Hypersecu Blog

Check in weekly for news, events, and security tips

5 Ways Hackers are Stealing Passwords

Think Your Passwords are Safe?

Think again. Hackers can steal your static passwords a bunch of different ways; it’s easier than you might think. Hackers have hundreds of ways to steal your credentials and their techniques become more and more sophisticated every day. In 2012, password theft alone increased by 300% with identity theft going up by 33%.

© | Dreamstime.com

Hackers Are Hard at Work

As my co-worker Greg puts it:

“Remember Alita: it’s their job.

They put the food on the table hacking accounts, and their kids want new shoes, iPhones, and a bigger house. Right now, they’re hacking you and their kids are screaming, ‘Dad, can I get the new iPad for Christmas?’ and our sweet hacker says to himself, ‘After I clear out this bank account you can, ha ha!’

If you prefer to leave donations to hackers, feel free to skip authentication protection. If you’re not the type to donate to criminals, use a security token.”

Well, I’m the donating type, but I prefer to choose who and when I give my money among other things to people. I’m discovering that the amount of people who use static passwords is far beyond what I thought—some of these people even use the same password for many different websites and accounts. And no, Mom, it is not a good idea to keep all your passwords saved in a list on your computer. I’ll be sending her a Hypersecu token later today. I’m sure after reading my blog, she’ll want one.

It seems a lot of people assume that they need to be a big target to get hacked or they just aren’t aware how easy it is for a hacker to steal your credentials. But it’s much simpler and happens more often than you think.

How Hackers Break In

Here’s a breakdown of 5 ways hackers can get into your accounts:

1. Mass Theft – Well, guess what—more than 60% of people use the same username and password for all their accounts. (Link to article) Hackers run programs that enter stolen username and password details on tens of thousands of sites until one hits. Then they have access to your accounts and credentials. If you use the same username and password on all accounts, that can leave you extremely vulnerable. If you use different, complex passwords, though, it’s near impossible to remember everything, which is what makes some people just write them down, defeating the purpose. Others just use the same old password on everything. The new HyperFIDO U2F token protects you from those kinds of attacks while making sure you never have to remember or come up with a complicated string of digits and symbols just to keep your accounts secure.


2. Wi-Fi Traffic Monitoring Attacks - Have you ever connected to a public Wi-Fi and logged into any accounts? Then your password could’ve already been stolen. A common attack is Wi-Fi traffic monitoring, where a hacker uses a simple application that can easily be downloaded from the internet for free to watch all traffic on a public Wi-Fi network. Once you enter your username and password, the software notifies them and the hacker intercepts the information. Simple as that—they now have your username and password for that site. It only takes a few more minutes to use a program like the one above to try other sites you may have used the same password and login combination on. Pretty soon, they’ve got access to a whole swath of your information and it’s only a matter of time for them to get the rest.


3. Phishing Attacks Type 1: Tab Nabbing - Phishing attacks over the years have become more sophisticated. Say it’s your bank, and to confirm your purchase on your debit card, they ask you to click on a link. The website looks legit, but it’s actually a fake site that looks exactly like the real site—hence, they’ve “nabbed” your tab. When you enter your credentials, the site redirects you to the real site. Boom, they have your info. In some cases, the fake site will ask for additional info including Social Security or Social Insurance Number. I actually went into my bank and asked them under what circumstances would I get a call or email from them, after getting several emails and calls claiming to be from my bank. I wanted to know what a legitimate correspondence would look and sound like. My bank assured me that I would NEVER receive correspondence from them via email and if they called, it would be a person from my local branch unless I had requested a call back from one of their service departments. 

Again I defer to Greg: “Beware of links in dodgy emails.”


4. Phishing Attacks Type 2: Key Logger Attacks – Mostly this occurs when you get that dodgy email, click it, and then click the ever-so-interesting attachment and unbeknownst to you, a malicious JavaScript is injected into your browser. SURPRISE!! Without your knowledge, every detail you type, including username and passwords, are recorded and sent to the hacker. Back in 2006, fake e-greeting cards were very popular with hackers for injecting key loggers into your browser. You get this lovely e-greeting expecting a nice holiday message and instead you get hacked and all the little hacker children get iPads for Christmas. (Link to Article)


5. Brute Force Attacks – Most passwords are simple and can be guessed within a specific number of tries. “123456” is still the most common password on the planet. (Link to Article) I think we’ve all had the experience of forgetting what password we used on an account and trying all of the passwords we have been using in the last few years; you know that if you try enough of them, eventually one will be right. Hackers use tools that can crack your password by simply entering different passwords over and over until it’s cracked; these tools can easily be downloaded for free. Within 24 hours, most passwords are cracked and the hacker has access. If you insist on using archaic static password, please use a long complicated one. You might think long complicated passwords are no fun, so you may end up with a neatly organized list containing all your websites, usernames and passwords stored on your computer—this makes things even easier for the hackers.

Security is Everyone’s Job

Of course, the responsibility to keep our confidential information is secure does not rest solely on our shoulders. Yes, we need to make sure we are not needlessly giving access to hackers, but we also need to make sure that websites, companies, and other individuals with access to our sensitive information are doing their part to keep our information secure. It does me no good to keep my credentials safe then hand them directly to someone with no security plan in place. Check out my other blogs for security tips.

Do you still think your passwords are safe?

In my next post I will tell you about the next big thing. Until then as Greg would say: “Good luck with the hackers.”

-Alita Blair
This email address is being protected from spambots. You need JavaScript enabled to view it.
Hypersecu Information Systems, Inc.