- Noticias de seguridad
- Online Privacy
- National Cybersecurity Awareness Month: Protecting Your Online Accounts
From picking clothes and paying bills to communicating and job hunting, people are increasingly logging on to sites and online services that promise to make life more convenient. The use of online entertainment is surging as well, as people drop traditional television in favor of subscription to on-demand services like Netflix, Hulu, and Amazon. Even music is brought to us by online services like Spotify and Apple Music. Though these services are reasonably priced and convenient, they require a certain amount of information from the consumer before they become available—needing at least an email address or phone number, or credit card details and a billing address for paid services.
While these services were designed for convenience and speed, security might not have been top priority. A spate of recent mega-breaches demonstrated just how easily personal information can be stolen online. Just last month, Yahoo confirmed that around 500 million accounts were stolen, leaving half a billion people exposed to a slew of security issues. On the underground market, Netflix passwords are easy to find, besides PayPal, Ebay, Dropbox and other popular sites’ user credentials. Cybercriminals are hauling in account information and selling them wholesale.
What's in it for them? Pure profit. You can calculate here just how much cybercriminals gain from different site credentials.
Personally identifiable information (PII) is harvested and exploited in different ways. Credential stuffing, or using stolen usernames and passwords to crack accounts on other sites, is one way to use stolen credentials. Evidently, a lot of users recycle their passwords, which explains why this method has proven to be a largely successful practice. Compromised email addresses also open up the victim to a lot of other risks. Personal email accounts are usually used to verify other online accounts, which can give cybercriminals access to other sites from one set of credentials.
Where do they get the data?
A large cache of data is a more lucrative target than individual accounts, which is why cybercriminals go after sites with big repositories. Aside from the Yahoo incident, the breaches of LinkedIn and MySpace also leaked millions of online accounts. The sheer amount of users affected by mega-breaches from these popular sites has pushed many organizations to build up their defenses, and also prompted lawmakers to discuss stronger legislation on data breaches.
A breached site isn't always the cause for identity theft and account fraud. Sometimes the loss of information can also be attributed to individuals. Despite increasing awareness and savviness of users, many still fall prey to classic phishing scams, done using a number of different methods that range from email to malicious websites. Users aren’t entirely to blame—attackers are growing more sophisticated. Phishing scams are much more advanced, with scammers often impersonating legitimate companies and asking for login details or account credentials. There are also fake websites that ask for login details before allowing users to see certain content—something legitimate sites also do frequently. As users catch on to old tricks, scammers just make new ones.
What happens to stolen data?
Protecting your accounts:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.