Monday, June 18, 2012

Why Cyber Criminals want Your Password

Jake Nonnemaker, Axicom CEO
Following is a  re-post from CEO Tech Blog, by Jake Nonnemaker, CEO/Founder of Axicom:

"Gaining your password is the Golden Ticket to a cyber-criminal.  But why would they want your password?  Some people think that they have nothing valuable that a criminal would want so they use weak, convenient passwords.  The truth is that you have valuable treasure sitting in your inbox.

Your Email is a Gateway to Criminal Riches

You may think that it is ridiculous that a criminal wants access to your email account.  After all, your mailbox only contains some bad jokes, chain letters, and a ton of spam.  Wrong!  Don't you remember that bill reminder from your bank? If a cyber-criminal gets access to your email, they now know where you bank.  But that's okay, because your online bank account is protected by personal security questions that you only know the answers to, like your mother's maiden name, your high school mascot, or your favorite movie, right?

But wait, the criminal has full access to your mailbox so it's not much of a problem to go to Facebook and request a password reset which sends a reset code to your mailbox.  By creating a new Facebook password, the criminal now has full access to your Facebook account and can view the names of your family members, your high school you attended, and favorite books and movies.  That means that they could easily ascertain your mother's maiden name, your high school mascot and your favorite movie.  That information could allow them to access your online banking account information.

If the cyber-criminal has access to your  bank account, they can use the bill pay to send themselves a check or transfer money to one of their disposable online accounts like PayPal.  Cyber-criminals can use the same techniques to access your online credit card account and download your latest bill which contains the full credit card number.
Other Mailbox Gems

Another gem for a cyber-criminal who has access to your mailbox, is your Social Security Number (SSN).  Maybe you sent a copy of your tax return or tax prep organizer or a completed credit application, to your bank, mortgage broker, a product vendor or tax preparer.  Or you may have emailed your SSN to your spouse for one reason or another.  Perhaps you one time sent or received a copy of your credit report.  If your SSN is anywhere in your mailbox, a cyber-criminal with access to your mailbox will find it.

With your SSN, personal address, phone number and other contact info, mother's maiden name, a cyber-criminal can open up credit card accounts or bank loans in your name and start running up charges.

With access to your mailbox, they can download your address book which has the names, addresses, phone number and email addresses of all your friends and family.  These are great leads for a cyber-criminal's next victim.

Cautious Passwords

One needs to exercise much caution and forethought when choosing a password for their mailbox and Facebook.  See your mailbox through the eyes of cyber-criminal as a treasure chest and toolbox to do evil.

Your best protection is to use a long password of 12 characters or more using a complex mix of letters, numbers, and/or special characters. Plus it must be remember.  The technique I prefer is to use a phrase and substitute special characters for the spaces.  Here are some examples:


This password technique will foil most tools used by cyber-criminals, namely guessing and dictionary attacks.  They will be forced to use a brute force hack or rainbow tables.  Both techniques will be impractical because it will take too much computing power, storage and time to crack your password and they will move on to easier targets."


Post a Comment