Six ways to steal your password 2022. We explain how attackers can steal your credentials and how you can prevent them. Password leaks are one of the most annoying problems of the digital age. At first glance, it might seem like no big deal: who cares if someone finds out the password to some old e-mail account that is rarely used and contains nothing of value?
But then you remember that this same e-mail is linked to your social network accounts, not to mention banking and other apps, and it’s now in cybercriminal hands. Besides the anguish of losing money and data, such a leak can cause major headaches for your friends, family, and colleagues — after all, a hijacked account can be used to send phishing or scam e-mails in your name to all your contacts.
In this post, we explain how your credentials can be stolen and how to reduce the risk of them leaking. Sure, caution and vigilance play a massive role in it, but there are hi-tech solutions specifically designed to prevent leaks, which often handle threats much better than the naked eye.
Trojan stealers
These stealthy spies, once on your device, usually display no visible signs of activity. After all, the longer they remain under the radar, the more of your data they can steal and pass to their handlers, such as passwords for banking apps or gaming services.
A Trojan can get on your computer or smartphone if you open a malicious file sent by another user, downloaded from a website or copied from external media. Remember that any executable file from the internet is a potential trap.
But even those files that look like non-executables need to be treated with caution. Cybercriminals do their best to fool victims by disguising malicious files as images, videos, archives, documents, etc., and often they succeed. For example, they might change the icon or use a fiendishly cunning filename that mimics a safe format. What’s more, even an ordinary Office document can turn into a trap under certain conditions: a malicious script in the document can exploit a vulnerability in the program you use to open it.
Therefore, to combat such leaks, we recommend installing a security solution that can detect and block spyware Trojans. Six ways to steal your password 2022
Phishing
Phishing e-mails come in a variety of forms, but the goal is always to lure you to a fake website and get you to enter your credentials. Six ways to steal your password 2022
It might be a message saying your bank account has been blocked, or an early-bird offer to subscribe to an online movie theater. Or it might be a phishing link from an attractive stranger on Tinder, a potential buyer of your product on Amazon, or even a close friend (if their e-mail was hacked by scammers). Six ways to steal your password 2022
The standard tip in this situation is to look carefully at the URL: some fake sites have an extra letter in the address, a double domain name, etc. However, that does not always help since modern cybercriminals have learned how to disguise their fakes. For example, in case of a browser-in-the-browser attack, you might see a phishing site with a genuine address.
So it’s better to play it safe and use a security solution that spots phishing attacks and warns you about them.
Browser attacks to steal your password
Often, passwords get stolen through browser vulnerabilities or extensions. In the first case, specially crafted code on a web page plants spyware on your device. In the second, you yourself install a malicious script under the guise of a handy browser plug-in. After that, when you go to, say, a bank website, this script redirects all traffic through a hacker proxy server, spilling your credentials in the process. Six ways to steal your password 2022
Public Wi-Fi to steal your password
Attackers can also intercept data (including passwords) sent over the network if you’re using unencrypted or old WEP-protected Wi-Fi. Another variant is when a hacker sets up a public Wi-Fi hotspot with a name similar to an existing network (usually belonging to a nearby cafe, hotel or business center). The inattentive user connects to the fake hotspot and all their internet traffic flows straight to the cybercriminals. Six ways to steal your password 2022
You can avoid such leaks by carefully checking network names, avoiding suspicious access points, and disabling automatic connection to Wi-Fi. Better still, ensure that all your traffic is encrypted, then, even if you do connect to the wrong hotspot, eavesdroppers won’t know what you’re sending or where. Six ways to steal your password 2022
Passwords all around to steal your password
Then of course there are people who write down passwords on sticky notes and bits of paper, then leave them in full view of any passerby. Don’t be like them. It is also dangerous to write passwords in insecure text files on your computer or smartphone, or store passwords in the browser for autofilling. Six ways to steal your password 2022
So what to do instead? After all, infosec experts bleat on about the need for strong passwords that can’t be brute forced. They also don’t stop ranting about never using the same password more than once, because if it gets stolen, attackers will have more to steal from you. Is the solution, then, to create a memory palace full of long, complex passwords? But hardly anybody has such a gifted mind.
An easier option is to use a password manager protected by strong encryption. Simply enter all your usernames and passwords and memorize just one master password for the vault itself.
External leaks
All of the above is about keeping passwords safe at your end, but leaks often occur in remote internet services: online stores, social networks, crypto exchanges, or any other resource with login authentication. By hacking such a site, cybercriminals can get ahold of a huge user database, plus passwords and other personal data.
What’s more, the owners of such sites are not always keen to report such hacks. Meanwhile, your data gets passed around or put up for sale on the dark web. Infosec experts monitor the publication of such databases and warn users. Six ways to steal your password 2022
As always, however, be careful: here, too, such “experts” might appear to be scammers in disguise. This is a common phishing method: the user receives a message about an alleged leak and is invited to follow a link to a site asking for their credentials supposedly for verification, whereupon the password is stolen for real. Six ways to steal your password 2022
Protection for all seasons
Of course, password theft is not the only misfortune that can befall your digital self. Attackers have all kinds of tricks up their sleeve for stealing valuable data, emptying online bank accounts and causing other harm: spyware, ransomware, fake websites, malicious miners, the list goes on. Six ways to steal your password 2022
But never fear: we keep a close eye on cybercriminal creativity and continuously improve our products to deliver the best protection in the world against all digital threats. Six ways to steal your password 2022