This week, I learned about spyware that secretly tracks us without our knowledge. It isn’t the first time in my life I’ve found out about malware that tracks me, but it’s the first time that it’s made me realize the vulnerabilities of our modern technology.
I had just paid for an online bill and a password protection service that they’ve dubbed, “Premium Secure” (according to the same site, this isn’t new, as it’s been around since 2005). Everything went smoothly when I used my four-digit passcode to log into the service, to which the company verified my email address. It seemed perfect. The company sent me an email I thought was from their call center — telling me I was one of the first 200 customers who had requested the upgrade.
Of course, that wasn’t the case. It was a fake email, sent by the company to my phone with what was purportedly a link from the Premium Secure page. After I clicked the link to download the “website” and register the service, I received an email from the mobile app informing me that my new password and account information was unprotected. Now, there were two scary stories in that email: one that said my account information had been encrypted and one that said nothing of the sort. With no explanation of what information was encrypted, I panicked and deleted the account.
Related: Cyber Hackers Gain Access to U.S. Government Systems in Secret Tests
This week, I learned of another scary story. The firmware that runs spyware can’t be hacked and extracted, but also cannot be erased either. Intel Computer Security (the new name for the old Intel Security) wrote an article exposing this vulnerability. Intel showed that it is feasible to remotely capture and play back a video or recording of content from a target device.
In essence, since a device is connected to the Internet through an ‘open’ port to receive Internet information, anyone with some skill and knowledge of how to crack a password can eavesdrop on your activity, track you or steal your information.
This doesn’t mean that spyware is ‘legitimate,’ according to Intel, but it does mean that if a company’s log-in page still contains your password, which you’ve already accessed and verified, it is relatively easy to steal your data. It’s a scary thought, but one that hackers and cyber criminals will undoubtedly find a way to use in their bid to take over your Internet connection or steal information from you.
Related: Fear and Loathing in Advanced Warfare
The good news is that, despite the fact that I was hacked, I’ve been able to regain my control of my account. If you’re like me, you may have done anything to protect your identity, from creating a complex password to installing a security software to going onto the “do not call” list or signing up for a phone monitoring service.
We all need to be aware of the limitations of modern technology and be aware of when the next stage of this hack takes place. Two of the hacks I experienced occurred this year, and we’re only at the start of June.