Are you familiar with credential stuffing? It’s a kind of cyberattack in which fraudsters use hacked credentials and automation to access your online accounts, in order to obtain your logins. This information is then sold to other criminals.
It’s a form of cyberattack that’s on the rise. Rather than your personal information, fraudsters target your online login credentials.
“Credential stuffing is a way to hack your online accounts. Stolen login credentials are reused in an attempt to log into different websites, in case people have used the same passwords more than once – which unfortunately happens often,” explains Marc-André Gagnon, Advisor, Cyber Threat Intelligence at the National Bank.
Fraudsters will even go so far as to automate their login attempts until they manage to find one or more winning combinations. This will allow them to steal your identity across various accounts, change your passwords and complete transactions, for their own purpose, under your name.
“No one is safe from credential stuffing. People are wrong to think that fraudsters wouldn’t be interested in them,” adds Marc-André Gagnon. “There is interest in all data. Fraudsters aren’t interested in who you are; they’re interested in your identity. And the more an identity is used across the board, the more coveted it will be. Fraudsters want credentials that won’t attract attention when they try to open a phone account, or to resell them on the dark web, for example.”
The dark web is the part of the Internet the general public has little access to. It’s where illegal goods, such as weapons and drugs, are sold. If you’re not careful enough, your personal information could go up for sale there too.
Rest assured, there are simple ways to protect yourself against credential stuffing.
Avoid reusing the same password. You should use a different password for each website and each platform. “It’s a really effective way to protect yourself,” confirms Marc-André Gagnon.
“These days it may seem difficult, because we all have so many accounts. That’s what password managers are for. They’re handy and easy to use: you choose a master password, and the manager memorizes the passwords for each of your accounts.”
Finally, make sure your inbox is safe by using two-factor authentication. “It’s a good way to strengthen your account security. It’s more likely to dissuade criminals. Enabling this option for your accounts should protect you by directing fraudsters elsewhere,” adds Marc-André Gagnon.
Credential stuffing isn’t the only cyberattack on the rise. Learn more about phishing and find out how to protect yourself. The more understand how fraud works, the better you’ll be at protecting yourself.
Several measures exist to protect you from fraud.
Any reproduction, in whole or in part, is strictly prohibited without the prior written consent of National Bank of Canada.
The articles and information on this website are protected by the copyright laws in effect in Canada or other countries, as applicable. The copyrights on the articles and information belong to the National Bank of Canada or other persons. Any reproduction, redistribution, electronic communication, including indirectly via a hyperlink, in whole or in part, of these articles and information and any other use thereof that is not explicitly authorized is prohibited without the prior written consent of the copyright owner.
The contents of this website must not be interpreted, considered or used as if it were financial, legal, fiscal, or other advice. National Bank and its partners in contents will not be liable for any damages that you may incur from such use.
This article is provided by National Bank, its subsidiaries and group entities for information purposes only, and creates no legal or contractual obligation for National Bank, its subsidiaries and group entities. The details of this service offering and the conditions herein are subject to change.
The hyperlinks in this article may redirect to external websites not administered by National Bank. The Bank cannot be held liable for the content of external websites or any damages caused by their use.
Views expressed in this article are those of the person being interviewed. They do not necessarily reflect the opinions of National Bank or its subsidiaries. For financial or business advice, please consult your National Bank advisor, financial planner or an industry professional (e.g., accountant, tax specialist or lawyer).