There are plenty of tactics out there that cybercriminals use to gain knowledge of your confidential information. The most common approach taken would be to buy passwords from the dark web. There is a huge market for buying and selling login credentials and passwords on the dark web. Just remember, if you have been using the same password for years, it might be time to check if it’s been compromised.
If you’re fortunate enough to have kept your passwords off those black market lists, the next thing a cybercriminal will have to do is crack your password. Cybercriminals will tend to select or use one of the most common methods to crack your password. An attack can be directly aimed at your account or even a leaked database of hashed passwords.
Brute force attacks
A brute force attack (also known as brute force cracking) is the equivalent of trying every key on your keyring to gain access to your house; eventually, you will find the right one. The attacker will attempt to match your password with all known password combinations until they find a match. The attacker will use automated software and try as many combinations as they possibly can in the shortest amount of time possible.
The longer a password is, the harder it is to crack – however, with the ever-increasing evolution of tech computers can process passwords much quicker than before. Anything under 9-12 characters is vulnerable to being cracked. By using a strong random password generator to create a password you can eliminate the chances of your password being subject to a successful brute force attack.
Phishing scams are an everyday occurrence, receiving an email from an entity that claims to be communicating with you directly from a company who you have an account with. In most cases, they look legitimate and some people fall into the trap. Attackers notify you of a problem or breach of your account whilst reassuring you that fixing the issue is quite simple. Simply click on the link and enter your login details – and that’s it! One-click and you’ve opened up a world of trouble.
It does not matter how strong your password is when being subject to a phishing scam, as you’re actively giving away your login credentials. So knowing how to spot a phishing scam is important. In most cases, phishing emails contain low quality or distorted images of the company logo/ branding as well as a bunch of typos. If you do click on the link’s sent, be wise to check the URL bar. Most browsers will warn you if you’re not using a secured connection (the green padlock), but ensure you’re visiting the correct website. This can give you some indication that it is not the legitimate company they claim to be.
A dictionary attack is very similar to a brute force attack but slightly different in the approach. You are essentially having a dictionary of prearranged words you’d typically find in a dictionary thrown at your account in the hopes that a match will be found. If your password is in-fact a regular word, you’d likely only survive a dictionary attack if the word you’ve chosen is extremely uncommon or a multiple word phrase.