The cyber bad guys were busy over July 4. It’s being reported that around 10 billion passwords were somehow accessed and published on a dark site where other bad guys can get access to them..
Here’s the Forbes article but Google the search term: RockYou2024 to see all the articles.
Here are 3 widely used methods scammers use to steal your personal information online:
How hackers hack: Brute Force
The reason for complex passwords is the existence of ‘Brute Force’ tools, which are programs that will essentially run through a dictionary of words, trying one after another to ‘guess’ your password.
These brute force apps are also set up to add numbers after a password, replace letters with commonly used numbers or symbols (such as replacing “a” with “@”).
And that’s just traditionally coded software, wait until the bad guys really figure out how to incorporate AI into their toolkit.
If a bad guy were to use an AI tool to scan all your social media accounts for pet’s name, children’s name, schools you attended, streets you’ve lived on, ANY birthday referenced, anniversary dates, etc then told it to take all that data and construct its best guess for the top 5000 passwords (which AI can easily do) then stick them into his brute force tool, is your trusty old password still secure?
Some websites have brute force protection built in, which will lock a user out after a certain number of attempts but not all of them have this.
So that’s my two cents on complex passwords, now let’s look at “reusing” passwords.
How hackers hack: Credential Stuffing
None of us do this, right? Use the same password on Amazon that you do on Netflix that you do on …. multiple other websites, do we?
The first thing that happens when a hacker gets a hit on a user name (most likely your email address) and a password combo from success with brute force or from a file posted to a hacker site with a huge file of email addresses and passwords, such as the “RockYou2024” hack referenced above, they’ll use scripts or bots (and probably AI) to try that combo on every banking or financial services website or sites with a credit card attached (Amazon).
Then what happens?
They’ll either try to buy something, transfer money or do a password reset to lock you out of your own account.
So – reusing your passwords is a HORRIBLE practice.
How hackers hack: Phishing
Another popular method employed by the bad guys is phishing.
Phishing attacks are a type of social engineering attack where bad guys attempt to deceive individuals into providing sensitive information such as usernames, passwords, credit card numbers, or other personal data.
These attacks typically involve the use of email, social media, phone calls, or malicious websites to lure victims into revealing their confidential information.
Email and SMS (texting) are frequently used to elicit information from the recipient. This information can be anything from a password to a system the bad guys want access to – or it could be a credit card or social security number, people share a crazy amount of stuff that should remain private.
They can also send you a tiny little application that once launched can take over your computer. These nefarious little apps may be hiding in a document attached to an email or a link somebody sent you in text, Facebook Messenger, or X (the app formerly known as Twitter).
Phishing attacks come in many different versions:
- Phishing
- Spear Phishing
- Whaling
- Clone Phishing
- Vishing
- Pharming
If you receive an email, text or a call where someone is asking for information they should already have, like a bank asking for your account number and password, it’s probably a scam.
If you receive a notice that a virus has been magically discovered on your phone or computer and you need to contact us immediately, it’s probably a scam.
How to respond:
Change passwords:
I would change all your passwords ASAP. Here’s how I would prioritize password updating:
- Google, Email accounts.
- All banking, credit card, mortgage services accounts (PayPal, Venmo).
- E-commerce accounts: Ebay, Amazon, Retailer accounts (Walmart, Target, etc.).
- Healthcare accounts: Health insurance, medical records
- Utilities: Internet, phone, cable, gas, electric
- Streaming: Netflix, Hulu, etc.
- Change your social media passwords
- Cloud Storage: Dropbox, Google Drive, OneDrive
- Change all your other passwords. Do you have websites? Good time to refresh your WordPress/Wix/Weebly passwords.
** Remember that if you change your passwords from your laptop you’ll have to change them on your phone as well so be sure you have a record of all your passwords.
A word about your new passwords…
I’m sure that many of you regularly use some cringeworthy passwords (your-dog’s-name-123 for example…)
You might as well just use “password” as your password as a brute force hacking app will blow through that in 2 seconds. (actually probably more like 2 nanoseconds).
You need a more complex password.
Sorry, you just do.
Replacing letters with numbers or symbols, such as N1ckc@rlson123 may have totally baffled hackers in 1996 but these days, replacing letters with numbers or symbols is part of any brute force hacking software.
M5%tV9*34% is significantly better than what most people are probably using today (Lassie123, anybody?).
Use a password manager or a notebook kept in a secure place.
I know, I know, how do I remember it? It’s too complicated (that’s the point).
Consider using password managers (1Password, LastPass, others) to securely store your passwords, encrypted and all you have to remember is the password to the password manager.
At the very least write them down in a book kept in a secure place – NOT on a spreadsheet!!
Again, I know, it’s hard to remember all those passwords. If you don’t want to use an online password manager, go to Walmart and buy a notebook with a sturdy cover. Enter all your passwords and keep it in a safe place.
Don’t rely on a bunch of post-it notes stuck all around your screen.
Any cyber bad guy worth a darn will search ‘password’ on any computer to which he gains access as his first order of business. He’ll be looking for that master password spreadsheet or Word doc! And based on what I’ve seen from my clients over the past dozen years or more, they find those files more often than not.
Never reuse your passwords.
If I’m a bad guy and I discover one of the login/password combos that you’ve used on 10 websites, you’ve 10X’d your misery.
Enable two-factor authentication
Two-factor authentication (2FA) or Multi-factor authentication (MFA) adds a great level of security for you.
Many 2FA systems are set up to either email or text you with a code that you have to enter in order to access the website you’re trying to log into.
Other systems include an “Authenticator” app, I use Google’s, which knows that you’re trying to login to a particular website and if it’s connected to Authenticator it will generate a code that you’ll see on the app.
What’s great about 2FA or MFA is that even if the bad guys happen to steal your login and password they still can’t access your account without the code, so they’d also need access to your email or your phone to do so.
Conclusion
Today, it’s important to keep your business safe from cyber threats.
Start by using strong, unique passwords for each account and a password manager to keep track of them. Enable two-factor authentication for an extra layer of security. Regularly update your passwords and monitor your accounts for any unusual activity.
Educate yourself and your team about common cyber threats like phishing. Secure your devices, avoid using public Wi-Fi for sensitive transactions, and back up important data regularly. By following these straightforward steps, you can better protect your business from online attacks.
While you can’t 100% protect your digital assets from cyber criminals by making it more difficult to steal your information most of the time the bad guys will move on to easier targets who haven’t taken smart precautions. Cybersecurity is an ongoing process that requires continuous attention and adaptation.
Questions? Like to see how we can help your B2B “make a big splash online”? Complete the form below and let’s talk!