Technology

Why passwords are weak link in war on online fraud

passwords-pic

Experts are now warning Kenyans against using ‘weak’ passwords in accessing corporate services or their personal accounts as 30 percent of individuals were attacked online by cybercriminals in September this year.

According to Kaspersky, a global cyber security and digital privacy company, one should use at least two-factor authentication to access their personal accounts in order to avoid their personal data and information from being stolen or used by password stealers.

All these threats arise due to an increase in sophisticated malware programs invented across the globe.

Passwords that are weak or easy to guess are more common than you might expect. According to current findings from UK’s National Cyber Security Centre (NCSC), one in six people uses the names of their pets, date of births or their names as their passwords, making them highly predictable.

To make matters worse, these passwords tend to be reused across multiple sites, with one in three people (32 pc) having the same password to access different accounts.

Kaspersky experts noticed increased activity from fraudsters stealing passwords by using special malware called Trojan-PSW, which are stealers capable of gathering login and other account information, including any personal data – from gaming websites and streaming accounts (online banking).

According to their data from 2020 to 2021 on the number of attempts to infect and attack, the research shows that if no serious action is taken, the increase in cybercrimes and frauds will continue in the coming years.

The data showed that between January and September 2021 there were more user attacks compared to the same period in 2020.

There were approximately 160,000 more targets across the world in September than in April, an increase of 45 percent. In recent months, Kaspersky experts have also seen a sharp rise in the number of attempts to infect users

The total amount of detections also increased compared to the previous year– from 24.8 million to 25.5 million.

There are several ways stealers use to crack down one’s password, including social engineering which is rooted in the idea of deceiving or manipulating people into divulging their information or taking a certain action. Common social engineering methods used to steal passwords include phishing and using a trojan horse. A less common approach is shoulder surfing, in which the hacker simply watches a user type in his or her password.

To protect user credentials, people are advised to use Multi-Factor Authentication (MFA) to enable authentication defense for users. This adds a security layer to logins beyond just a simple username and password and it helps ensure that hackers cannot access your systems even if one of your passwords becomes compromised.

“As statistics show, logins, passwords, payment details and other personal data continue to be an attractive target for cybercriminals, and they remain a popular commodity on the dark market. For this reason, we encourage Internet users to take extra steps to protect their accounts,” says Denis Parinov, a security expert at Kaspersky.

“Increased scammer activity using password stealers also suggests the need for users to be more careful, not to follow unverified links and to use an updated security solution.”

To avoid falling victim to malicious programs and scams aiming at stealing credentials, Kaspersky advises users to always keep software updated on all the devices they use to prevent attackers from infiltrating the network by exploiting vulnerabilities.

“Avoid posting online personal information that may give away your identity, such as your address, your personal phone number, your email address, and so on. Before sharing anything, consider the unintended consequences and do not share anything that might compromise your or someone else’s privacy,” Mr Parinov says.

[email protected]