A compromised account is an account that has been accessed without the owner’s permission. Compromised accounts can happen for a variety of reasons including public data breaches, using weak passwords, failure to enable Multi-Factor Authentication (MFA) on online accounts, falling for phishing scams or having malware unknowingly installed on your device.
Continue reading to learn more about compromised accounts and tips to prevent your accounts from being compromised.
How Do Online Accounts Get Compromised?
Accounts get compromised due to public data breaches, using weak passwords, not enabling MFA on online accounts, falling for phishing scams or having malware installed on your device.
Public data breaches
A public data breach happens when a company you have an account or service with has its customers’ Personally Identifiable Information (PII) exposed. Depending on what the company stores, information that is exposed in a data breach can vary. For example, data breaches can expose user login credentials, birthdates, full names, home addresses, Social Security numbers and so on. If login credentials are exposed in a data breach, this can lead to a compromised account.
Using weak passwords
Weak passwords are passwords that don’t follow password best practices. Password best practices require that passwords are at least 16 characters long and use a combination of lowercase and uppercase letters, numbers and symbols. Any password that doesn’t follow this criteria is considered weak. Passwords that are reused or slightly changed, contain personal information, or use common dictionary words and phrases are also considered weak.
Weak passwords can lead to accounts getting compromised because they’re easy for cyber criminals to crack or guess. For example, a password that is six characters long and includes at least one uppercase letter, number and symbol can be cracked instantly with the tools used by cyber criminals, whereas a password that is 16 characters long and includes at least one uppercase letter, number and symbol would take those tools a trillion years to crack.
Not enabling MFA on accounts
MFA is a security measure that adds extra layers of protection to your online accounts when it’s enabled. With MFA enabled, in addition to your username and password, you would also have to provide one or more methods of authentication to prove that you own the account you’re logging in to. Even if a cyber criminal knew or was able to guess your account’s password, MFA would require them to provide additional authentication, which they wouldn’t be able to provide.
When MFA is not enabled on accounts, compromising those accounts becomes a lot easier to do because there’s no additional security protecting the account.
Falling for a phishing scam
Phishing is a cyber attack in which cyber criminals use social engineering techniques to convince victims that they’re someone they know to get them to reveal sensitive information. cyber criminals often pose as companies, friends, family members and even coworkers. In a phishing scam, the goal is to get the victim to reveal sensitive information like login credentials, credit card numbers and more.
This might be done by getting the victim to reply back with the information or getting them to click on a malicious link that leads them to a website that looks legitimate but is actually a spoofed site. If the victim inputs any sensitive information onto the website, they’re essentially handing it over to the cyber criminal without knowing. If they input their login credentials, cyber criminals can use them to log in to their actual online account, leading to account compromise.
Malware is malicious software that can do different things depending on the type that gets installed on your device. For example, keyloggers can track your keystrokes to determine what you’re typing as you’re typing it. Spyware can spy on your device’s screen and even gain access to your device’s microphone and camera.
Malware is typically installed on your device in one of three ways: spoofed websites, phishing emails and messages, and downloading free content on the internet. If malware is unknowingly installed on your device it can lead to multiple accounts being compromised and can also lead to other sensitive information being compromised such as credit card numbers.
Tips To Prevent Having Your Accounts Compromised
Here are five tips to prevent your online accounts from being compromised.
Use strong passwords
Each of your online accounts should have a unique, strong password that cannot be easily guessed or cracked by cyber criminals. Rather than relying on yourself to create strong passwords, use a password generator to help you randomly create them. If you’re worried that you won’t be able to remember these strong passwords, consider using a password manager. A password manager is a tool that aids users in creating, managing and securely storing their passwords. Instead of having to remember multiple passwords, the only password you’ll need to remember is your master password.
Enable MFA on your accounts whenever possible
In addition to strong passwords, it’s also important that you enable MFA whenever possible on your online accounts. Even if your credentials were exposed in a public data breach, MFA would prevent anyone from being able to access your account with only your username and password. Some common methods of MFA you can use include Time-Based One-Time Passwords (TOTP) through a password manager or authenticator application, as well as hardware security keys and biometric authentication.
Avoid insecurely sharing passwords
Insecure password sharing includes sharing passwords through email, text messages and any other form of sharing that can be easily intercepted by unauthorized individuals. Avoid sharing passwords through insecure sharing methods to prevent bad actors from being able to compromise your online accounts.
The most secure way to share passwords and other sensitive information is by using a password manager. Password managers like Keeper Security offer a One-Time Share option in which you can share passwords for a certain amount of time with anyone, even if they don’t have a password manager account. When you use a password manager like Keeper to share passwords, cyber criminals won’t be able to intercept them since Keeper uses zero-knowledge encryption to transform the password into ciphertext (an unreadable format) while it’s in transit; in other words, when it’s in the process of being shared.
Learn to spot phishing scams
Phishing is one of the most prevalent cyber threats and is constantly targeting individuals. To prevent your accounts from being compromised due to phishing scams, you need to learn how to spot them. Here are some red flags that point to an email, text message or phone call being a phishing scam.
- A sense of urgency
- Asking you to provide them with sensitive information
- Urging you to click on a link
- An offer that seems too good to be true
- Demanding an urgent payment
Never click unsolicited links or attachments
Clicking on unsolicited links or attachments can lead to your device becoming infected with malware or it can take you to a spoofed website that looks legitimate but is designed to steal your information. To avoid your accounts becoming compromised, never click on unsolicited links or attachments.
If you receive an email or text message claiming to be a company and they send you a link, instead of clicking on it, navigate to their official website yourself. This can prevent you from clicking on a link that is actually malicious.
How To Know if Your Online Account Is Compromised
Here are the signs that point to one or more than one of your online accounts being compromised.
Unusual login notification: If you receive a notification that someone has logged in to your account, but you haven’t logged in to any of your online accounts, it’s likely that someone else has and your account has been compromised.
Posts you didn’t make on your social media: If you notice that there are posts being made on any of your social media accounts that you know you didn’t post yourself, this means someone has compromised your account.
Emails being sent from your account: If you log in to your email account and notice that there are emails you didn’t send in your outbox it means someone has compromised your email account and is using it to send emails posing as you. These emails can be phishing attempts to get your contacts to send their personal information or click on malicious links.
2FA code requests: If you have Two-Factor Authentication (2FA) enabled on your online accounts and receive a notification for a 2FA code you didn’t request, this means someone is attempting to log in to your account so they can compromise it.
Protect Your Online Accounts From Being Compromised
Having one of your online accounts compromised can lead to your sensitive information also being compromised. You must take the necessary steps to prevent account compromise by using strong, unique passwords for each of your accounts and enabling MFA whenever the option is available.
Investing in a password manager like Keeper Password Manager can help prevent account compromise by aiding you in creating strong passwords and storing your 2FA codes for you. Start a free 30-day trial of Keeper to start securing your online accounts and prevent account compromise.