Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.
You Too Can Steal Passwords to Almost Any Type of Account
All it takes is a little spare cash to gain access to any account, and it’s remarkably easy to pull off. We can’t show you exactly how to do it, but we want to emphasize that literally anyone can do this to your business. Let’s look into some of the intricacies of how stealing a password works.
Learn a Little Bit About the Victim
We’ll use Homer J. Simpson for our example, a name with a singular entry in the United States census from 1940. Simpson was born in 1914, and we are confident that there have not been any babies born with the name since the 90s. That said, we’re making everything up from here on out. If we want to make Simpson’s life difficult, it’s pretty easy to do so, even if we don’t know anything about him.
Imagine that Simpson had a MyFitnessPal account in 2018, which he used to track his health metrics. MyFitnessPal is one of the services that suffered a data breach back in February of 2018 in which 144 million accounts had their emails and passwords compromised. These types of data breaches happen all the time, and users need to be aware of the risks associated with trusting this information to any online accounts, whether it’s Sony, Wendy’s, or even Doordash.
Thanks to the MyFitnessPal breach, Simpson’s password is on the Internet and available to criminals on the dark web. Because of this, we know his name, his email, and the password he likes to use. That’s plenty of information to work with.
From here, you go on Simpson’s social media accounts to find things like his date of birth, the town he grew up in, and his mother’s maiden name. You can also use LinkedIn to find information about his job and his social network. It’s easy to do this in as short a time as 10-15 minutes. You can find out about his kids, his dog, his wife, and potentially even his address. This is also helpful information to know when cracking a password.
Most individuals use information close to them for their passwords, and while we always advocate that it’s just not a good idea, well, it’s easier for people to remember credentials in this way. You can make a lot of educated guesses as to the user’s password simply by knowing a little bit about them.
Use Software to Crack the Code
This is where the fun begins. Using software found on the dark web, hackers can crack even sophisticated passwords. If the user’s password isn’t very complex, maybe 9 or 10 characters long, or without some special characters, it could be cracked in a matter of minutes or maybe a day or two. If the user has an actually random password, though, it will take longer, but the fact that these systems can be cracked is concerning to say the least. Complex passwords will naturally take longer to crack, but most of these tools will try the more common renditions first, just to check if the victim is skimping on their password security.
Alternatively, Just Trick the User
No use beating around the bush; just use phishing attacks to steal the password and let the victim do all the work for you. Around 95 percent of modern cyber breaches are caused by a phishing attack, and it’s such a high rate of success that there’s no reason not to try using it.
All you have to do is send them an email claiming to be their bank. You might make up an excuse like there is something wrong with their account. This is usually enough to elicit some sort of strong response, as people’s money is generally a soft spot. Whatever you do, make the problem important enough to require immediate attention.
Next, send them to a webpage that you built to look like their bank’s website. You can then have them offer up their login credentials on a silver platter as they attempt to log into their account. This happens all the time, and you might be surprised by how easy it is, but the fact remains that it’s simply far too easy to pull off to not take it seriously.
Always Remain Vigilant to Cybercrime
Now that you know how easy it is for someone to crack a password, or even steal it for that matter, you should remain vigilant and always try to stay ahead of hackers through the use of multi-factor authentication tools and other security solutions. RedRock Information Security can help you stay ahead of hackers! Call us today at (616) 534-1500 to learn more.
RedRock offers a full range of compliance-focused IT services including help desk, server and network management, perimeter and endpoint security, and associated hardware and software. What makes us unique is how we bake security into everything we do. We are regulated by the FDIC, NCUA, and DIFS. We undergo regular exams and audits by 3rd party assessors. This oversight offers our customers the peace of mind that multiple entities look at our products, policies, procedures, financials, etc.