United branches will close at 12 p.m. on Dec. 24 and reopen on Dec. 26. Access your accounts anytime via Digital Banking, Mya Voice Assistant, or ATMs. Happy Holidays from Team United!

advice hub

Protect Your Passwords from Cybercriminals | OUCH! Dec 2024

12/12/2024 | SANS Security Awareness

  • Security
Ouch! Newsletter

Unveiling the Shadows: How Cyber Criminals Steal Your Passwords

A Digital Nightmare: Lisa’s Unwanted Exposure


Lisa, a graphic designer with a knack for creativity, lived much of her life online. She managed her banking, shopping, and social interactions through various apps and websites. One day, she noticed some strange withdrawals from her bank account — items she’d never bought from stores she’d never visited. Her social media accounts then began posting spam messages promoting odd products and services, and friends reported receiving unusual emails from her.

Panic set in as Lisa realized she had lost control over her digital identity. Her personal photos were leaked, and private conversations were exposed. Clients began to question her reliability, and her reputation took a hit. After consulting with cybersecurity experts, Lisa discovered that her passwords had been compromised. Cybercriminals had gained access to her most sensitive accounts, unraveling her digital world piece by piece. The question lingered: How did this happen?

The Underhanded Tactics of Cybercriminals: Five Common Methods

  • Social Engineering Attacks: Attackers masquerade as someone or something you know, tricking you into providing sensitive information. How it happened: Lisa received a phishing email disguised as her bank, prompting her to enter her login credentials on a fake website.
  • Malware: Malicious software like keyloggers record every keystroke, including passwords. How it happened: Lisa downloaded a fake font package that installed a keylogger, capturing her login details.
  • Brute Force Attacks: Automated tools systematically guess passwords. How it happened: Lisa used weak passwords like "lisa2020," which attackers easily cracked.
  • Data Breaches: Compromised credentials from one platform are used to access others. How it happened: A data breach on a social media platform leaked Lisa’s reused password.
  • Purchased Credentials: Cybercriminals buy stolen passwords from the Dark Web. How it happened: Lisa’s credentials were part of a sold batch of compromised accounts.

Three Key Steps You Can Take


  1. Use long, unique passwords: Opt for passphrases combining multiple words.
  2. Use a password manager: Securely store and manage your passwords.
  3. Enable Multi-Factor Authentication (MFA): Add an extra layer of protection to critical accounts.

Guest Editor

Lekshmi Nair is a senior Cybersecurity leader with 22 years of experience in Information Security Consulting and Cybersecurity Strategy. She is currently a Sr. Director of Application Security Consulting with BlackDuck Software and the founder and President of WiCyS India.

Resources

About OUCH!

OUCH! is a monthly security awareness newsletter for everyone. It is published by SANS Security Awareness and is distributed under the Creative Commons BY-NC-ND 4.0 license. You are free to share or distribute this newsletter as long as you do not sell or modify it.

Editorial Board: Walter Scrivens, Phil Hoffman, Alan Waggoner, Leslie Ridout, Princess Young.

< ;