Fight the Phish: Stop Cybercriminals From Stealing Your Credentials

This week’s message for Cybersecurity Awareness Month is about fighting phishing attacks — stopping cybercriminals from tricking people into exposing their usernames, passwords and other personal information. Many of today’s digital consumers are aware of criminal hackers and able to spot their bogus text and email baiting tactics. But they may not know how bots are using last year’s phished usernames and passwords in this year’s account takeover (ATO) attacks.

Nowadays, cybercriminals don’t need to go phishing to catch user credentials; they can buy thousands of them on the dark web with just a few dollars. E-commerce sites can expect $5.4 trillion in e-retail revenues globally next year — and purchasing stolen credentials is an easy way for cybercriminals to get in on the action.

The low barrier to entry of credential stuffing and ATO attacks make them the perfect vehicle for automated fraud. Bot attacks were up 41% in the first half of 2021, and they’re showing no signs of slowing down. Here’s how malicious hackers steal your credentials and gain unauthorized access to user accounts, so you can fight this second generation of phishing.

Phishing is only one form of data theft

Phishing is just one way that cybercriminals can steal credentials. Other methods include social engineering, PII harvesting and formjacking. The former is the umbrella term for the use of deception to obtain credentials. Some examples include vishing, baiting, scareware and spear phishing.

PII harvesting and formjacking are sneakier. Instead of relying on manipulation tactics, cybercriminals insert malicious scripts into vulnerable code to do the dirty work for them. These scripts send the personal information entered into payment forms to criminal hackers to sell on the dark web or use for their own nefarious purposes.

Bots don’t need to go phishing to catch credentials

Hackers have (Read more...)