the types of password attacks? What can a systems administrator do to protect ag
What are the types of password attacks? What can a systems administrator do to protect against them?
Password attacks are one of the most common forms of corporate and personal data breach. A password attack is simply when a hacker trys to steal your password. In 2020, 81% of data breaches were due to compromised credentials. Because passwords can only contain so many letters and numbers, password are becoming safe . Hackers know that many passwords are poorly designed, so password attacks will remain a method of attack as long as passwords are being used.
Protect yourself from password attacks with the information below.
1. Phishing
Phishing is when a hacker posing as a trustworthy party sends you a fraudulent email, hoping you will reveal your personal information voluntarily. Sometimes they lead you to fake "reset your password" screens; other times, the links install malicious code on your device.
Here are a few examples of phishing:
- Regular phishing. You get an email from what looks like goodwebsite.com asking you to reset your password, but you didn't read closely and it's actually goodwobsite.com. You "reset your password" and the hacker steals your credentials.
- Spear phishing. A hacker targets you specifically with an email that appears to be from a friend, colleague, or associate. It has a brief, generic blurb ("Check out the invoice I attached and let me know if it makes sense.") and hopes you click on the malicious attachment.
- Smishing and vishing. You receive a text message (SMS phishing, or smishing) or phone call (voice phishing, or vishing) from a hacker who informs you that your account has been frozen or that fraud has been detected. You enter your account information and the hacker steals it.
- Whaling. You or your organization receive an email purportedly from a senior figure in your company. You don't do your homework on the email's veracity and send sensitive information to a hacker.
To avoid phishing attacks, follow these steps:
- Check who sent the email: look at the From: line in every email to ensure that the person they claim to be matches the email address you're expecting.
- Double check with the source: when in doubt, contact the person who the email is from and ensure that they were the sender.
- Check in with your IT team: your organization's IT department can often tell you if the email you received is legitimate.
Trending now
This is a popular solution!
Step by step
Solved in 5 steps with 4 images
