News

News

·
224 views
·
3 mins read

All iPhone and Android users must change settings due to easy ‘stuffing’ attack that takes advantage of a common mistake to hack you

Editor
Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on telegram
Share on email
Share on reddit
Share on whatsapp
Share on telegram


SMARTPHONE owners are being warned about a type of cyber attack that takes advantage of a painfully common password error.

The attack is called “credential stuffing” and cybersecurity experts say it’s easy to prevent — but few people are using the right settings.

3

Make sure you’re not making a common password mistakeCredit: Alamy

It exploits bad password habits and strikes multiple accounts at the same time.

Now, cybersecurity giant Kaspersky is warning users about how the attack works – and what you need to do to stay safe.

“A credential stuffing attack is one of the most effective ways to take over accounts,” said Alanna Titterington of Kaspersky.

“This attack takes advantage of the unfortunate habit that many people have of using the same password for multiple services – sometimes even trusting a single password for everything.

“As a result, attackers are inevitably able to hijack accounts with passwords that victims have used on other platforms.”

STUFFED!

Passwords in hacker databases typically come from three sources.

They can be stolen through fake websites or phishing emails.

Or they could have been “intercepted” through malware installed on victims’ devices.

And another common source is when a website or application suffers a serious breach that leads to passwords being leaked.

Passkeys are your key to a safer digital world

For example, Kaspersky notes a 2013 Yahoo breach that led to three billion accounts being leaked.

One thing that works in your favor is that having complicated passwords can help.

“It is important to note that services do not typically store passwords in plain text, but use so-called hashes,” explains the Kaspersky memo.

“After a successful breach, attackers need to crack these hashes. The simpler the password, the less time and resources it will take to crack it.

Reusing passwords can be tempting if you opt for long, strong passwords – but don't risk it

3

Reusing passwords can be tempting if you opt for long, strong passwords – but don’t risk itCredit: Apple

“Therefore, users with weak passwords are at greater risk after a data breach.”

But even very strong passwords can still be cracked given enough time.

SAFETY FIRST!

Therefore, the main defense against credential stuffing is to ensure that you never use the same password twice.

A password manager – like iPhone's iCloud Keychain – can keep you safe

3

A password manager – like iPhone’s iCloud Keychain – can keep you safeCredit: Apple

This may seem difficult if you are also trying to follow the rule of only using long and complicated passwords.

Consider using a password manager, which can store and even generate strong, unique passwords for all of your app logins.

This way, you don’t have to remember passwords manually – and you’ll be protected against credential stuffing attacks.

Many password managers now even warn you if your login has been breached or is being reused.

Phone scam statistics

Americans are bombarded with three billion spam calls per month. What are the numbers regarding the number of victims and the amount of money lost to fraudsters

  • In 2022, Americans lost an estimated $39.5 billion to phone fraud, with 68.4 million US citizens affected, according to TechReport.
  • The average phone scam victim lost $567.41 each in 2021, a huge increase from the figure of $182 per victim in 2021, according to Hiya.
  • Most scams happen over the phone, with fraudsters twice as likely to call compared to text in 2021, as the Federal Trade Commission (FTC) reports.
  • In 2021, the US saw a 56% increase in spam phone calls, with 60% of those robocalls.
  • US residents receive an average of 18 spam phone calls per month, although some experts believe the real number could be as high as 31 per month.
  • Many phone calls from reputable companies can be mistakenly marked as spam, but 38% of companies have no idea whether they are being marked as “potential fraud” or not, according to Hiya.
  • Never provide personal or financial information if you suspect a phone call is a scam. For example, your bank will never ask for these full details over the phone.
  • To reduce spam calls and scams, sign up for the Do Not Call Registry. Telemarketers, by law, will need to check this list before calling you.
  • Downloading third-party apps like Hiya, Nomorobo or Truecaller can help filter annoying spam calls.
  • Try not to share your phone number unless necessary, especially online or with sketchy sources.

If you have one iPhoneyou can take advantage of the iCloud Keychain built into iOS.

AND Android Phone owners can try Google Password Manager.

Also, make sure you have two-factor authentication set up on all your accounts.

If login requires an authentication text or code, this will prevent criminals who have obtained your password from logging in.



This story originally appeared on The-sun.com read the full story

Post Views: 224

Support fearless, independent journalism

We are not owned by a billionaire or shareholders – our readers support us. Donate any amount over $2. BNC Global Media Group is a global news organization that delivers fearless investigative journalism to discerning readers like you! Help us to continue publishing daily.

Support us just once

We accept support of any size, at any time – you name it for $2 or more.

Related

More

1 2 3 5,921
Copyright 2024. All rights reserved. Designed by BNC Global Media Group.

Don't Miss

Deadly building collapse leaves dozens trapped

A rescue operation continues in South Africa after a five-story

New blow for Putin as his air defense forces shoot down his own helicopter, killing 4 crew

VLADIMIR Putin suffered a further blow yesterday when his air