Hackers Steal Nearly 250K Passwords a Week Just by Asking for Them

In the fight against cybercrime, highly-skilled IT experts work ‘round the clock to tackle international hacking groups that wreak havoc on our safety. Hackers have targeted our government and infrastructure, our banking systems, our medical facilities, even our schools, and the “good guys” fight to stay one step ahead.

Unfortunately, it doesn’t take a hacker with unbelievable tech prowess to take down your system. As one new study has found, all it takes is a nicely worded email that tricks you into handing over your information.

Phishing occurs when criminals send out mass messages and try to get you to take the bait. You probably receive phishing emails on a daily basis: Nigerian prince stories, romance requests, “omg you won’t believe this picture I found of you!” and more. Those are usually easy to spot and even easier to ignore, but not all phishing messages are so obvious.
Creating a message that looks like it comes from a legitimate source such as your bank or your favorite online retailer only takes a few seconds of cutting and pasting their logos. If the scammer can get your attention—“Regarding the Fraudulent Charges on your Account” or “Your Account Has Been Suspended,” or some other scary subject line—and get you to click the link or input your username and password, then they’ve got you.

According to joint research by Google and UC Berkley, the slightly more sophisticated phishing attacks result in about 250,000 stolen usernames and passwords every week. That means that individuals handed over their login credentials to a hacker who simply asked for them, thousands of times a day.

So how do you fight back against the easiest cybercrime of them all? The first step is to recognize the threat. No one should ever contact you and ask you to verify your login credentials, your account number, your password, or any other sensitive information. If they do, break the communication and reach out to the company directly using a verified contact method.

That’s it…it is really that simple to avoid phishing attempts by developing good habits. Never click a link, open an attachment, or download content that you weren’t expecting. Never enter your account login information in a form that someone sent to you. Never provide your password or account information to someone who requests it.

But what if the message was real? After all, Amazon or PayPal or any other online entity could certainly warn you about an issue with your order or your account. Just get out of the message without clicking anything, then go directly to that retailer’s website and log in. From there, reach out to customer service if you still can’t tell that your account is safe and everything is okay.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: Your Social Media Posts Can Lead to Theft

Pin It

Article Archives


ITRC Sponsors and Supporters 





Go to top


The TMI Weekly

Breaches here, identity theft there and invasions of privacy everywhere... Should you be worried and, if so, how can you protect yourself? Sign up now to receive The TMI Weekly and get the latest hot topics in identity theft, data breaches and privacy and helpful information on how to protect your information.