4 things cybercriminals do to steal your passwords

Madrid. – password It is often the only thing standing between a cyber criminal and your personal and financial data, which is why it has become one of the main targets of criminal practices.

Cyber ​​security company ESET has compiled the four most prevalent techniques used by cybercriminals to get… passwords People have access to their accounts.

Phishing and social engineering

The most commonly used attack technique takes advantage of the human tendency to make wrong decisions, especially when they make a decision in a hurry. cyber criminals They take advantage of these weaknesses through social engineering, a psychological trick designed to get people to do something they shouldn’t.

Phishing is one of the most famous examples. In this case, the criminals pretend to be legitimate entities, such as friends, family, businesses the user has dealt with, etc.

These emails or texts will appear genuine, but include a malicious link or attachment that, if clicked, will download malware or take you to a page that provides personal data.

Malware

Another common way to get passwords is through malware or malware. Phishing emails are the main drivers of this type of attack, although you can also become a victim by clicking on a malicious ad (a malicious ad), or even visiting a hacked website (through a download).

As ESET explained, malware can hide in a legitimate-looking mobile app, which is often found on third-party app stores.

There are several types of information-stealing malware, but some are designed to record keys a user presses on a keyboard or to capture device screenshots and send them to attackers.

brute force

It is estimated that the average number of passwords a person has to manage increased by 25 percent year-on-year in 2020. Many people use easy-to-remember passwords and reuse them across multiple sites, but this may open the door for that- called techniques Massive force.

Credential checking is one of the most common attacks. In this case, the attackers inject large amounts of combinations of previously stolen usernames and passwords into the bots.

The tool then tests them across a large number of sites, hoping to find a match. This way, criminals can open multiple accounts with one password.

By one estimate, last year there were 193 billion attempted attacks of this type worldwide. One of the most notable victims of late has been the Canadian government.

Another brute force technique is random password testing. In this case, hackers use an automated program to test a list of commonly used passwords against an account.

To look over the shoulder

Although there are many ways to steal the password by default, it is worth noting that there are still ways to find out the password in the physical world that pose a risk.

This is the case of what is known in English as shoulder surfing, which is simply called “looking over the shoulder” in Spanish. Not only does this affect the credit card PIN, ESET has conducted experiments that show how easy it is to guess a Snapchat password using this system.