Credential theft is still one of the main targets of cybercrime, as evidenced by Verizon’s new Data Breach Investigations 2020 Report.
These attacks are often successful due to an insidious strategy combining Phishing techniques and malware created for this specific purpose.
More and more malware, especially newer ones, are designed to steal all the data related to accounts, nicknames and passwords saved in web browsers. In recent years these programs have evolved, stealing information from Facebook, Amazon, eBay, PayPal, YouTube and browsing history.
Considering that about 50% of employees use the same password for both work and personal purposes, it’s easy to imagine what the risks for any organization could be.
Phishing and Malware to Steal Your Credentials
There are two main ways a hacker can infect computers with this type of malware:
1. Phishing emails: these messages contain a malicious attachment that, once downloaded, activates malicious code. This code can steal administrator credentials, passwords, credit card numbers, payment information and much more.
2. “Trap” websites: these sites attract users to click on links in their scam pages. Just a click on these fraudulent links could download this malware, designed to steal credentials.
How to protect your credentials
- Never open attachments in an email if you’re not sure of their source
- Check email senders and addresses carefully to verify the sources
- Never click on links in suspicious emails
- Only browse official websites
- Never download software or movies from illegal sites
- Update your antivirus and your browsers regularly
- Use a professional password manager
The human factor can defend money, privacy and business
Protecting yourself against this type of cyber-attack is only possible through training paths of threat awareness.
Learning to recognize cyber threats is the turning point in behavioural change and creating a cyber awareness culture.
Risk Awareness is by far the most effective way to protect yourself and your organization.
So, are passwords saved in browsers safe?
To be clear, the answer to this question is no. This method is unsafe, because information could get violated by malware developed for this specific purpose.
Clearly, the more you protect the security of our device, with cautious behaviors and professional antivirus/antimalware software, the less likely you will suffer an attack.
Saving passwords in browsers is easy but dangerous.
Password storage is often complicated.
What can you do? Avoid worst practices:
- Don’t write down passwords on paper to remember them
- Don’t forget to choose a Professional Password Manager, which is much safer and harder to hack.
For more info…