The hackers in films and TV shows are normally portrayed as techie introverts, cracking codes to access classified data on someone’s computer. Not quite a true reflection of a typical data breach hacker who targets companies, not individuals. Hackers want to gain as much personal data from as many victims as possible – with this data, they can use it for financial gain themselves, or sell it on. Typically this all begins with getting a single password.
A hacker, or cybercriminal, is not focused on whose personal information they can get their digital hands on. They just want it from as many people as possible. Hence why hackers target huge businesses who have hundreds of thousands of customers. The cybercriminals main aim is to seek out a weak link in the security chain, in essence, the cyber parallel of an unlocked door. Once the hacker finds that single weak link, they’re in – they take as much personal identifiable information as possible.
A hacker then begins the hard task of either using the data themselves or selling it on via the dark web. Effects on bank accounts and online accounts may not be immediately apparent, but they can be serious. Strange, small, unrecognized transactions can be signs credit card details have been compromised and potentially a cybercriminal is testing the water.
Whether it be a credit card number, social security ID or PIN number, this data being compromised can lead to identity theft or financial loss. It is important to not undervalue email address and password breaches also, often access to an email account is the gateway to a host of other accounts – either through requesting password resets or use of the same password across multiple websites and services. Data is valuable to hackers and cybercriminals, whatever it’s kind.
Even just a list of email addresses is a valuable data list to a cybercriminal. Now they know, a legitimate email account, they can hit a popular website and try and login using that email address and a common password, it is surprising how many users still use weak passwords. This type of attack is known as brute-forcing, and scripts can be run to try thousands of passwords every second to gain access. Here are our password top tips:
- Switch out a letter for a symbol (i.e 5ymb0|) is not good enough, hackers know this old trick and teach their scripts what letters might be switched out, and which characters to try in place.
- Appending a password word with a number isn’t particularly strong either, again, the scripts hackers run attempt thousands of passwords a second and can be easily programmed to attempt digits at the end of weak passwords.
- Amazingly a number of users STILL rely on ‘password’ and ‘123456’, don’t use these, ever.
- Favourite sport star names, music icons and film quotes is also not a wise choice. Hackers again build brute force scripts to scrape the internet for frequent phrases and popular names.
- Single words from the dictionary should be avoided. Stick with phrases or sentences in passwords.
- Avoid any patterns, whether numerical or lines of keys on keyboards (i.e. 123abc or qwerty)
As alluded to above, one password can sometimes gain access to many accounts. Regrettably, web users reuse the same passwords, and cybercriminals know this. A different password should be used for each and every online account. Using a Password Manager such as TotalAV’s makes this easy, each time you create a new account, the password manager suggests a random, secure password and auto-inputs it each time you log in.
Some people say they don’t have anything to steal and therefore aren’t a cybercriminal target, think again if this is you. Identify Theft is a huge problem, cybercriminals can still open new accounts or apply for loans in someone else’s name, even if it gets refused, ultimately it could be adversely affecting that user’s credit rating. Finally, on that note, cybercriminals could find ways to access friends and family once access to an email account has been gained. It is vitally important to stay secure online, and as discussed, that begins with strong passwords.