When you’re shopping on so many different websites, it’s tempting to just use the same username and password for everything. After all, who can remember 20 different login credentials? However, when you use the same login information for all of your online accounts or don’t update your passwords regularly, you might be susceptible to cyber-attacks.
The amount of data we share online makes for an inviting target for cybercriminals. We’ve talked before about how to spot a fraudulent email and common scam tactics that con-artists use to attempt to trick you into handing over personal information. Though with the sheer amount of data breaches that occur every year, sometimes your information is compromised before you even realize it.
Credential Stuffing: What It Is And Why You Should Care
In the first three months of 2019 alone, there were over 1900 reported data breaches worldwide.1 One trend that has emerged from these incidents is a significant increase in an attack called credential stuffing. Basically, what happens is a cybercriminal acquires a large number of usernames and passwords from a data breach. The criminal then tries to use all of the login information they’ve stolen to fraudulently gain access to your accounts on multiple websites.
A common result of credential stuffing is an account being locked out. The attacker may have the correct username but incorrect password, attempting the combination until the account locks for security purposes.
So why would a criminal want access to your online shopping history or bill payment accounts? Well, in the case of an online retailer, think about all of the information you store on your digital account with them: Your name, address, phone number, credit card information, transaction history, and more. Cybercriminals might use this information to attempt to make purchases on your account or on another website.
Password Change Reminders
If you hear that a large-scale data breach occurred at a company that you frequently shop at or use for your email account, change the username and password for your account right away. You’ll probably be contacted by the company soon and asked to do the same thing anyway. And don’t use a similar password or the same login information that you use elsewhere. While it might be convenient to use the same username and password for multiple online accounts, it also increases the chances of many of your accounts being compromised at the same time.
Quick Tip: Set a reminder every few months to review your online accounts. Consider changing your passwords at the same time.
How Can You Keep Your Information Safe?
Take a few extra precautionary measures when shopping online or signing in to any accounts. We interviewed the Security Team here at Lake Trust to learn more about how to keep your personal information safe online. Here are some tips easy tips they shared with us that you can use to help you and your online accounts from becoming a victim to credential stuffing:
Be Unique. Use a unique username and avoid using your email addresses or account number, if possible.
Stay Strong. Use a strong, unique password with a minimum of 10 characters. Mix the type of characters, numbers, and special symbols.
Get A Password Manager. Consider the use of a password manager. Password managers can help create and maintain strong passwords, and some even come with alerts to let you know when you should change your password.
Be On Alert. Enable login notifications via text message or email to monitor for suspicious account activity.
Double Security. Enable two-factor authentication, especially on critical accounts like your email and social media accounts. This extra step to log in often thwarts attackers who successfully obtain both the correct username and password.
Keep A Secret. NEVER give out your Online Banking login information. There is no reason for anyone other than you to have your login credentials.
Be Our Guest. When shopping online, checkout as a guest (especially if you don’t shop at the site very often). Use your digital wallet to make purchases.
Remember that we’re always here to answer your security questions. If you find yourself unexpectedly locked out of your Online Banking account, please call us immediately at 888.267.7200.