What is credential stuffing?
It’s a form of cyberattack that’s on the rise. Rather than your personal information, fraudsters target your online login credentials.
“Credential stuffing is a way to hack your online accounts. Stolen login credentials are reused in an attempt to log into different websites, in case people have used the same passwords more than once – which unfortunately happens often,” explains Marc-André Gagnon, Advisor, Cyber Threat Intelligence at the National Bank.
Fraudsters will even go so far as to automate their login attempts until they manage to find one or more winning combinations. This will allow them to steal your identity across various accounts, change your passwords and complete transactions, for their own purpose, under your name.
Who could be targeted?
“No one is safe from credential stuffing. People are wrong to think that fraudsters wouldn’t be interested in them,” adds Marc-André Gagnon. “There is interest in all data. Fraudsters aren’t interested in who you are; they’re interested in your identity. And the more an identity is used across the board, the more coveted it will be. Fraudsters want credentials that won’t attract attention when they try to open a phone account, or to resell them on the dark web, for example.”
The dark web is the part of the Internet the general public has little access to. It’s where illegal goods, such as weapons and drugs, are sold. If you’re not careful enough, your personal information could go up for sale there too.
How can I protect myself?
Rest assured, there are simple ways to protect yourself against credential stuffing.
Avoid reusing the same password. You should use a different password for each website and each platform. “It’s a really effective way to protect yourself,” confirms Marc-André Gagnon.
“These days it may seem difficult, because we all have so many accounts. That’s what password managers are for. They’re handy and easy to use: you choose a master password, and the manager memorizes the passwords for each of your accounts.”
Finally, make sure your inbox is safe by using two-factor authentication. “It’s a good way to strengthen your account security. It’s more likely to dissuade criminals. Enabling this option for your accounts should protect you by directing fraudsters elsewhere,” adds Marc-André Gagnon.
Credential stuffing isn’t the only cyberattack on the rise. Learn more about phishing and find out how to protect yourself. The more understand how fraud works, the better you’ll be at protecting yourself.
Several measures exist to protect you from fraud.