DON’T let crooks break into your email to steal your passwords and money with a “stuffing” attack.
Cyber-experts are warning email users to avoid making mistakes that make it more likely you’ll end up as a hacking victim.
1
Even if you use a trusted email app like Google’s Gmail or Microsoft Outlook, you’re still at risk of being hacked.
That’s because the weak point of your email security may be you.
And the consequences of a criminal breaking into your emails are very serious.
“When a cybercriminal has gained access to your email account, they can lock you out of your account, monitor your activity, access your sensitive information, take over other accounts and impersonate you,” Keeper Security’s Tim Tran explained.
Once a criminal has entered your email account, they could use it to steal money, defraud you, and even carry out more crimes against other people.
Beware ‘stuffing’ this Christmas
A popular way for crooks to hack an email account is by using a technique called “credential stuffing”.
This requires one of your account accounts to have been hacked, or its password leaked online.
“Cybercriminals get a hold of verified login credentials either from a security breach or the dark web,” Tim said.
Most read in News Tech
“They use that set of credentials to gain access to other accounts that reuse the same password.”
It relies on the fact that most people re-use passwords across multiple accounts.
Crooks will enter your leaked password into thousands of websites looking for a match.
So if you’ve re-used your email password anywhere else, it’s a significant risk.
Two other ways to steal your password
Another similar technique is called password spraying.
This is when crooks know your username or email address, but not your password.
They’ll take a list of commonly used passwords and try it against a list of known usernames or email addresses.
The idea here is that people often opt for the same kinds of passwords, like sports team names, movies titles, or numbers.
A second tactic is called “brute forcing”, which is exactly what it sounds like.
“Cybercriminals use trial and error to guess a user’s passwords,” Tim warned.
“They will use common dictionary words, phrases, or combinations of letters, numbers and symbols to guess your passwords.
“They use programs to input every possible combination and rely on people using weak passwords that are short and predictable.”
How to stay safe
There are plenty of ways to stay safe from these attacks.
But following three rules will do much of the work for you.
To avoid credential stuffing, make sure to never re-use passwords.
And to beat password spraying, ensure you’re not using passwords that someone else might have used.
Thirdly, to trump brute force attacks, make sure all of your passwords are long and strong – with numbers, symbols, and a mix of letter cases.
Also, make sure to set up multi-factor authentication on your email account.
Read more on The Sun
That way you’ll need a code to log-in in addition to your password.
This gives you extra protection if your password has somehow been compromised by criminals.
