Are you afraid of privacy?
That way hackers can steal your passwords
We all know, passwords are due to the Achilles heel of digital life, and cybercriminals try a variety of methods to steal them from us.
These are some common tricks and ways to stop them
Yinon Ben Shoshan
23/01/2022
Sunday, 23 January 2022, 12:37 Updated: 12:51
Share on Facebook
Share on WhatsApp
Share on Twitter
Share on Email
Share on general
Comments
Comments
Passwords (Photo: ShutterStock)
In many cases the password is the only thing that separates the cyber criminals from our personal and financial information and therefore the cyber criminals have a great interest in stealing passwords.
Are you afraid of a break-in?
At the information security company ESET, we are put in order:
how to steal passwords, what can be done with our stolen passwords, and most importantly, how can we protect them and our information
.
Good to know (promoted)
Does B-Cure Laser Really Help With Knee Pain?
It's the truth
Served on behalf of Bee Cure Laser
How do hackers steal passwords?
Fishing Attacks and Social Engineering:
Sad to admit, but not hard to trap people.
In many cases, we make the wrong decisions when we are in a hurry.
Cybercriminals exploit these weaknesses through social engineering - a psychological trick designed to make us do something we are not supposed to do.
Phishing is probably the most famous example.
In this technique, the hackers impersonate legitimate entities: friends, family members, businesses you are in contact with, etc.
The email or SMS you receive will look authentic, but it will include a malicious link or attachment. If you click on them, they will download some harm or lead you to a web page where you will be asked to fill in your personal details.
Hackers impersonate legitimate entities: friends, family, business (Photo: ShutterStock)
Hacking:
Cybercriminals also use hacking to obtain passwords. Email phishing is the main vector for this type of attack, but you may suffer from such an attack even if you click on a malicious advertisement on the net or even by entering a hacked site. Many damages
are
also hidden in legitimate apps, which can be found in unofficial app stores.
There are many types of malware theft, but the most common are programmed to record your keyboard clicks or take screenshots of the device and send them back to the attackers.
Forced hacking:
The number of passwords held by the average person has increased by about 25% from the beginning of 2020 until the end.
As a result, many of us use easy passwords to remember (and guess) and set the same passwords for multiple sites and services.
It can open the door to "force-breaking" techniques.
One of the most common methods is Credential Stuffing.
In this type of attack, attackers enter large amounts of username and password combinations into certain sites using automated software, hoping to find a match in one of these combinations.
According to one estimate, there have been more than 139 billion such attempts in the past year.
Another technique for forcible hacking is called password spraying.
In this technique, hackers use automated software to cross between the username of your account and a list of common passwords.
The number of passwords held by the average person has increased by about 25% from the beginning of 2020 until the end (Photo: ShutterStock)
Guessing:
Although hackers have automated tools that they can use to perform force-type attacks, sometimes they are not even needed: even a simple guess (as opposed to the more systematic approach to force-breaking attacks) can do the job. The most common password in 2020 was "123456", with the second most common password being "123456789". In fourth place was the well-known password "password".
If you recycle your password and use it on multiple sites like most people, or use the same password with a slight change in different accounts, you make the attackers' job even easier and put yourself at higher risk for identity theft and scams.
A peek over the shoulder:
All the password theft routes we have presented so far are on the virtual plane.
But with easing closures and moving a large portion of employees back to work from the office, it is worth remembering that some of the proven and well-known citation methods can also endanger you.
This is not the only reason why a peek over the shoulder still poses a significant danger.
One ESET researcher, Jake Moore, conducted an experiment to find out how easy it is to hack into another person's snapshot account using this simple technique.
The more advanced version of this type of attack, called a "person in the middle" attack and uses wiretapping, allows hackers connected to public wireless networks to locate your password when you enter a particular site / service while you are both connected to the same network.
Both techniques have been in use for a number of years, but that does not mean they have ceased to pose a threat.
Another danger: from public wireless networks (Photo: ShutterStock)
How to protect your passwords
There are many things you can do to block these techniques - add another authentication factor to the login process, manage passwords more effectively, or take steps to prevent theft in the first place.
Consider
the following options:
Use only strong and unique passphrases for all online accounts, especially for bank accounts, email and social media
Avoid reusing the same passwords on different accounts
Add 2-step verification to all your accounts
Use a password manager that will store strong and unique passwords for each site and account and make logging in to sites simple and secure
Change your password immediately if a certain provider tells you that your information may have been leaked
Use only HTTPS sites to connect to
Do not click on links or open attachments from emails from addresses you do not know
Download apps only from official app stores
Invest in strong, reliable security software for each of your devices
Beware of peeking over your shoulder in public spaces
Do not connect to any account if you are connected to a public wireless network.
If you must use such a network, use a VPN
technology
Privacy and security
Tags
Passwords
Cyber
