Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Part 2: How did my password get hacked? It’s this easy…

Written by Thycotic Team

May 24th, 2017

I’ll pick up where we left off in Part 1: How did my password get hacked? That’s where I explained that the reason your account was hacked was probably NOT due to some sophisticated state actor from China or Russia.

So to recap, the top three reasons your password was hacked were most likely:

  • You had a different account that was already compromised
  • You downloaded a malicious program on your computer without knowing it
  • You accidentally gave your password to someone without knowing it

We covered the first one in Part 1, so let’s move on to the second one.

You downloaded a malicious program on your computer without knowing it

Unfortunately, of all of the ways your account could be compromised, this is probably the easiest one and the one that is happening more often than not these days.

Attackers are starting to get smarter and more sophisticated with convincing the average person to unknowingly install malicious applications on their computer.  It’s important to always be aware, so here are the two primary ways you may inadvertently fall into the trap:

Visiting a Malicious Website

The internet is full of exciting, informational, and wonderful content (such as this very article!) but it is also full of just as much terrifying stuff.  It’s not always easy to know for sure if you’re on a malicious website or a good one.  One rule of thumb: never download an application unless you know exactly what it does and exactly where you’re downloading it from.  If you’re unsure, a handy tip is to simply google “Is application.exe safe” and replace ‘application’ with what you’re attempting to download.

When it comes to your work computer, it’s better to be safe than sorry and never download applications from anywhere.  Always submit an IT/Helpdesk ticket to install any software that you need on your computer.

Receiving a Phishing Email

This is happening more every day as it’s arguably one of the easiest ways to get into a network.  Malicious attackers are sending emails to regular, non-security aware employees, to try and get them to download a file that will run a malicious program.  They are even able to make the email seem like it’s coming from another employee!  It’s not hard to find out who else works at your company and to send you an email that looks like it’s coming from your CEO.  Often times they will send an email that says something like “Please review the attached invoice”, and when you click on that file and open it, a malicious program will run and start installing malware on your system.  This malware sits and waits until you or an IT admin types in their password.  Once it captures it, it can send that password back to the attacker to use.

Protecting passwords is everyone’s responsibility

If your organization has not put you through any type of security awareness training, we highly encourage you to ask your Security or IT Department if they can.  If there is no time for it, we have a lot of free resources where you can help educate yourself, such as:

1.) Privilege Security eLearning Course Free: Boost your career and your credentials with this private online course that teaches you the basics of Privileged Account Management. 

2.) PAM for Dummies: A fast and easy read to get your up to speed on Privileged Account Management security basics.

Hopefully, these are helpful for you.

Read Part 1 of How did my password get hacked?
Read Part 3 of How did my password get hacked?


Like this post?

Get our top blog posts delivered to your inbox once a month.