Passwords are typically stolen during what’s called a phishing attack.
Phishing emails are malicious emails sent by criminals attempting to compromise your personal information. They often appear to be legitimate, so beware!
Most phishing emails are disguised as messages from an authoritative entity asking you to visit a website and enter personal information. These websites are set up to gather personal details, which they can then use to hack into your accounts and commit fraud. Some links and attachments in these emails contain malicious software, known as malware, which will install itself on your computer. Malware then collects data such as usernames and passwords.
Another way passwords are stolen is simply due to the face that some people use weak passwords. If it’s easy to guess your password, then you have put yourself at greater risk of suddenly becoming a victim.
So, how do you stop someone from stealing your password?
First you will need to be aware of what real websites look like so that you know what false ones look like. If you know what to look for, and are suspicious by default each time you enter your password online, it will go a long way in preventing successful phishing attempts.
Each time you get an email about resetting your password, read the email address it’s coming from to make sure the domain name is real. It usually says “firstname.lastname@example.org”. For example, “ITsupport@YouBank.com” would indicate that you’re getting the email from YourBank.com.
However, hackers can spoof email addresses too. Therefore, when you open a link in an email, check that the web browser resolves the link properly.
If you open a link that appears as “YourBank.com” and the link changes to “SomethingOtherThanThat.com, then you need to exit the page immediately.
If you’re ever suspicious, just type the website URL directly into the navigation bar. Open your browser and type “YourBank.com” if that’s where you want to go. This way you can ensure that you are on the legitimate website, and not a fake one.
Another safeguard is to set up two-factor authentication (if the website supports it) so that each time you log in, you not only need your password but also a code. The code is often sent to the user’s phone or email, so the hacker would need not only your password, but also access to your email account or phone.
If you think someone might steal your password using the password reset trick mentioned above, either choose more complex questions or simply avoid answering them truthfully to make it nearly impossible for a hacker to guess. Simple passwords need to be avoided, it’s that simple. If you need help remembering your complex passwords, you can store your passwords in a free password manager.
It is always advisable to store sensitive information like your credit card or bank details, within online accounts that are hosted by companies you trust. For example, if an odd website that you’ve never purchased from before is asking for your bank details, you might think twice about it or use something secure like PayPal or a temporary or reloadable card, to fulfill the payment.
When in doubt, don’t click. Legitimate organizations will not ask you to disclose personal data via email.