Credential Theft

  • Published: Wednesday, Aug. 12, 2020

Credential theft involves the illegal acquisition of personal information that a person or organization will use to access secure sites and data. This usually means login information and passwords used on banking, shopping and proprietary sites or systems.

The value of credential theft is that an attacker can do a lot of damage quietly and covertly without making a lot of noise and drawing attention to the crime. Why break the window out of a car when finding an unlocked car can be so much easier? This is how cyber thugs think when stealing your data.

Obtaining your credentials can be fairly easy. Phishing is the most efficient method. By sending a seemingly legitimate email requesting you to log into your account the crook has tricked you into giving them your credentials. They will direct you to a site that mimics the real site and then once you log into the webpage they have captured the credentials and immediately place them for sale on the dark web or use them to further steal your data, money or other resources.

This is where security awareness training can play a role as your first line of defense. By conditioning users to become aware of these types of attacks you can avoid costly and reputation damage.

Other mitigations should be put into place as well. Only authorized applications should be allowed, use spam filtering, patching and multi-factor authentication (MFA).

Other credential theft techniques used can be password spraying or brute force cracking and malware dropping a keylogger on your system.

Here are some tips to avoid being a victim:

  • Use MFA. This can greatly reduce the ability of a hacker to log into your secure systems.
  • Don’t use the same password for everything.
  • Don’t share your passwords.
  • Train your end users by incorporating phishing simulations.
  • Limit the number of escalated privileges in your organization to prevent lateral movement of a compromised account.
  • Immediately isolate compromised devices and change passwords of stolen credentials.