It looks like a golden age for cybersecurity experts. Every few days, there’s a data leak; earlier this year, Microsoft—the leading operating systems developer—was hacked, and Ireland is still recovering from a massive ransomware attack that left its healthcare infrastructure paralyzed.
Businesses have warned of the lack of cybersecurity specialists for quite some time, but only now this necessity became visible to the public eye. After the Cambridge Analytica scandal, when more than 50 million illegally obtained Facebook user data was used to influence the US elections of 2016, people became aware of online privacy issues.
Cybercrime is starting to affect all aspects of social life. From political elections to cyber espionage, or such complex operations as Stuxnet, to casual Internet users who were tricked into providing confidential banking details, many people are affected. Luckily, cybersecurity service providers rise to the challenge of providing sufficient protection, and there are concrete steps you can take to secure your digital life.
Online safety is not as easy as it sounds, primarily because we don’t know too much about online dangers. Cybercriminals driven by easy profits developed hundreds of different hacking methods. Some are sophisticated and require months of preparation, while others, like Credential Stuffing attacks, can be done by a high-school teenager who’s into computers.
Credential Stuffing is a perfect example because these attacks are aimed at casual Internet users. They’re also easy to defend against, if you know how. First of all, their effectiveness depends upon victims’ lack of cybersecurity knowledge. With so many data leaks going on, there are many username/password/email combinations sold on online black markets.
Hackers buy these datasets and then use primitive automatization software to try these combinations on some other service. For example, you stayed at a Marriott hotel that experienced two major data leaks in the last decade, and your information was leaked.
A hacker obtains this information and tries the same combo on your Netflix, Spotify, and Gmail accounts. If you used the same username/password and didn’t have a two-factor authentication setup (do it!), they can take over the account and cause damage.
The obvious conclusion is not to use the same password more than twice. But that’s easier said than done. We use tons of apps these days, and most of them are protected with a password, so remembering them by hand is not an option. Furthermore, you want to have a long, unique password with numbers and symbols since the usual suspects, “qwerty” and “password123”, are open-door invitations to your account.
The most efficient way to defend against Credential Stuffing is a password manager. Let’s take NordPass as an example since it comes from a well-known cybersecurity company NordSecurity.
This software will store all of your passwords in an encrypted vault, which can only be accessible to you, so you don’t have to worry about remembering them by heart anymore. It also has a password and a username generator to help you come up with strong options. This way, you can have as many different and solid passwords as you need, and Credential Stuffing becomes useless.
But there’s another popular technique that’s worth mentioning – Phishing.
What can you do about Phishing?
Phishing is one of the oldest hacks that is popular to this day. It relies on human error, exploiting lack of knowledge, and can have devastating results. For example, you receive an email from what looks like your banking officials. Moreover, it has your real name and surname, and maybe even a home address. Finally, it asks you to go to your banks’ webpage, log in, and update some information required for their service safety.
It looks legit, and you click on the link. The website looks just like your banks, and you follow the instructions. Sadly, cybercriminals obtained your real name and surname from a data leak, managed to look up your address, and even set up a mirror page that looks exactly like your bank. And now they have logins to your account.
The best advice in this situation is always to verify essential emails. Instead of clicking anywhere, carefully check the link by hovering over it, and if you have a suspicion, call the bank support, and ask to double-check the situation.
It’s also necessary to be up to date, so from time to time, spend some time reading about the latest hacks and protection tips. If you spend a lot of time on a computer, this will definitely come in handy, and we hope this article will help you protect yourself against the most common threats.