and features to your daily window on the web, but these add-ons need to be vetted like any other piece of software—after all, they have the privilege of being able to see everything you're doing online, if they want to.

Pick the wrong extension and you could find it selling your browsing data, harassing you with pop-up advertising, or installing extra software that you don't actually want. We'd recommend keeping the number of browser extensions you have installed down to a minimum, and sticking only with the extensions you know and trust.

Identify safe extensions the same way you would identify safe apps: Look into the background of the developers, check the permissions that they ask for, read up on reviews left by other users, and stick to extensions that are actually useful.

Bogus Online Quizzes

You've probably seen friends and family take quizzes on Facebook to find out which Hogwarts house they'd get into, or which celebrity they're most like, and so on. They may seem like harmless fun—and some are—but they can also be used to harvest personal data that you don't really realize you're giving away.

These quizzes can and have been used to build up more detailed profiles of people and their friends, collecting not just the answers to the quizzes themselves but also other information stored in the linked Facebook accounts. Note too how often these fun quizzes ask for personal data, like the first road you lived on or the name of your pets, which could be used to impersonate you in some way.

Be wary of anything that requests personal information or personal photos from you—like the recently viral FaceApp app—or that requires a connection to one of your social media accounts: Knowing which president you're most like probably isn't worth it.

Leaky Photo Uploads

There's nothing wrong with posting photos to your favorite social channels, but think twice about the information that other people can glean from any pictures you make public—particularly the places where you might live and work.

While a lot of apps, like Instagram and Facebook, automatically strip out the location data saved with photos, some, like Google Photos, can keep this data embedded in the file after it's been shared. Plus, whether you keep the original location data with the image, an associated check-in on social media can add the location right back in.

How is this dangerous? Well, information such as knowing where you work or which road you live on can help someone run an identity theft scam, or get past security questions on your online accounts, or visit you in person when you'd rather not see them. The less your public photos say about you, the better.

Smart Home Snooping

Our homes are getting smarter, which gives hackers and malware peddlers a whole new set of devices to try and target—the end result could be doors that don't stay locked or home security camera footage that's viewed by more people than you'd like.

Keeping your smart home secure starts with what you buy: It's a good idea to stick to well-known, established brands with a strong track record in hardware, as much as possible. After that, make sure both your smart home devices and your router—which acts as a gateway to them all—are kept up to date with the latest software. Most reputable smart home devices do this automatically, another good reason to stick with brands you trust.

If your smart home devices and accounts do need passwords, make sure you don't stick with the default. Instead, pick a long and difficult-to-guess password that you aren't using anywhere else, and turn on two-factor authentication, if available, as an extra layer of protection.

Malicious Charging Cables

The standard charging cables that come with your gadgets are designed to power them up, and perhaps sync some music when needed—but specially engineered cables that look very similar can do much more than that.

Take a look at these fake Lightning cables now capable of being mass-produced, cables that look just like the genuine products but which can give hackers remote access to a device once they're plugged in. All that the end user has to do is use a doctored cable, then agree to "trust this computer," a common alert that's easy to dismiss without a thought.

The fix is to only use the cables that come with your devices, or from reputable sources—something you should do anyway for the well-being of your gadgets. As with USB sticks, don't assume any cable that you find lying around is legit.


More Great WIRED Stories