Paul's Insights: The danger of stolen data
There was a time when crooks made off with television sets or jewellery - items that were easy to cart off and hock around town. These days, they focus on far more transportable stuff, like details of our personal accounts. And it's an all too lucrative business.
- {{x.value}}
{{ twilioFailed ? 'SMS Code Failed to Send…' : 'Enter your SMS code' }}
A text message with your verification code was just sent to {{user.DayPhone}}
We cannot send you a code via SMS to {{user.DayPhone}}
Hi {{ user.FirstName }}, please provide your mobile number.
{{ content.trialHeading.replace('{0}', user.FirstName) }}
We'll send you a text message with a verification code to start your free {{ '0' == '1' ? 'Eureka Report' : 'Intelligent Investor' }} 15-day trial.
{{ content.upgradeHeading.replace('{0}', user.FirstName) }}
The email address you entered is registered with InvestSMART
Please login to continue
We have sent you an email with the details of your registration.
Looks you are already a member. Please enter your password to proceed
{{ upgradeCTAText }}
Updating information
Please wait ...
Your membership to InvestSMART Group recently failed to renew.
Please make sure your payment details are up to date to continue your membership.
Having trouble renewing?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
You've recently updated your payment details.
It may take a few minutes to update your subscription details, during this time you will not be able to view locked content.
If you are still having trouble viewing content after 10 minutes, try logging out of your account and logging back in.
Still having trouble viewing content?
Please contact Member Services on support@investsmart.com.au or 1300 880 160
Please click on the ACTIVATE button to activate your Eureka Report 15-day free trial
Please click on the ACTIVATE button to activate your Intelligent Investor 15-day free trial
Please click on the ACTIVATE button to finalise your membership
Unsuccessful registration
Registration for this event is available only to Eureka Report members. View our membership page for more information.
Registration for this event is available only to Intelligent Investor members. View our membership page for more information.
- You are already registered for this event.
- This event is already full.
- Please select a quantity for at least one ticket.
- {{ i }}
Forgotten password
Please enter your email address below to request a new password
- Indepth analysis of ASX listed shares
- BUY, Hold and Sell Recommendations
- Ideas Lab
- Special Reports
- Alan Kohler’s Weekend Briefing
- Interviews with CEO’s & top influencers
- Money Cafe and Talking Finance
- Super Advice and Q&A with Ask Alan
Mention cyberattacks, and we often think of dodgy malware that infects entire computer systems. But for cyber-crims, malware is yesterday’s news. ‘Credential stuffing’ is the latest trend among cyber-thieves.
In mid-March the Australian Federal Police arrested a Sydney man who had allegedly made $300,000 selling account details including email addresses and usernames for subscribers of various websites.
The man is believed to have got hold of these details through a process known as credential stuffing.
In simple terms, credential stuffing involves a hacker feeding thousands or millions of stolen username and password combinations (obtained on the black market) into multiple websites to see if any of the details match a live account.
If the hackers are able to log in successfully, they can pull out personal information to sell on the dark web. Long story short, it can open the door to identity theft, or worse, having your bank account cleaned out.
There’s not much companies can do to combat credential stuffing – hackers aren’t trying to break through security systems, they’re just entering login details from other websites.
Consumers are vulnerable to these attacks because of our habit of using the same password across multiple sites. A 2018 US study found 52% of consumers use the same or very similar passwords for different sites and services.
How can you protect yourself from these attacks?
The most important step is to use distinctly different password and username combinations for all your online accounts. If one company you have an account with experiences a data breach, all of your accounts that share the same username/password combination could be in jeopardy.
If you have a lot of online accounts, which many of us do nowadays, consider a password manager to help you keep track of the details.
Where two factor authentication is offered, take advantage of it. This is where you enter a password plus a code that your service provider sends via SMS. Plenty of banks are offering two factor authentication, and it can provide additional protection in the event of a network attack.
It’s also worth paying attention to news of major data breaches. In February, Dunkin Donuts in the US reported a credential stuffing attack. A few weeks earlier social site Reddit was breached. If a company you have an account with experiences a data breach, do not waste time in changing your passwords.
Paul Clitheroe is Chairman of InvestSMART, Chairman of the Australian Government Financial Literacy Board and chief commentator for Money Magazine.
