In today’s world where data is such a valuable commodity, the lengths cyber criminals will go to in order to obtain your information are immeasurable. The tactics they use to harvest passwords are increasingly clever and innovative. In this blog we discuss five common ways cyber criminals could obtain your online credentials and five counter-measures to safeguard your digital data.

1.Social Engineering Attacks (eg Phishing)

Social Engineering is where attackers masquerade as someone or something you know or trust, and they trick you into doing something you should not do. They send emails or messages that appear legitimate, often creating a strong sense of urgency, fear, or curiosity to encourage you to act quickly without first taking stock of the situation.

For example: an email that looks like it’s from the bank, complete with official logos and branding. The email claims there is suspicious activity on your account and urges you to click a link to verify your identity. The link leads to a fake website that captures your login credentials when you enter them.

2. Malware

Malware is malicious software designed to infect computers. Once infected, cyber criminals are able to use your data however they want to. Keyloggers (or information stealers) are a type of malware that record every keystroke made on a device, including your login, passwords, and other sensitive data.

For example: scanning an illegitimate QR code or downloading a fake app in which is hidden a keylogger. The keylogger then installs itself on your computer and over time it records your login details for various accounts, which are sent back to the attacker.

3. Brute Force Attacks

In brute force attacks, cybercriminals use automated tools to try numerous password combinations until they guess the correct one. Weak passwords are especially vulnerable to this method.

For example: using a format like your name + your year of birth, or a simple default password like 123456, across several accounts. Attackers can use software that systematically tries common combinations to crack easy passwords, giving them access to multiple accounts.

4. Data Breaches

When a website or service gets hacked, it can affect everyone’s accounts that are stored on the same server. If someone uses the identical password for multiple accounts and that password is compromised for one account, it can be used to access the victim’s other accounts as well.

5. Purchased Credentials

Cyber criminals can simply buy your passwords on the internet, often on the Dark Web. Certain cyber criminals specialise in stealing victims’ passwords using any of the methods discussed above. These are then sold on to other cyber criminals.

5 Tactics to keep your Online Credentials Safe

Fortunately, by taking a few preventative measures, you can go a long way to protecting your accounts online. To protect your passwords and avoid them being stolen, here are five effective strategies:

1. Use Strong and Unique Passwords

• Avoid weak passwords like “123456” or “password.”
• Create long and complex passwords (at least 12 characters), combining uppercase and lowercase letters, numbers, and special characters.
• Ensure passwords are unique for each account. Don’t reuse passwords across different sites.

2. Enable Two-Factor Authentication (2FA)

• Use two-factor authentication wherever possible. This adds an extra layer of security by requiring a second verification method (e.g., a code sent to your phone or an authentication app).
• Authenticator apps (such as Google Authenticator or Authy) are more secure than SMS-based 2FA.

3. Use a Password Manager

• Password management software securely stores and manages your passwords, with the option to generate strong, random passwords for each account.
• This eliminates the need to memorise multiple passwords, protects you from reusing weak ones and grades the strength of the passwords you generate.
• A password manager efficiently autofills the credentials fields of your online accounts

4. Stay alert for Phishing Attacks

• Avoid clicking on suspicious links in emails, text messages, or social media posts. Clearly this measure is easier said than done! Email filtering will send spam to quarantine and security software for your devices will help identify malware.
• Verify the authenticity of any website or communication before entering your passwords or sensitive information.

5. Apply sensible Password Hygiene

• Avoid sharing passwords with anyone, even those you trust. If you must share, use a secure method (e.g., a password manager with sharing capabilities).
• Change passwords immediately if you suspect they’ve been shared or compromised.
• When entering passwords on websites, ensure the website is secure by looking for “https://” and a padlock symbol in the URL bar.
• Disable autofill features for passwords in browsers or on apps. If a device is compromised, they can provide easy access to your login details.
• Regularly check your account statements for suspicious activity. Many services offer account activity logs to see any unauthorised logins.
• Set up alerts for login attempts or changes to your account details.

How we can help at Comprendo

>> We are big fans of Password Managers and would be happy to show you the benefits in a free demonstration.

>> We provide Phishing / Security training to help employees spot emails and messages which include malicious links and attachments.

>> Many of our clients use our anti-virus Email Filtering service which prevents a large amount of spam from entering their inboxes, as well as our Endpoint cybersecurity solutions, which helps to safeguard individual devices against Malware.

>> We also advise that you install a robust Firewall, which will protect your network from unwanted traffic.

To discuss any Cyber Security issues or concerns you may have, do get in touch with us at: Tel 0345 527 4394 / info@comprendo.co.uk

At Comprendo, we provide customer-focused IT services, solutions and support to businesses throughout North and West Yorkshire, Lancashire and beyond, including Leeds, Bradford, Harrogate, York, Preston and Manchester. Looking to outsource your IT or review your cyber security? We look forward to hearing from you.