Hackers: How To Steal Passwords - The Five Basic Ways And How To Protect Yourself

Passwords are the Achilles heel of many people's digital lives

6ddda5f517b33ecbdbf462fcf97d8f33 9 passwords, passwords, hacker

Passwords are the Achilles heel of many people's digital lives, especially at a time when the average person has to remember dozens of passwords, and that number has grown steadily in recent years. Passwords are the virtual "keys" for the digital world, offering access to electronic banking, email, social networking services, Netflix, data hosted in the cloud, etc.

With violated passwords a hacker can:

  •  To steal users' personal information and then sell it to other criminals.
  •  Sell ​​passwords directly, as "dark web" websites market this information roughly.
  • Use passwords to unlock other accounts with the same password.

Cybersecurity company ESET has outlined five key ways hackers steal passwords:
Phishing and social engineering

In phishing, hackers disguise themselves as friends, relatives, companies you have worked with, etc. The email or text you receive will look authentic, but will include a malicious link or attachment, which if click, you will "download" malware or it will take you to a website to fill in your personal information. Scammers even use phone calls to extract direct passwords and other personal information from their victims, often pretending to be technical support agents. This method is called "vishing" (voice phishing).

Malware

Another popular way for hackers to get their hands on passwords is through malware. Fishing emails are a major driver of this type of attack, although you can also fall victim to clicking on a malvertising ad or visiting a drive-by-download website. Malware can even hide in a mobile app that looks legal, which is often found in third-party app stores. There are several types of malware that steal information, but some of the most common are designed to record typing or take screenshots of the device screen and send them to attackers.

Brute Forcing Attacks

The number of passwords that the average person has to manage is increasing by about 25% on an annual basis. Many people use passwords that are easy to remember (but also guess by someone else) and use them on many different websites. However, this can open the door to so-called brute-force techniques. One of the most common are those of the credential stuffing type, in which attackers feed into automated software large volumes of username / password combinations that have been compromised in the past. The tool then tests these combinations on a large number of web pages, hoping to find a match. This way, hackers can unlock multiple accounts with a single password. An estimated 193 billion such efforts were made last year worldwide. Another brute-force technique is password spraying, in which hackers use automated software to test a list of frequently used passwords on a user's account.

Guessing

Although hackers have automated tools for cracking passwords, sometimes they are not even necessary: ​​even simple guessing - unlike the more systematic approach used in Brute Force attacks - can do the trick. . The most common password for 2020 was "123456", followed by "123456789". In fourth place was the word "password". Most people use the same password or a derivative of it on multiple accounts, so they make it easy for scammers.

Shoulder surfing - Peeking over the victim's shoulder

Some long-established spying techniques continue to be a danger. These presuppose the physical presence of the attacker close to the victim-user, so that the former has eye contact and can see the keyboard and screen of the latter. A higher-tech version, known as a "man-in-the-middle" attack involving Wi-Fi wireless spying, could allow hackers connected to public Wi-Fi networks to track passwords, as well as unsuspecting user enters it while connected to the same node.

How can you protect yourself from all this?
* Use only strong and unique passwords or passphrases on all online accounts, especially banking, email and social media.

* Do not use the same password on different accounts.

* Enable 2-factor authentication (XNUMXFA) on all accounts.

* Use a password manager, which will store strong, unique passwords for each webpage and each account.

* Change your password immediately if a provider notifies you that your data may have been compromised.

* Only visit websites https: //

* Do not click on links or open attachments in junk e-mail messages.

* Download applications only from official app stores.

* Invest in security software from a trusted provider for all your devices.

* Make sure all operating systems and applications are upgraded to the latest version.

* Beware of poachers in public places.

* Never sign in to an account if you are on a public Wi-Fi network. If you must use such a network, use a VPN.

Source: RES-EAP