How often do we think about what information footprint we leave in the digital space, what data potential hackers and criminals may have in the public domain
After all, it is one thing to share information in a private conversation, and another – when it comes to online correspondence, telephone or online rallies, registration on forums or in various applications. And then we completely forget what resources we registered on
According to FinTech, the global volume of data leakage in 2020 increased by 80%, and the number of phishing attacks in February of the same year increased by 600% – a record in global information security practice. In most cases, attacks on companies or specific people took place in order to obtain personal- 65% and financial information – 23%
Based on the experience of investigating such cyber incidents, we can conclude that the main reason is the security of users in relation to the complexity of account passwords. Wealthy and influential users are the main victims of “digital criminals”
To explain simply what a data leak is – this is when hackers can obtain information by hacking the operating system installed on a mobile phone, social network account, email. With full information about the person, his relatives and friends, the mother’s maiden name and nickname of your favorite cat or dog – you can hack e-mail, social media account, account, which stores all user information. The hacker can then access more sensitive information. For example, a bank account, with known logins and passwords to the system Privat24, PayPal and other critical accounts
We all know that when registering in any application or account, in a particular data exchange system, you must specify a contact email, which is automatically sent a link for activation, which allows you to log in to your personal account, change your password, etc. Even without such links, personal email contains emails that specify logins and passwords to log in to personal online resources. As a result, the system identifies the user, however, in fact, an attacker is hiding under his account
In our practice, we regularly encounter such incidents. When we contact a client, we make sure to fully diagnose the IT system and personal information used by the client. In such a diagnosis, we rely on our experience, monitor the presence of errors that our experts often find during a security audit of the system
What are the most common mistakes?
First, one of the most dangerous and common mistakes is the same password on all services. For example, the date of birth of your child or wife when entering online banking, smartphone, etc., the security system on all resources of his test. But at one point, the user enters the same password to order a purchase in an online store that has already broken the system of protection of personal data of customers or gets on the phishing site. As a result, the attacker gets full access, so to speak, finds the key to all the doors
Secondly, the phishing mentioned earlier. This is sending fraudulent messages with suggestions, requests, even threats. Most often, they are accompanied by links, after which the recipient of such messages gives the attacker access to his smartphone, laptop or application
Third, free e-mail services. We noticed that mostly Generation X people rarely change passwords in their mailbox, but often distribute it to contractors and any interlocutors. After a short period of time in the mail with the name [email protected] and the password vasya123 accumulates such an amount of information, access to which can destroy the business or reputation of the person and his partners
n November 2020, NordPass, a provider of solutions for password managers, published a ranking of the most popular user passwords. According to the above information, only 44% of the analyzed 275,699,516 passwords were “unique”. As in previous years, the top five use passwords are: “123456”, “123456789”, “picture1”, “password” and “12345678”. Deciphering each of them will take seconds. Less than half of the password list is unique and new.
Every year, the number of tools for cybercriminals increases, but if users of online services follow a few simple rules – you can reduce the risk of data leakage at times, even if you lose your smartphone or computer: