Ways to prevent your account from being hacked

With the increasing number of online accounts, mobile apps and home security cameras, 消费者应该意识到这种便利技术带来的潜在风险. Home security camera owners have reported unsettling incidents, 从相机上的声音错误地警告导弹袭击到黑客通过相机扬声器与孩子交谈. 

So how are hackers getting in? According to Digital Shadows在美国，在暗网上可以找到越来越多的被盗凭据——大约有240亿个. 黑客利用这些受损的凭证试图登录其他数字服务, such as home security cameras or even baby monitors — and because 超过66%的人在多个网站和账户上使用相同的密码, attackers have found it to be fairly effective.

What is credential stuffing?

网络犯罪分子试图使用一种称为凭证填充或密码填充的网络攻击方法登录并窃取帐户信息. 黑客使用机器人和过去数据泄露中受损的凭据集合, such as usernames and passwords, to inject the data into login forms. 该机器人因其自动化和大规模而被用于访问各种网站或移动应用程序的多个帐户. 这些自动化工具使黑客能够更有效地快速找到易受攻击的账户.

According to Akamai, a content delivery and cloud service, 193 billion login attempts were detected in 2020. 虽然金融服务是主要目标，但社交媒体网站、在线商务和 streaming platforms also experience this threat.

How can I avoid becoming a victim of a credential stuffing attack?

• Check if your credentials have been compromised. Visit haveibeenpwned.com to help determine if your account or password were part of a breach. If you haven't already, 更改任何使用可能已泄露密码的帐户的密码.
• Use a unique, strong password everywhere. 最好是12-15个字符，并包括大写字母的组合, numbers and special characters. A password manager can help generate these passwords for you. It stores them all in one encrypted location, and can automatically insert passwords when you log into sites.
• Use Multi-Factor Authentication (MFA) when possible. 只有在提供两个或更多证据后才能访问——通常是一个密码和通过电话发送给用户的生成代码, text or email during login.

How can I protect myself from extortion attempts?

In addition to hacking into users' accounts, 不法分子越来越多地利用窃取的凭证进行敲诈勒索. 收到一封声称是使用你的证书入侵你电脑的人发来的电子邮件并不罕见. 电子邮件通常会附上你的密码，作为他们侵入你账户的证据, and demands a ransom paid in Bitcoin.

The 美国联邦调查局(FBI)互联网犯罪合规中心(IC3) 2021年报告了39360起勒索诈骗，损失总额超过6000万美元. Here are some ways to help protect yourself:

• Do not open email or attachments from unknown individuals.
• 定期监控你的银行账户对账单和信用报告，至少每年一次，以防任何欺诈活动.
• Do not reply to unsolicited email senders.
• 不要在网上或移动设备上存储或分享自己的敏感或尴尬照片.
• 使用强而复杂的密码，不要在多个网站使用相同的密码.
• Never provide personal information of any sort via email. 要知道，许多要求你提供个人信息的电子邮件似乎是合法的.
• 确保打开社交媒体账户的安全设置，并将其设置为最高保护级别.
• 通过验证URL前缀是否包含http来验证合法网站的web地址, 或者状态栏会显示一个“锁定”图标——然后在浏览器中手动输入地址.

New data breaches are making headlines on a regular basis, 只要人们在多个网站和应用程序中使用相同的密码, attackers are likely to keep targeting this type of information.

没有人想成为网络攻击或网络勒索的受害者，但你可以帮助保护自己 State Farm® Identity Restoration Insurance.