{"componentChunkName":"component---src-templates-dictionary-term-tsx","path":"/dictionary/credential-theft","result":{"data":{"contentfulDictionaryTerm":{"title":"Credential Theft","slug":"credential-theft","descriptionMeta":{"childMarkdownRemark":{"rawMarkdownBody":"Learn about the dangers of credential theft and how to protect your company from this growing threat."}},"body":{"body":"# What is Credential Theft?\nIn __Information Technology (IT)__, the term __Credential__ is used to refer to certain authentication details, or __data__ that is often required to specify user identity, authenticate, and grant access to a network system. In this sense, credentials, therefore, stands for __secret codes__ such as user IDs, passwords, or questions required to access an online account.\n\nAs valuable as these pieces of information are to their owners, cybercriminals are often targeting vulnerable accounts to steal such __credentials__ to gain full access to a system’s database. All that it takes is for a criminal to succeed in stealing one very useful credential to access, and jeopardise a company’s infrastructure, and cause havoc.\n\nHackers can steal credentials in various tactics and methods. The compromised data has significant uses for potential identity thieves. It can be used to breach organisations, or individual privacy and steal more sensitive information like bank details, for example. But there's sufficient evidence that cyber threat intelligence like, say, [__Guardio__](https://guard.io/plans \"Guardio Plans page\"), can safeguard and mitigate impacts of a __credential theft__ attack.\n\nSimply put, credential theft, is a __cybercrime__ that involves stealing one’s proof of online identity. If a thief succeeds in stealing your credentials, they'll be able to enjoy the same account privileges as you. Also, credential theft is often the first stage in an __[identity theft-based](https://guard.io/blog/how-to-avoid-identity-theft-online \"Guardio Blog - How To Avoid & Recognize Identity Theft Online\")__ attack.\n\nMoreover, stolen credentials can allow hackers to reset your password, lock you out of your account, download any data, access other computers using the same network, wipe all data and backups. \n\nAdditionally, it is often easier for hackers to gain full remote access to networks by using legit passwords to login into third-party services. These services may include __DocuSign__, __Microsoft Office365__, or __Dropbox__ among others which are used in everyday business operations.\n\nOrganisations, big or small, as well as individuals should prioritise the addressing of credential thefts, and subsequent suspicious logins. Actually, stolen credentials have been behind some of the biggest, and most expensive data breaches such as the __hacks__ on the U.S. Office of Personnel Management, Equifax, and Yahoo, for example.\n\n### Credential Theft and the Dark Web\nNow that we know what credential theft means, __where does this info go once stolen__? That’s where underground markets, or the __dark web__ comes in. Once your credentials have been stolen, it is often taken to the [__dark web__](https://guard.io/dictionary/dark-web) and sold to other potential hackers who don’t really care a thing about the owner.\n\n## What Are the Types of Credential Phishing?\nHackers will often try to lure victims to their almost legit but fake websites to steal their credentials. To help you stay in the know, we have put together comprehensive info on credential phishing ways a thief is likely going to use to trick you.\n\nSocial Media Hacks\nCriminals hack genuine profiles or create identical social media accounts to send private messages across social platforms. They send you messages pretending they are reputable companies, or people you know. These messages often have a page login link. The content on the __message__ may look more or less like this:\n\n- Sharing good discounts, coupons, or great deals.\n\n- Pretending to inform you about some new or great Netflix shows.\n\n- Warning about some kind of unauthorised access, or account deactivation.\n\n- Anything else that looks too good to ignore, that builds enough curiosity to lure you into the trap.\n\n### Email Credential Hacks\nThese are the most basic steps for information phishing that is often deployed through emails. Here’s how it works.\n\n- __Identifying a target__. A criminal will do some research to learn about an organisation, a bank, or a website, for example, that is most relative to you. They also research those who are connected to you like your kin, friends, boss, or work colleagues.\n\n- __Sending targeted phishing emails with links that prompts for action__. Usually, an email could be about a service warning from some web hosting organisation, a warning about some fake transaction that needs urgent attention, or a friend who’s only sharing some great online deals.\n\n- __Emails with links that redirect you to a phishing website__. Usually, the phishing site will mimic a genuine one. Something more or less like: __http://confirm-index-id-12.biz.co.uk/account/recovery__.\n- __Get you to login with your details on a phishing site__. As soon as you enter your login details, the data is transferred to the criminal’s backend database straightaway.\n- __Logging into an original or legit website with your credentials__. Sometimes criminals just get lucky with this. If, say, a hacker gets hold of your email credentials, they can use the “forgot password” to log into your site or other crucial network systems. \n\n### SMS Credential Hacks\nSMS credential phishing works the same way as email hacks. Once a cybercriminal accesses your mobile number, they conduct some research about you. They send you a more targeted SMS phishing scam pretending to be from some legit entity. These texts are usually accompanied by links to a phishing site.\n\nMoreover, an example of a phishing SMS is a short compelling text from, say, a__ fake amazon__ that talks about an offer that has been won, and you should follow a link to claim your offer. \n\n## How Can I Detect Credential Theft?\n__Microsoft’s Defender ATP__ is a unified endpoint threat protection platform that uses various approaches to __detect credential theft__ or credential dumping. While it surely gets the job done just like other security tools, corporate entities, and now, many individuals globally are opting for a more advanced approach. \n\nThe smarter ones have already subscribed to an even tougher net bodyguard. Many corporate companies have subscribed to the premium version of [__Guardio__](https://guard.io/plans \"Guardio Plans page\")to reap maximum benefits. But there is a completely free version that keeps your browsers safe, and doesn’t only detect credential theft attempts, __Guardio__ also stops it from happening, and scans the system to weed out all other potential hacks. \n\n## How to Prevent Credential Theft?\nYour best bargain to protect yourself against credential stealing, and avoid the consequences that come with identity theft is to __change your passwords regularly__, and make use of __[multi-factor-authentication](https://guard.io/dictionary/multi-factor-authentication-mfa \"Guardio Dictionary - What's MFA?\")__ whenever you can. But you can also do these things to prevent such shortcomings.\n\n- Limit or reduce your corporate credentials to the approved applications only.\n- Regularly perform vulnerability checks.\n- Give your employees proper training on how to detect phishing, and create strong passwords.\n- Closely observe or follow PAM (the __privileged access management__) best practices.\n- Restrict or block usage from unknown sites or applications.\n- Use encryption, traffic monitoring and endpoint security tools.\n- Make use of advanced network or Chrome security extensions. Luckily for you, there’s a __free premium__ trial of an advanced browser security extension that perks plenty of rewards. \n- Change the __SFA__ (single-factor authentication) with __2FA__ (a __two-factor authenticator__) to make your accounts less vulnerable to phishing attempts.\nBy using these tips, you are sure to extinguish, or slow down credential theft on crucial infrastructure, and or keep your critical systems on lock down.\n\nIn addition to network or __[Chrome security extensions that protect against vast cyberattacks](https://guard.io/plans \"Guardio Plans page\")__, one of the easiest ways to protect your privacy while surfing the web is to use the Chrome extension Guardio. This tool acts as the first line of defence for your browser. It automatically protects your data when you are online without sacrificing speed, or interfering with your browsing experience. \n\n## Frequently Asked Questions (FAQs)\nHow are Credentials Stolen?\nCredentials can be exposed in various ways such as guessing “__brute-force__” or information leaks. But hackers also extract them in the form of tickets, hashes, or plaintext passwords. \n\nTo deceive you, the criminal may use phishing techniques, often very efficient, and a cheaper way to go. __Phishing tactics__ are based on human interactions, and rely on Culverecurity defences.\n\n### What is a Credential Phishing Attack?\nCredential phishing attack is when a cybercriminal is pretending to be an entity, or someone you trust. They often tend to trick you by playing a psychological game in a way you leave your guards and start trusting them enough to give up the valuable details.\n\nGenerally, criminals may create a mimic of a popular website using the same style, logo, theme, and even the same content. And all these are accompanied by a nearly identical domain address, only to deceive you. This act of fraud is called __cybersquatting__. Hackers will often add slight modifications like: __facebooklive.xyz__, or __amazondeals.io__, and so on to make it look more legit. \n\nIf you’re tempted and, say, you’re hooked to such sites and login with your details, those details go straight into the scammer’s database. The scammer can then log back in, and do these things:\n- Send spam or phishing emails to your contacts\n- Steal sensitive info that is stored in your account\n- Transfer your money into their accounts if they found your bank details.\n- Sometimes they will ask for a ransom in exchange for returning your account.\n- Borrow money in your name and cause impacts on your credit scores, etc.\n\n### How are Credentials Captured?\nIf you’re concerned about protecting your privacy, or maybe, a corporate account—staying informed on how criminals often take advantage of people is certainly a good idea. In today’s global internet life, unfortunately, it is easier than ever for a criminal to capture your credentials in just a single click.\n\nBelow are a few common methods a criminal is likely going to use to compromise your sensitive data.\n- Brute force\n- Phishing scams\n- Malware usage\n- Public WiFi\n- Data and site breaching\n__Brute Force Attack__. Sometimes the type of passwords we’re using just aren’t the strongest out there. This means that most people are only making a potential criminal’s job look like a __walk in the park__. \n\n__Think of it like this__: How many times have you ever forgotten a password, only to guess it right in a few trials? Sometimes guessing is what it takes for a hacker to crack your secret codes. __Keep this in mind__: It is not about a thief sitting behind their computer all day long trying to crack your passwords. Let me explain.\n\nCriminals usually use some incredibly accessible and sophisticated programs that automatically guess your common passwords—thanks to technology. This process can often be completed within 24-hours. \n\n__Tip__: Use passwords that are more difficult to guess. The kind that you almost need to write them down somewhere to __refer back to__ whenever you want to use them for authentication. Use a combination of special characters (</#>@*%), numbers (0123…), and mixed letters (AbXyz), to make guessing your password look more like a wild goose chase to a potential hacker.\n\n[__Phishing Scams__](https://guard.io/blog/how-to-protect-yourself-against-phishing-scams). This is certainly the most common method of credential theft you’re probably aware of. It involves thieves taking advantage of your vulnerabilities and stealing the important data. \n\nIt happens when someone sends a message (SMS or email) along with a malicious link. Mostly, these messages look very legit until you click the link and deliver your credentials to the thief on a silver platter—then you realise you have just been hit by a hacker who then uses your info to bypass online security just like you would.\n\n__Tip__: If you’re a corporate body, educate your team thoroughly about these things to save your company from the nightmare. Because they’re often the targets of these fascinating phishing attempts. Encouraging them about not clicking malicious links, or filling suspicious forms will keep your business safe.\n\n__Malware Usage__. Malware, also known as __spyware__, is a variety of malicious programs, and formats that cybercriminals use to steal the data. Usually, it happens when you’re surfing the web unsecurely and a malware program sneaks in, and instals itself on your device without your consent.\n\nThe problem starts when the unwanted program has successfully installed itself on your device. The spyware can log your special __keystrokes__, and even remember your __browsing history__. It can also develop some nefarious pop-up ads that can capture your login credentials, or even crash the whole system.\n\n__Tip__. Make use of VPN(s) and modern network security extensions to safeguard your online activities. Such tools like __[Guardio](https://guard.io/plans \"Guardio Plans page\")__ have gone the extra mile to establish an advanced Chrome security extension that can tip you whenever something is up, and even get rid of all threats on site. The tool has a sharp eye to detect and eliminate even the most difficult backdoor Trojans.\n\n__Public WiFi__. In today’s economic world, chances are, you don’t just do all the work from an executive work office setting. Working from remote, home, cyber, or any other place, perks plenty of rewards that can make us almost forget real internet security threats.\n\n__What’s the case in point, here__? The sharp sword of a public WiFi, of course. Although it is obviously amazingly convenient, a public WiFi can pose real threats to your credentials. When someone connects to a public WiFi on their work computer, there is a high chance that something can, or does happen.\n\nIf, let’s say, you or your work colleagues login with their passwords while using a public WiFi, these details can easily be captured or compromised by criminals who are often fishing for potential victims, thanks to the process called traffic monitoring. Hackers are usually armed to the teeth. They deploy certain programs that often keep an eye on public networks.\n\n__Tip__. Keep away from public networks whenever possible because the thief is always on the watch. Their creepy malicious apps will always notify them of a potential login, and that is how your nightmare begins.\n\n__Data and Site Breaching__. Anyone who lives and breathes internet is certainly doing this. It is not a new thing to give out our information to websites of interest. Some of which are secure sites but some others are, well, let’s just say, not secured enough.\n\nFurther, it is quite common to sign up on Facebook, or order take-outs online. However, it helps if we also understand what might happen if, say, the data we are sharing with other sites is breached. Typically, an identity thief can get into popular sites and steal this valuable piece of information.\n\nThis can happen in a dozen ways. One way is through __remote file inclusion__ (SQL injections). Once a criminal has a grip on your sensitive data, they can share it to other phishing websites, or take it to the underground markets (the __dark web__) where this kind of info is a goldrush.\n\n__Tip__. Don’t use weak passwords on any online accounts. And don’t use one password fits all. Use different passwords on different accounts. Because if, say, a criminal gets hold of one of your passwords, they probably have all your accounts to feast on. \n\n### How are Credentials Compromised?\nCriminals are always using various tactics to gain unauthorised access to valid or genuine credentials on a network. Once they get this info, they have a way of creating perseverance on the network. They move around covertly, and they start escalating privileges and cause havoc to your organisation.\n\nFor this reason, extra attention is paid to safeguard user credentials. However, this is more often said than done. Despite the idea of __rotating passwords__ and information security training, many people are still likely to reuse their old passwords, or create weak ones. Some are still likely to even fall prey to phishing scams. \n\n__There are many tricks and tactics criminals use to compromise your credentials__. Table 1.1. shows some common ones.\n\n Common Methods Criminals Use to Compromise Credentials\n\n| Type of Attack    | Description     |\n| ---------- | ---------- |\n|    Brute Force Attack    | The criminal tries to authenticate by iterating through a list of secret codes or passwords, and hope that one would work.       |\n| Credential Stuffing       | This is when a criminal uses stolen account names with a combination of passwords that have been stolen from other databases, and hopes for a success.       |\n| Social Engineering       | Criminals often use trickery tactics that are so convincing in a way you can almost be tricked into delivering your network credentials on a silver platter.       |\n| Password Spraying       | Password spraying is an act of trying to login with a recognised username, and trying out commonly used __weak__ or __unsafe passwords__.       |\n| Keyloggers       | These are malicious programs which, if sneaked and installed in your network, can capture your logs through keystrokes and pass the info to the hacker. The hacker then uses these details to create a duplicate account.       |\n| Phishing and spear-phishing       | This one here is quite popular. It involves scam messages that contain malicious links. Criminals can trick you to enter valid passwords on malicious pages.        |\n\n### What is Credential Abuse?\nCredential abuse is the use of jeopardised passwords or secret codes to authenticate applications with an intention of stealing information. Credential abuse happens or starts when a malicious bot, or a cybercriminal fools you and steals your account login details.\n\n### What Do Hackers Do With Stolen Credentials?\nJust as the identity theft scam is explained on __TRENDMICRO.COM__, credential theft is surely a __gold mine__ for hackers. And people are already aware that it can happen in any fashion due to high recorded cases. __Technically, the dark web is where your stolen information often gets__. The stolen info is then sold for profits to other criminals who would commit various frauds with such details.\n\n#### Staying Safe\n[Guardio's](https://guard.io/plans \"Guardio Plans page\") cybersecurity tools, keeps your browing safe and secure. It blocks phishing attacks, secures your social accounts, and keeps you protected from credential theft.  \n#### Why Guardio?\nWith over 1.5 million happy customers, Guardio is your #1 ally in the digital age. Offering tools and alerts to keep scammers at bay. Try it out with a [7-day free trial](https://guard.io/plans \"Guardio Plans page\") and see how it strengthens your online security!\n","childMarkdownRemark":{"htmlAst":{"type":"root","children":[{"type":"element","tagName":"h1","properties":{"id":"what-is-credential-theft","style":"position:relative;"},"children":[{"type":"text","value":"What is Credential Theft?"},{"type":"element","tagName":"a","properties":{"href":"#what-is-credential-theft","ariaLabel":"what is credential theft permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"In "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Information Technology (IT)"}]},{"type":"text","value":", the term "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Credential"}]},{"type":"text","value":" is used to refer to certain authentication details, or "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"data"}]},{"type":"text","value":" that is often required to specify user identity, authenticate, and grant access to a network system. In this sense, credentials, therefore, stands for "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"secret codes"}]},{"type":"text","value":" such as user IDs, passwords, or questions required to access an online account."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"As valuable as these pieces of information are to their owners, cybercriminals are often targeting vulnerable accounts to steal such "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"credentials"}]},{"type":"text","value":" to gain full access to a system’s database. All that it takes is for a criminal to succeed in stealing one very useful credential to access, and jeopardise a company’s infrastructure, and cause havoc."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Hackers can steal credentials in various tactics and methods. The compromised data has significant uses for potential identity thieves. It can be used to breach organisations, or individual privacy and steal more sensitive information like bank details, for example. But there's sufficient evidence that cyber threat intelligence like, say, "},{"type":"element","tagName":"a","properties":{"href":"https://guard.io/plans","title":"Guardio Plans page"},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Guardio"}]}]},{"type":"text","value":", can safeguard and mitigate impacts of a "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"credential theft"}]},{"type":"text","value":" attack."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Simply put, credential theft, is a "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"cybercrime"}]},{"type":"text","value":" that involves stealing one’s proof of online identity. If a thief succeeds in stealing your credentials, they'll be able to enjoy the same account privileges as you. Also, credential theft is often the first stage in an "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"https://guard.io/blog/how-to-avoid-identity-theft-online","title":"Guardio Blog - How To Avoid & Recognize Identity Theft Online"},"children":[{"type":"text","value":"identity theft-based"}]}]},{"type":"text","value":" attack."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Moreover, stolen credentials can allow hackers to reset your password, lock you out of your account, download any data, access other computers using the same network, wipe all data and backups."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Additionally, it is often easier for hackers to gain full remote access to networks by using legit passwords to login into third-party services. These services may include "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"DocuSign"}]},{"type":"text","value":", "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Microsoft Office365"}]},{"type":"text","value":", or "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Dropbox"}]},{"type":"text","value":" among others which are used in everyday business operations."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Organisations, big or small, as well as individuals should prioritise the addressing of credential thefts, and subsequent suspicious logins. Actually, stolen credentials have been behind some of the biggest, and most expensive data breaches such as the "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"hacks"}]},{"type":"text","value":" on the U.S. Office of Personnel Management, Equifax, and Yahoo, for example."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h3","properties":{"id":"credential-theft-and-the-dark-web","style":"position:relative;"},"children":[{"type":"text","value":"Credential Theft and the Dark Web"},{"type":"element","tagName":"a","properties":{"href":"#credential-theft-and-the-dark-web","ariaLabel":"credential theft and the dark web permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Now that we know what credential theft means, "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"where does this info go once stolen"}]},{"type":"text","value":"? That’s where underground markets, or the "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"dark web"}]},{"type":"text","value":" comes in. Once your credentials have been stolen, it is often taken to the "},{"type":"element","tagName":"a","properties":{"href":"https://guard.io/dictionary/dark-web"},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"dark web"}]}]},{"type":"text","value":" and sold to other potential hackers who don’t really care a thing about the owner."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h2","properties":{"id":"what-are-the-types-of-credential-phishing","style":"position:relative;"},"children":[{"type":"text","value":"What Are the Types of Credential Phishing?"},{"type":"element","tagName":"a","properties":{"href":"#what-are-the-types-of-credential-phishing","ariaLabel":"what are the types of credential phishing permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Hackers will often try to lure victims to their almost legit but fake websites to steal their credentials. To help you stay in the know, we have put together comprehensive info on credential phishing ways a thief is likely going to use to trick you."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Social Media Hacks\nCriminals hack genuine profiles or create identical social media accounts to send private messages across social platforms. They send you messages pretending they are reputable companies, or people you know. These messages often have a page login link. The content on the "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"message"}]},{"type":"text","value":" may look more or less like this:"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"ul","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Sharing good discounts, coupons, or great deals."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Pretending to inform you about some new or great Netflix shows."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Warning about some kind of unauthorised access, or account deactivation."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Anything else that looks too good to ignore, that builds enough curiosity to lure you into the trap."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h3","properties":{"id":"email-credential-hacks","style":"position:relative;"},"children":[{"type":"text","value":"Email Credential Hacks"},{"type":"element","tagName":"a","properties":{"href":"#email-credential-hacks","ariaLabel":"email credential hacks permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"These are the most basic steps for information phishing that is often deployed through emails. Here’s how it works."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"ul","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Identifying a target"}]},{"type":"text","value":". A criminal will do some research to learn about an organisation, a bank, or a website, for example, that is most relative to you. They also research those who are connected to you like your kin, friends, boss, or work colleagues."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Sending targeted phishing emails with links that prompts for action"}]},{"type":"text","value":". Usually, an email could be about a service warning from some web hosting organisation, a warning about some fake transaction that needs urgent attention, or a friend who’s only sharing some great online deals."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Emails with links that redirect you to a phishing website"}]},{"type":"text","value":". Usually, the phishing site will mimic a genuine one. Something more or less like: "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"http://confirm-index-id-12.biz.co.uk/account/recovery"},"children":[{"type":"text","value":"http://confirm-index-id-12.biz.co.uk/account/recovery"}]}]},{"type":"text","value":"."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Get you to login with your details on a phishing site"}]},{"type":"text","value":". As soon as you enter your login details, the data is transferred to the criminal’s backend database straightaway."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Logging into an original or legit website with your credentials"}]},{"type":"text","value":". Sometimes criminals just get lucky with this. If, say, a hacker gets hold of your email credentials, they can use the “forgot password” to log into your site or other crucial network systems."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h3","properties":{"id":"sms-credential-hacks","style":"position:relative;"},"children":[{"type":"text","value":"SMS Credential Hacks"},{"type":"element","tagName":"a","properties":{"href":"#sms-credential-hacks","ariaLabel":"sms credential hacks permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"SMS credential phishing works the same way as email hacks. Once a cybercriminal accesses your mobile number, they conduct some research about you. They send you a more targeted SMS phishing scam pretending to be from some legit entity. These texts are usually accompanied by links to a phishing site."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Moreover, an example of a phishing SMS is a short compelling text from, say, a__ fake amazon__ that talks about an offer that has been won, and you should follow a link to claim your offer."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h2","properties":{"id":"how-can-i-detect-credential-theft","style":"position:relative;"},"children":[{"type":"text","value":"How Can I Detect Credential Theft?"},{"type":"element","tagName":"a","properties":{"href":"#how-can-i-detect-credential-theft","ariaLabel":"how can i detect credential theft permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Microsoft’s Defender ATP"}]},{"type":"text","value":" is a unified endpoint threat protection platform that uses various approaches to "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"detect credential theft"}]},{"type":"text","value":" or credential dumping. While it surely gets the job done just like other security tools, corporate entities, and now, many individuals globally are opting for a more advanced approach."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"The smarter ones have already subscribed to an even tougher net bodyguard. Many corporate companies have subscribed to the premium version of "},{"type":"element","tagName":"a","properties":{"href":"https://guard.io/plans","title":"Guardio Plans page"},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Guardio"}]}]},{"type":"text","value":"to reap maximum benefits. But there is a completely free version that keeps your browsers safe, and doesn’t only detect credential theft attempts, "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Guardio"}]},{"type":"text","value":" also stops it from happening, and scans the system to weed out all other potential hacks."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h2","properties":{"id":"how-to-prevent-credential-theft","style":"position:relative;"},"children":[{"type":"text","value":"How to Prevent Credential Theft?"},{"type":"element","tagName":"a","properties":{"href":"#how-to-prevent-credential-theft","ariaLabel":"how to prevent credential theft permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Your best bargain to protect yourself against credential stealing, and avoid the consequences that come with identity theft is to "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"change your passwords regularly"}]},{"type":"text","value":", and make use of "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"https://guard.io/dictionary/multi-factor-authentication-mfa","title":"Guardio Dictionary - What's MFA?"},"children":[{"type":"text","value":"multi-factor-authentication"}]}]},{"type":"text","value":" whenever you can. But you can also do these things to prevent such shortcomings."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"ul","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Limit or reduce your corporate credentials to the approved applications only."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Regularly perform vulnerability checks."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Give your employees proper training on how to detect phishing, and create strong passwords."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Closely observe or follow PAM (the "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"privileged access management"}]},{"type":"text","value":") best practices."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Restrict or block usage from unknown sites or applications."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Use encryption, traffic monitoring and endpoint security tools."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Make use of advanced network or Chrome security extensions. Luckily for you, there’s a "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"free premium"}]},{"type":"text","value":" trial of an advanced browser security extension that perks plenty of rewards."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Change the "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"SFA"}]},{"type":"text","value":" (single-factor authentication) with "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"2FA"}]},{"type":"text","value":" (a "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"two-factor authenticator"}]},{"type":"text","value":") to make your accounts less vulnerable to phishing attempts."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"By using these tips, you are sure to extinguish, or slow down credential theft on crucial infrastructure, and or keep your critical systems on lock down."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"In addition to network or "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"https://guard.io/plans","title":"Guardio Plans page"},"children":[{"type":"text","value":"Chrome security extensions that protect against vast cyberattacks"}]}]},{"type":"text","value":", one of the easiest ways to protect your privacy while surfing the web is to use the Chrome extension Guardio. This tool acts as the first line of defence for your browser. It automatically protects your data when you are online without sacrificing speed, or interfering with your browsing experience."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h2","properties":{"id":"frequently-asked-questions-faqs","style":"position:relative;"},"children":[{"type":"text","value":"Frequently Asked Questions (FAQs)"},{"type":"element","tagName":"a","properties":{"href":"#frequently-asked-questions-faqs","ariaLabel":"frequently asked questions faqs permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"How are Credentials Stolen?\nCredentials can be exposed in various ways such as guessing “"},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"brute-force"}]},{"type":"text","value":"” or information leaks. But hackers also extract them in the form of tickets, hashes, or plaintext passwords."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"To deceive you, the criminal may use phishing techniques, often very efficient, and a cheaper way to go. "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Phishing tactics"}]},{"type":"text","value":" are based on human interactions, and rely on Culverecurity defences."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h3","properties":{"id":"what-is-a-credential-phishing-attack","style":"position:relative;"},"children":[{"type":"text","value":"What is a Credential Phishing Attack?"},{"type":"element","tagName":"a","properties":{"href":"#what-is-a-credential-phishing-attack","ariaLabel":"what is a credential phishing attack permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Credential phishing attack is when a cybercriminal is pretending to be an entity, or someone you trust. They often tend to trick you by playing a psychological game in a way you leave your guards and start trusting them enough to give up the valuable details."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Generally, criminals may create a mimic of a popular website using the same style, logo, theme, and even the same content. And all these are accompanied by a nearly identical domain address, only to deceive you. This act of fraud is called "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"cybersquatting"}]},{"type":"text","value":". Hackers will often add slight modifications like: "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"facebooklive.xyz"}]},{"type":"text","value":", or "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"amazondeals.io"}]},{"type":"text","value":", and so on to make it look more legit."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"If you’re tempted and, say, you’re hooked to such sites and login with your details, those details go straight into the scammer’s database. The scammer can then log back in, and do these things:"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"ul","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Send spam or phishing emails to your contacts"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Steal sensitive info that is stored in your account"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Transfer your money into their accounts if they found your bank details."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Sometimes they will ask for a ransom in exchange for returning your account."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Borrow money in your name and cause impacts on your credit scores, etc."}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h3","properties":{"id":"how-are-credentials-captured","style":"position:relative;"},"children":[{"type":"text","value":"How are Credentials Captured?"},{"type":"element","tagName":"a","properties":{"href":"#how-are-credentials-captured","ariaLabel":"how are credentials captured permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"If you’re concerned about protecting your privacy, or maybe, a corporate account—staying informed on how criminals often take advantage of people is certainly a good idea. In today’s global internet life, unfortunately, it is easier than ever for a criminal to capture your credentials in just a single click."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Below are a few common methods a criminal is likely going to use to compromise your sensitive data."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"ul","properties":{},"children":[{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Brute force"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Phishing scams"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Malware usage"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Public WiFi"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"li","properties":{},"children":[{"type":"text","value":"Data and site breaching"}]},{"type":"text","value":"\n"}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Brute Force Attack"}]},{"type":"text","value":". Sometimes the type of passwords we’re using just aren’t the strongest out there. This means that most people are only making a potential criminal’s job look like a "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"walk in the park"}]},{"type":"text","value":"."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Think of it like this"}]},{"type":"text","value":": How many times have you ever forgotten a password, only to guess it right in a few trials? Sometimes guessing is what it takes for a hacker to crack your secret codes. "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Keep this in mind"}]},{"type":"text","value":": It is not about a thief sitting behind their computer all day long trying to crack your passwords. Let me explain."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Criminals usually use some incredibly accessible and sophisticated programs that automatically guess your common passwords—thanks to technology. This process can often be completed within 24-hours."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Tip"}]},{"type":"text","value":": Use passwords that are more difficult to guess. The kind that you almost need to write them down somewhere to "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"refer back to"}]},{"type":"text","value":" whenever you want to use them for authentication. Use a combination of special characters (</#>@*%), numbers (0123…), and mixed letters (AbXyz), to make guessing your password look more like a wild goose chase to a potential hacker."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"https://guard.io/blog/how-to-protect-yourself-against-phishing-scams"},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Phishing Scams"}]}]},{"type":"text","value":". This is certainly the most common method of credential theft you’re probably aware of. It involves thieves taking advantage of your vulnerabilities and stealing the important data."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"It happens when someone sends a message (SMS or email) along with a malicious link. Mostly, these messages look very legit until you click the link and deliver your credentials to the thief on a silver platter—then you realise you have just been hit by a hacker who then uses your info to bypass online security just like you would."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Tip"}]},{"type":"text","value":": If you’re a corporate body, educate your team thoroughly about these things to save your company from the nightmare. Because they’re often the targets of these fascinating phishing attempts. Encouraging them about not clicking malicious links, or filling suspicious forms will keep your business safe."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Malware Usage"}]},{"type":"text","value":". Malware, also known as "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"spyware"}]},{"type":"text","value":", is a variety of malicious programs, and formats that cybercriminals use to steal the data. Usually, it happens when you’re surfing the web unsecurely and a malware program sneaks in, and instals itself on your device without your consent."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"The problem starts when the unwanted program has successfully installed itself on your device. The spyware can log your special "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"keystrokes"}]},{"type":"text","value":", and even remember your "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"browsing history"}]},{"type":"text","value":". It can also develop some nefarious pop-up ads that can capture your login credentials, or even crash the whole system."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Tip"}]},{"type":"text","value":". Make use of VPN(s) and modern network security extensions to safeguard your online activities. Such tools like "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"https://guard.io/plans","title":"Guardio Plans page"},"children":[{"type":"text","value":"Guardio"}]}]},{"type":"text","value":" have gone the extra mile to establish an advanced Chrome security extension that can tip you whenever something is up, and even get rid of all threats on site. The tool has a sharp eye to detect and eliminate even the most difficult backdoor Trojans."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Public WiFi"}]},{"type":"text","value":". In today’s economic world, chances are, you don’t just do all the work from an executive work office setting. Working from remote, home, cyber, or any other place, perks plenty of rewards that can make us almost forget real internet security threats."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"What’s the case in point, here"}]},{"type":"text","value":"? The sharp sword of a public WiFi, of course. Although it is obviously amazingly convenient, a public WiFi can pose real threats to your credentials. When someone connects to a public WiFi on their work computer, there is a high chance that something can, or does happen."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"If, let’s say, you or your work colleagues login with their passwords while using a public WiFi, these details can easily be captured or compromised by criminals who are often fishing for potential victims, thanks to the process called traffic monitoring. Hackers are usually armed to the teeth. They deploy certain programs that often keep an eye on public networks."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Tip"}]},{"type":"text","value":". Keep away from public networks whenever possible because the thief is always on the watch. Their creepy malicious apps will always notify them of a potential login, and that is how your nightmare begins."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Data and Site Breaching"}]},{"type":"text","value":". Anyone who lives and breathes internet is certainly doing this. It is not a new thing to give out our information to websites of interest. Some of which are secure sites but some others are, well, let’s just say, not secured enough."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Further, it is quite common to sign up on Facebook, or order take-outs online. However, it helps if we also understand what might happen if, say, the data we are sharing with other sites is breached. Typically, an identity thief can get into popular sites and steal this valuable piece of information."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"This can happen in a dozen ways. One way is through "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"remote file inclusion"}]},{"type":"text","value":" (SQL injections). Once a criminal has a grip on your sensitive data, they can share it to other phishing websites, or take it to the underground markets (the "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"dark web"}]},{"type":"text","value":") where this kind of info is a goldrush."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Tip"}]},{"type":"text","value":". Don’t use weak passwords on any online accounts. And don’t use one password fits all. Use different passwords on different accounts. Because if, say, a criminal gets hold of one of your passwords, they probably have all your accounts to feast on."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h3","properties":{"id":"how-are-credentials-compromised","style":"position:relative;"},"children":[{"type":"text","value":"How are Credentials Compromised?"},{"type":"element","tagName":"a","properties":{"href":"#how-are-credentials-compromised","ariaLabel":"how are credentials compromised permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Criminals are always using various tactics to gain unauthorised access to valid or genuine credentials on a network. Once they get this info, they have a way of creating perseverance on the network. They move around covertly, and they start escalating privileges and cause havoc to your organisation."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"For this reason, extra attention is paid to safeguard user credentials. However, this is more often said than done. Despite the idea of "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"rotating passwords"}]},{"type":"text","value":" and information security training, many people are still likely to reuse their old passwords, or create weak ones. Some are still likely to even fall prey to phishing scams."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"There are many tricks and tactics criminals use to compromise your credentials"}]},{"type":"text","value":". Table 1.1. shows some common ones."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Common Methods Criminals Use to Compromise Credentials"}]},{"type":"text","value":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"},{"type":"element","tagName":"table","properties":{},"children":[{"type":"element","tagName":"thead","properties":{},"children":[{"type":"element","tagName":"tr","properties":{},"children":[{"type":"element","tagName":"th","properties":{},"children":[{"type":"text","value":"Type of Attack"}]},{"type":"element","tagName":"th","properties":{},"children":[{"type":"text","value":"Description"}]}]}]},{"type":"element","tagName":"tbody","properties":{},"children":[{"type":"element","tagName":"tr","properties":{},"children":[{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"Brute Force Attack"}]},{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"The criminal tries to authenticate by iterating through a list of secret codes or passwords, and hope that one would work."}]}]},{"type":"element","tagName":"tr","properties":{},"children":[{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"Credential Stuffing"}]},{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"This is when a criminal uses stolen account names with a combination of passwords that have been stolen from other databases, and hopes for a success."}]}]},{"type":"element","tagName":"tr","properties":{},"children":[{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"Social Engineering"}]},{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"Criminals often use trickery tactics that are so convincing in a way you can almost be tricked into delivering your network credentials on a silver platter."}]}]},{"type":"element","tagName":"tr","properties":{},"children":[{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"Password Spraying"}]},{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"Password spraying is an act of trying to login with a recognised username, and trying out commonly used "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"weak"}]},{"type":"text","value":" or "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"unsafe passwords"}]},{"type":"text","value":"."}]}]},{"type":"element","tagName":"tr","properties":{},"children":[{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"Keyloggers"}]},{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"These are malicious programs which, if sneaked and installed in your network, can capture your logs through keystrokes and pass the info to the hacker. The hacker then uses these details to create a duplicate account."}]}]},{"type":"element","tagName":"tr","properties":{},"children":[{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"Phishing and spear-phishing"}]},{"type":"element","tagName":"td","properties":{},"children":[{"type":"text","value":"This one here is quite popular. It involves scam messages that contain malicious links. Criminals can trick you to enter valid passwords on malicious pages."}]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h3","properties":{"id":"what-is-credential-abuse","style":"position:relative;"},"children":[{"type":"text","value":"What is Credential Abuse?"},{"type":"element","tagName":"a","properties":{"href":"#what-is-credential-abuse","ariaLabel":"what is credential abuse permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Credential abuse is the use of jeopardised passwords or secret codes to authenticate applications with an intention of stealing information. Credential abuse happens or starts when a malicious bot, or a cybercriminal fools you and steals your account login details."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h3","properties":{"id":"what-do-hackers-do-with-stolen-credentials","style":"position:relative;"},"children":[{"type":"text","value":"What Do Hackers Do With Stolen Credentials?"},{"type":"element","tagName":"a","properties":{"href":"#what-do-hackers-do-with-stolen-credentials","ariaLabel":"what do hackers do with stolen credentials permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"Just as the identity theft scam is explained on "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"TRENDMICRO.COM"}]},{"type":"text","value":", credential theft is surely a "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"gold mine"}]},{"type":"text","value":" for hackers. And people are already aware that it can happen in any fashion due to high recorded cases. "},{"type":"element","tagName":"strong","properties":{},"children":[{"type":"text","value":"Technically, the dark web is where your stolen information often gets"}]},{"type":"text","value":". The stolen info is then sold for profits to other criminals who would commit various frauds with such details."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h4","properties":{"id":"staying-safe","style":"position:relative;"},"children":[{"type":"text","value":"Staying Safe"},{"type":"element","tagName":"a","properties":{"href":"#staying-safe","ariaLabel":"staying safe permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"element","tagName":"a","properties":{"href":"https://guard.io/plans","title":"Guardio Plans page"},"children":[{"type":"text","value":"Guardio's"}]},{"type":"text","value":" cybersecurity tools, keeps your browing safe and secure. It blocks phishing attacks, secures your social accounts, and keeps you protected from credential theft."}]},{"type":"text","value":"\n"},{"type":"element","tagName":"h4","properties":{"id":"why-guardio","style":"position:relative;"},"children":[{"type":"text","value":"Why Guardio?"},{"type":"element","tagName":"a","properties":{"href":"#why-guardio","ariaLabel":"why guardio permalink","className":["anchor","after"]},"children":[{"type":"element","tagName":"svg","properties":{"ariaHidden":"true","focusable":"false","height":"16","version":"1.1","viewBox":"0 0 16 16","width":"16"},"children":[{"type":"element","tagName":"path","properties":{"fillRule":"evenodd","d":"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"},"children":[]}]}]}]},{"type":"text","value":"\n"},{"type":"element","tagName":"p","properties":{},"children":[{"type":"text","value":"With over 1.5 million happy customers, Guardio is your #1 ally in the digital age. Offering tools and alerts to keep scammers at bay. Try it out with a "},{"type":"element","tagName":"a","properties":{"href":"https://guard.io/plans","title":"Guardio Plans page"},"children":[{"type":"text","value":"7-day free trial"}]},{"type":"text","value":" and see how it strengthens your online security!"}]}],"data":{"quirksMode":false}}}}}},"pageContext":{"title":"Credential Theft","slug":"credential-theft","keepLearning":[{"title":"Cybersecurity","slug":"cybersecurity"},{"title":"DDoS","slug":"ddos"},{"title":"DNs Hijacking","slug":"dns-hijacking"}],"breadcrumb":{"location":"/dictionary/credential-theft","crumbs":[{"pathname":"/","crumbLabel":"Homepage"},{"pathname":"/dictionary","crumbLabel":"dictionary"},{"pathname":"/dictionary/credential-theft","crumbLabel":"credential-theft"}]}}},"staticQueryHashes":["1614255152"]}