Hacking You Gently – Ep 525 

Forget Mission: Impossible-style hacking – today’s cyber crooks are all about manners. In this episode, we unravel how asking “pretty please” can crack open digital doors faster than any brute force attack. With tips, tales, and a touch of panic, we break down the importance of knowing your personal risk profile, locking down your accounts, and yes – finally turning on that MFA you’ve been ignoring.

In this episode:

Hacking You Gently – Ep 525

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

When you see a couple of numbers on the left side of the text below click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

Hacking You Gently

Social Engineer: YOU are Easier to Hack than your Computer

Rachel Tobac is the CEO of Social Proof Security, and is an ethical hacker teaching people how to avoid getting scammed or hacked. Her work is in social engineering “stunt hacking” to expose vulnerabilities.

People don’t fall for scams because they’re stupid – it’s because the scam is well-designed to manipulate humans.

A Google study in 2019 showed SMS MFA stopped 76% of targeted attacks and 96% of bulk phishing attempts. Sim swapping is the concern when using SMS. App based MFA and physical keys like Yubi keys make it harder to hack.

That is the proof you need to just do something – even SMS if nothing else to protect yourself.

SMS MFA is like using a bike lock – it’ll stop a casual thief, but if someone really wants your bike, they’ll cut through it. App-based MFA is a U-lock which is much harder to remove. A Yubikey? That’s like putting your bike inside a special bike vault. (I have seen them at a bike repair place. Really cool drop off box.)

What is your online threat model or doing your own personal risk analysis?

Let’s talk about your personal online risk profile. What are you protecting, who might come after it, and how would they get in?

Step 1: Make a list of all the accounts you have online and which ones have sensitive information in them.

• Email, banking, social media, work-related accounts.

Step 2: Make a list of all the personal information people can easily find out about you with a simple search. Keep in mind that published information about you online is what they use to social engineer you.

• Social media oversharing, public records, data brokers.
• OSINT yourself

Step 3: What could they do to manipulate you based on your info?

• Fear (“Your account is compromised”), urgency (“Act now or be locked out”), authority (“This is your IT department”).

Step 4: Where am I using the weakest protection?

• Password reuse, SMS MFA without backups, no MFA.

Step 5: Who might target me and why?

• General phishing, opportunistic attackers, or more targeted attacks (e.g. if you work in healthcare, finance, etc.).

Step 6: What would happen if I got hacked?

• Consequences = data loss, identity theft, embarrassment, regulatory issues.

So, What Now?

On your own personal and professional accounts, make sure you do your own assessment.

• Use app-based or physical MFA wherever possible.
• Lock down social media: check your public info.
• Use a password manager.
• Be suspicious of fear + urgency + authority in communications.
• Know your own red flags and train yourself to pause.
• Get Your S.O.S. How-to Guide (Stuff Off Search*)
• Internet Exposure Reduction Guidance | CISA

Guess what you just did? An SRA! These are the same steps when you look at your business operations.

Windows 10 – What’s Your Plan?

End of support for Windows 10, Windows 8.1, and Windows 7 | Microsoft Windows

Windows 10 will die this fall — here’s how to survive | Tom’s Guide

Extended Security Updates (ESU) program for Windows 10 | Microsoft Learn

Windows 10 Consumer Extended Security Updates (ESU) program – Microsoft Support

All enrollment options provide extended security updates through October 13, 2026.

If today’s episode left you side-eyeing your inbox and whispering your passwords to your dog, you’re not alone. But hey, that’s growth! Whether you’re battling deepfakes, nosy scammers, or your own password reuse habits, remember: staying safe online doesn’t require tinfoil hats—just a healthy dose of skepticism and a willingness to do one more step to verify.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.