+1-202-802-9399 U.S. Headquarters

Thycotic’s CyberSecurity Publication

POPULAR CATEGORIES

Part 3: How did my password get hacked? It’s this easy…

June 6th, 2017


SHARE THIS

Tags

This is the 3rd part in a 3-part series on how hackers are using simple methods to steal your passwords. In part 1 we talked about how hackers used passwords that were discovered in a previous breach in order to attempt a secondary breach. In part 2 we talked about the use of malicious scripts running on your computer, usually delivered from a malicious email.

In part 3 we’re going to talk about the final way that hackers usually obtain your password, and that’s simply by tricking you into giving it to them.

Click here, now you’ve been tricked by a website

What happens if you receive an email that appears to come from your bank with a notice that you need to update your contact information and must click on a link in order to do that? You see your Bank’s logo, and it looks like it’s coming from your Bank, so nothing concerns you and you click on that link www.mybamk.com.

Do you see it? The website address above? If that was your bank’s website would you have clicked on it? Do you notice what’s wrong with it? It’s spelled M Y B A M K … bank with an “M” instead of an “N” – but you might not have realized it when you first saw it, and if everything else looks fine you might have clicked on it. You would have been brought to a website that looks just like your bank’s regular website. On that page would have been a place to enter your username and password, and in an instant, you’ve sent your credentials off to a hacker!

Ring ring, now you’ve been tricked by a phone call

Sometimes the simplest way to get your password is just to ask for it! Social Engineering has long been a practice where someone communicates with you in a way that establishes a level of trust. Either they send you an email that looks like it’s coming from another employee at the company, or they simply call you up pretending to be an employee in a dire emergency who needs immediate access to a system. In both cases, you’re faced with a split second decision:

Do I deny this request and possibly get in trouble if it’s a real request? Or do I give them my password and hope that it’s not a hacker on the call?

There are dangers all over when it comes to protecting your passwords and the access they provide, and that’s why I always say, “Take the human out of the equation”. Get started with Secret Server today, and use a centralized password management solution for your privileged accounts to ensure they’re protected at all times.

Browser-stored passwords make it easy for hackers to get inside your network.

Our free Browser-Stored Password Discovery Tool finds those sneaky passwords

Read Part 1 of How did my password get hacked?
Read Part 2 of How did my password get hacked?


The following two tabs change content below.
mm

RJ Gazarek

RJ has nearly 10 years of experience in Marketing from government contracting to cybersecurity. While most of his career was focused on demand generation for small business, he’s recently found a thrill in bringing a structured Product Marketing program to a high velocity organization. With a background in IT and a degree in Psychology, RJ is able to help accelerate product initiatives at Thycotic that center around understanding what our customers need and how to help provide them with the tools that protect them from catastrophic data breaches.

Leave a Reply

*