Phone Number +1-202-802-9399 (US)

ThycoticCentrify is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Part 3: How did my password get hacked? It’s this easy…

Written by Thycotic Team

June 6th, 2017

This is the 3rd part in a 3-part series on how hackers are using simple methods to steal your passwords. In part 1 we talked about how hackers used passwords that were discovered in a previous breach in order to attempt a secondary breach. In part 2 we talked about the use of malicious scripts running on your computer, usually delivered from a malicious email.

In part 3 we’re going to talk about the final way that hackers usually obtain your password, and that’s simply by tricking you into giving it to them.

Click here, now you’ve been tricked by a website

What happens if you receive an email that appears to come from your bank with a notice that you need to update your contact information and must click on a link in order to do that? You see your Bank’s logo, and it looks like it’s coming from your Bank, so nothing concerns you and you click on that link

Do you see it? The website address above? If that was your bank’s website would you have clicked on it? Do you notice what’s wrong with it? It’s spelled M Y B A M K … bank with an “M” instead of an “N” – but you might not have realized it when you first saw it, and if everything else looks fine you might have clicked on it. You would have been brought to a website that looks just like your bank’s regular website. On that page would have been a place to enter your username and password, and in an instant, you’ve sent your credentials off to a hacker!

Ring ring, now you’ve been tricked by a phone call

Sometimes the simplest way to get your password is just to ask for it! Social Engineering has long been a practice where someone communicates with you in a way that establishes a level of trust. Either they send you an email that looks like it’s coming from another employee at the company, or they simply call you up pretending to be an employee in a dire emergency who needs immediate access to a system. In both cases, you’re faced with a split second decision:

Do I deny this request and possibly get in trouble if it’s a real request? Or do I give them my password and hope that it’s not a hacker on the call?

There are dangers all over when it comes to protecting your passwords and the access they provide, and that’s why I always say, “Take the human out of the equation”. Get started with Secret Server today, and use a centralized password management solution for your privileged accounts to ensure they’re protected at all times.

Browser-stored passwords make it easy for hackers to get inside your network.

Pinpoint risky stored passwords in minutes

Our free Browser-Stored Password Discovery Tool finds those sneaky passwords

Read Part 1 of How did my password get hacked?
Read Part 2 of How did my password get hacked?


Like this post?

Get our top blog posts delivered to your inbox once a month.