Ever wonder how hackers gain access to online accounts at home or at the office? There are a variety of different ways, but one of the most common is by using the right password. That’s right. Criminals can gain access to your private information because they either have or can easily guess your login credentials. Unfortunately, most of us make it far too easy for criminals to access their accounts that way. Here are some common ways hackers gain access to your agency’s accounts and your own — and what you can do to thwart them:
Buying credentials on the dark web
A popular way for criminals to hack accounts is to purchase login credentials obtained in data breaches. What information about you is available on the dark web? You can find out: Credit-reporting agency Experian is one of several companies that can provide you with a list of information about you that’s available on the dark web. There’s probably more information about you out there than you realized! Information collected in major data breaches often ends up there.
A recent Verizon Data Breach Investigations Report found that hackers often try the same e-mail and password combinations obtained on the dark web to hack into other accounts of the same person. That’s because most people use the same passwords with all their accounts. The report estimates that stolen and reused credentials are implicated in 80% of hacking-related breaches.
What you can do: Always have a different and strong password for each online account. Never use the same username/password for multiple accounts. And change your passwords frequently — every 60 to 90 days. That way if any of your login credentials do end up on the dark web, it limits the number of damage criminals can do. Lastly, use two-factor authorization whenever possible. That means setting up accounts so that you get a code sent to your phone that you must supply, along with your password, when logging in.
Brute force attacks
If your password is not on the dark web, hackers can try this brute force attack to guess your password. The attacker will try a wide range of possible passwords through automated software. Some software lets a hacker guess billions of combinations per second. Generally, the rule is anything under 12 characters is easier to hack and, therefore, more vulnerable. Many times, hackers hit the jackpot in seconds or minutes, because people love using passwords like ‘password’ or ’12345′ or ’123456′.
What you can do: As you’ve probably heard, the longer your password, the better, and you’ll want to include a combination of upper and lowercase letters, numbers and some symbols with 15 or more characters. Don’t just tack on symbols to the end of your password. Incorporate them. For example, you could substitute @ instead of the letter ‘a’ in your password, or $ for an S.
With this type of attack, the hacker attempts to guess your password through a prearranged list of words such as you’d find in a dictionary. This generally works if your password is a common word. Unfortunately, only uncommon words or phrases generally escape this type of attack.
What you can do: Use a combination of random words with symbols and numbers throughout your password. Think passphrase instead of password. For example, instead of using ‘I want to visit England in the summer22,’ you could use “! want TO v1Sit Engl4nd$ IN tHe $umm3R22”
Phishing is one of the most common hacker tactics. Like other phishing tactics, the hacker tries to trick users into revealing personal information here. For example, a phishing email may tell you something is wrong with your credit card account and then redirect you to a new website, prompting you to enter your information. The same can happen with passwords. For example, a phishing email may say you need to reset a password. Then individuals re-enter their information on a phony website.
What you can do: Beware of unsolicited e-mails, any request for your personal information and be on the lookout for phishing attempts. Does a company or organization normally communicate with you this way? Does their communication with you look different than it normally does? Phishing attempts are getting more sophisticated and effective, so be careful and vigilant.
It’s important that you’re not the only one taking steps to protect your agency’s accounts. Share this information with your agency’s employees and train them to be cyber-savvy. At the office, your team is your first line of defense against cyber threats.