Cybercriminals are always on the hunt for user credentials (user name and password). If you have someone’s credentials, you can log into their systems, access valuable data, and perform fraudulent transactions on their behalf.
Credentials are typically extracted by cybercriminals in one of three ways:
The first method uses key-logging malware that captures user keystrokes during login and sends the information to the attacker. There are various techniques to compromise user machines with such malware, including drive-by downloads, watering hole attacks, infected USB drives, and more.
The second method uses a phishing site. This is a fake website that is designed to look like a legitimate login page, such as an online banking website or online applications like GoogleDocs. To get the user to the phishing site, the attacker sends a spear-phishing message that looks like it came from a trusted source (a bank, a colleague, a government office, etc.). The spear-phishing message will request that the user log into the website to read more details, or to update their user information. Once the user attempts to login to the phishing site, the credentials are sent directly to the attacker.
In the third method, cybercriminals hack into e-commerce websites and social networks to extract the user database, including user credentials. Since users often re-use credentials, there is a high likelihood that the same credentials can be used for logging into other systems as well.
There are several things that can be done to lower the risk of credential theft:
First, don’t login into sensitive applications from unprotected machines. Make sure your anti-virus is up-to-date and, if possible, use special security solutions designed to block information stealing malware to protect your machine.
Be cautious about possible spear-phishing emails (even if the message seems to come from a trusted source). When receiving a message that includes a link to a website, try to verify that the request is genuine and that it takes you to a relevant website. If possible, don’t click the link. Instead, open your browser and type in the website address (URL).
Change your passwords often, use complex passwords and don’t use the same credentials across multiple systems. For systems that are especially critical to you or your business, consider using two-factor authentication. This adds additional user identification, and therefor is harder to compromise.
Global Banking & Finance Review
Why waste money on news and opinions when you can access them for free?
Take advantage of our newsletter subscription and stay informed on the go!
By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact
Top Stories3 days ago
Analysis-China turbo-charges cobalt mine output despite price crash
Top Stories3 days ago
How electric vehicles are accelerating the end of the oil age
Finance3 days ago
Stock Market Guides Releases Scanner That Shows Historical Performance of Popular Stock Chart Patterns
Business3 days ago
Global Labor Market Conference Sets Gulf State Issues in Global Context