Credential Theft
Article
Tracking #600555
Exp. 07/2027
Description
Social engineering continues to be a problem and as bad actors continue to evolve their attack methods, credential theft is a popular tactic used to steal usernames or passwords. Credentials are the log in information and user authentication data that allows access to a system or service. It is important to secure your credentials and protect your accounts from these bad actors.
How do these attacks work?
Credentials can be obtained via social engineering with bad actors using tactics like phishing or spear phishing to execute these attacks. Once credentials are stolen, bad actors gain access to accounts to locate information for fraud. This could lead to a loss of funds with bank accounts and credit cards. There is also the possible exposure of personally identifiable information (PII).
Credential Theft Methods:
- Phishing
- Emails with malicious intent disguised as legitimate used to trick a user into divulging sensitive information like credentials. An example of this is a email from your bank asking you to make immediate changes in your account. When you click on the link it leads to a fake log-in screen for your bank. When you try to log-in they capture your credentials and can gain unauthorized access to your account.
- Week Passwords
- Having week passwords makes your account more susceptible to unauthorized access. It is important to have a long and complex password, avoid repeating passwords, and don’t use any personal information in your password.
- Man-in-the-middle attacks
- A Man-in-the-middle attack occurs when a bad actor intercepts or overhears a conversation between two parties, therefore eavesdropping on any sensitive information or password sharing.
How to prevent Credential Theft?
We’ve included some best pest practices for protecting yourself and your office:
- Never click on links or open attachments from unknown sources.
- Enroll in LPL’s Phishing program and use the button to report emails for review.
- Keep all systems up to date.
- Create long and complex passwords.
- Utilize a password manager.
- Enable multi-factor authentication on accounts.
- Never allow remote access to your devices.
I think I may be a Victim of Credential Theft. What Should I Do?
- Stop all communication. If you are in contact with a scammer, cease communication immediately.
- Report the incident. You can file a complaint with the FTC on their website.
- Protect your identity. Monitor your financial accounts, credit reports, and any other sensitive information for signs of unauthorized access and activity. With most accounts, you can place a fraud alert or a credit freeze to prevent further compromise.
- Document the incident. Keep any record of communication and documentation related to the scam. This can be extremely useful when reporting the incident and resolving any issues with authorities.
Additional Considerations |
|
If a scammer accessed your accounts… |
Immediately change all passwords associated with the scam. Ensure the new password is strong and do not reuse passwords. Enable Multifactor Authentication (MFA) on all accounts. |
If a scammer has access to financial information… |
Contact your bank or credit card company immediately. They can help monitor your accounts for suspicious activity. |
If a scammer has your social security number… |
Place a fraud alert and initiate a credit freeze on your credit reports by contacting one of the three major credit bureaus. Additionally, file a report with the IRS and your bank so that they can protect your identity and monitor your accounts. |
This material is for general information only and is not intended to provide specific advice or recommendations for any individual. This material was prepared by LPL Financial, LLC