Technology

Tips to prevent the theft of credit in your personal accounts

Nuria Andres

  • Proofpoint Cyber ​​Security Strategist for Spain

Cybercriminals want to steal user passwords to gain important data and information. With just a username and password for services like Microsoft 365 or Google Workspace reach our entire universe: They may send an email impersonating our identity; View calendar, contacts, chats and files; Obtain banking credentials, social networks or collaboration tools… In short, that password is the first important barrier between a user, a cybercriminal, and a successful attack.

In most cases, the exposure of this data is involuntary on the part of users and in fact, 95% of security incidents are due to human error, hence cybercriminals. Show very little probing to “hack” a human vulnerability. They are aware of the latest news and trends to include them as their messages claim, and also play with users’ emotions to convey a certain need, or urgency, that will lead them to ultimately do the same without being verified. Inspires for what is asked of them. The information is already there and there is not even the slightest hint of doubt.


Cybercriminals pretend that victims have subscribed to a service and give them a number to 'unsubscribe'.

A very easy and lucrative business

Email is still the number one channel Due to which cyber criminals steal data and cheat billions every year. The business of cyber criminals has become synonymous with economic business today.

People who engage in this activity manage to enter wherever they want to obtain information, which is then translated into money, for example by selling user credentials on the dark web. on average, Each incident of credential theft costs organizations more than $800,000, thus becoming the most expensive cyber threat to solve. But that’s not the only shocking fact: credential theft nearly doubled in 2021, accounting for 18% of security incidents.

Many companies continue to focus on defense against external factors.
Many companies continue to focus on defense against external factors.
[xresch] Via Pixabay.com. /assembly: 20 bit.

Security against cyber threats is an ongoing challenge. Unfortunately, email fraud is a low barrier to entry for attackers, as the message is very easy to create and doesn’t require much technical knowledge. They only depend on one person clicking. Not everything though, because through the compromise of one account, attackers can breach the security of an organization and more people.


China and Russia are the two countries that control their citizens the most.

They impersonate well-known brands to deceive

You always have to be on alert. Cybercriminals also often impersonate well-known brands, security providers, and other senders trusted by the user. Purpose to legitimize their phishing email. In these unsolicited communications, the recipient has to pay attention, above all, to the domain from which they are receiving that mail, as attackers use the same domain as the legitimate one, changing a letter, giving them the confidence to To unleash that they’re getting one. Email from one domain when it actually belongs to a completely different domain.

Avoid clicking on links or attachments that appear in emails Also reveal credentials along with personal or financial information. If the message refers to an organization or company, it is better to go directly to their web pages and access the information or process there.

The scam pretends to be a decathlon so that the alleged gift of a bicycle is believable.
The scam pretends to be a decathlon so that the alleged gift of a bicycle is believable.
screenshot of fake website

When the user believes he has fallen into a phishing attack, he should notify his company’s system administrator or technical support of the service he is using with his personal account, so that he can reset his password and may indicate further steps. to follow.

Control beyond username and password

Technology should essentially provide the first line of defense. Multi-factor authentication (MFA) is an important preventive control that complements the username and password model with another factor that the user has, such as a virtual token with a validity of seconds on their mobile phone that allows you to securely Allows access from your account.


The labor market needs an ICT profile that meets the demand of companies.

While MFA has helped many organizations control credential phishing over the years, ultimately, we are seeing it as a potentially fraudulent measure in a cloud-based environment, hence the need to add additional layers of security, account Focusing on compromise detection and improvement.

In what sense, CASB solutions enhance security by providing visibility into attacks targeting people. They combine threat intelligence from the cloud, email and other channels with relevant data about users to analyze user behavior and detect anomalies in cloud-based applications.

Users can thwart cyber threats

Francisco Valencia of Secure & IT explains that there is a dearth of cyber security positions in Spain,
Francisco Valencia of Secure & IT explains that there is a dearth of cyber security positions in Spain,
Kevin Cuvia Unsplash

While there is no magic formula to be 100% effective at blocking threats, a really important step is to put people at the center of any cyber security strategy.

Raising user awareness has become the best defense against most threats. If there is one thing we are sure of, it is that cybercriminals are not going to give up their efforts to exploit people’s vulnerabilities, launching highly selective and proven attacks to seize their targets.


Avast claims that it has protected over 100,000 users from this malware.

When you understand the methods and motives behind cybercrime, you can work to change user behavior and take protective measures to limit attackers’ chances of success.

Still, it never hurts, nor is it always a bad time to be warned of the dangers that exist. Identity theft and credential theft among users.

basic tips

As a basic tip, Never enter personal dates, family names, common or recurring words in the password, Use a different one for each platform the user uses; And renew them periodically, for example, twice a year in personal accounts. The more aware people are about these dangers, the better they can contribute to their eventual failure.

Sign up for our newsletter and receive the latest tech news in your email.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button