Jump directly to the content

SMARTPHONES owners are being warned over a type of cyber-attack that preys on a painfully common password mistake.

The attack is called "credential stuffing", and cybersecurity experts say it's easy to avoid – but too few people are using the right settings.

Ensure you're not making a common password mistake
3
Ensure you're not making a common password mistakeCredit: Alamy

It exploits bad password habits, and strikes multiple accounts at once.

Now cybersecurity giant Kaspersky is warning users over how the attack works – and what you need to do to stay safe.

"A credential stuffing attack is one of the most effective ways to take control of accounts," said Kaspersky's Alanna Titterington.

"This attack preys on the unfortunate habit that many people have of using the same password for multiple services – sometimes even relying on a single password for everything.

"As a result, attackers inevitably succeed in hijacking accounts with passwords that victims have used on other platforms."

STUFFED!

The passwords in the hacker databases will typically come from three sources.

They might be stolen through fake websites or phishing emails.

Or they could have been "intercepted" using malware installed on the devices of victims.

Most read in News Tech

Putin warns he could strike British targets after new hypersonic missile launch
VLAD THREAT

Putin warns he could strike British targets after new hypersonic missile launch

Brit, 28, becomes fifth to die after 'drinking fake booze' on holiday
BOOZE TRAGEDY

Brit, 28, becomes fifth to die after 'drinking fake booze' on holiday

Holiday warning as 5 killed including Brit lawyer in 'fake booze poisoning'
BOOZE WARNING

Holiday warning as 5 killed including Brit lawyer in 'fake booze poisoning'

Ashley Cain set to become a father again after tragic loss of daughter
baby joy

Ashley Cain set to become a father again after tragic loss of daughter

And another common source is when a website or app has a major breach that leads to passwords being leaked.

Passkeys Your Key to a Safer Digital World

For instance, Kaspersky notes a 2013 Yahoo breach that led to three billion accounts being leaked.

One thing working in your favour is that having complicated passwords can help.

"It’s important to note that services typically don’t store passwords in plain text but use so-called hashes instead," the Kaspersky memo explains.

"After a successful breach, attackers need to crack these hashes. The simpler the password, the less time and resources it takes to crack it.

Re-using passwords can be tempting if you're sticking to long and strong passwords – but don't risk it
3
Re-using passwords can be tempting if you're sticking to long and strong passwords – but don't risk itCredit: Apple

"Therefore, users with weak passwords are most at risk after a data breach."

But even very strong passwords can still be cracked given enough time.

SAFETY FIRST!

So the main defence against credential stuffing is to make sure that you never use the same password twice.

A password manager – like the iPhone's iCloud Keychain – can keep you safe
3
A password manager – like the iPhone's iCloud Keychain – can keep you safeCredit: Apple

That might sound difficult if you're also trying to follow the rule of only using long and complicated passwords.

Consider using a password manager, which can store and even generate strong and unique passwords for all of your app log-ins.

That way, you don't have to manually remember the passwords – and you'll be safe from credential stuffing attacks.

Many password managers now even warn you if your log-in has been caught up in a breach or is being re-used.

Phone scam statistics

Americans are bombarded with three billion spam phone calls a month. What are the figures regarding the number of victims and the amount of money lost to fraudsters

  • In 2022, Americans lost some $39.5 billion to phone scams, with 68.4 million US citizens affected, according to TechReport.
  • The average phone scam victim lost $567.41 each in 2021, a major rise on the 2021 figure of $182 per victim, according to Hiya.
  • The majority of scams happen over the phone, with fraudsters twice as likely to call compared to text in 2021, as reports the Federal Trade Commission (FTC).
  • In 2021, the US saw a 56% increase in spam phone calls with 60% of those being robocalls.
  • US residents experienced an average of 18 spam phone calls per month, although some experts believe the true figure may be as high as 31 per month.
  • Many phone calls from reputable businesses may be marked wrongly as spam, but 38% of companies have no idea whether they’re being marked as “potential fraud” or not, according to Hiya.
  • Never hand over any personal or financial information if you suspect a phone call is a scam. For instance, your bank will never ask you for such details in full over the phone. 
  • To cut down on spam phone calls and scams, sign up for the Do Not Call Registry. Telemarketers, by law, will need to check that list before they call you up.
  • Downloading third-party apps such as Hiya, Nomorobo, or Truecaller can help filter out annoying spam calls.
  • Try not to share your phone number unless you have to, especially online or with sketchy sources.

If you've got an , you can take advantage of the built-in iCloud Keychain on iOS.

And phone owners can try the Google Password Manager instead.

READ MORE SUN STORIES

TUNE IN

Freeview watchers warned of nine major changes coming to TVs across the UK TODAY

PAY OUT

Major update to car finance compensation scandal

Additionally, make sure you've got two-factor authentication set up on all of your accounts.

If logging in requires a text or authenticator code, it'll prevent crooks who have obtained your password from logging in.

Topics
YOU MIGHT LIKE
RECOMMENDED FOR YOU
MORE FOR YOU