Six ways to steal your password

Six ways to steal your password


20 September 2022

One of the most bothersome issues in the digital age is password breaches. At first look, it could appear to be of no consequence if someone learns the password to an antiquated email account that is inactive and contains nothing of value.

But then you realize that this email, which is now in the hands of cybercriminals, is connected to your social network accounts in addition to your banking information and other apps. Such a breach can be extremely stressful for your friends, family, and coworkers in addition to the pain of losing money and data; after all, a hijacked account could be used to send phishing or scam e-mails in your name to everyone you know.

In this article, we'll go through ways to prevent the possibility of your credentials leaking and how they might be stolen. There are high-tech solutions specifically created to avoid leaks, which frequently manage dangers far better than the naked eye. Sure, caution and alertness play a huge role in it.

Trojan stealers

Once on your device, these covert spies typically don't make any audible noises. After all, the more of your data they can collect and give to their controllers, including passwords for gaming or banking apps, the longer they go undetected.

If you open a malicious file emailed by another user, downloaded from a website, or copied from external media, a Trojan can infiltrate your computer or smartphone. Keep in mind that any executable file downloaded from the internet could be a trap.

However, even files that appear to be non-executables should be handled carefully. Criminals use infected files disguised as photographs, videos, archives, papers, etc. to try to trick their victims, and they frequently succeed. For instance, they could alter the icon or create a filename that imitates a safe format. Additionally, even a standard Office document can become a trap in some circumstances because a malicious script in the document can take advantage of a flaw in the tool you use to open it.

So, in order to stop these leaks, we advise using a security program that can identify and stop spyware Trojans. When you utilize Kaspersky, you have access to:

  • Mail anti-virus disables risky links and attachments in emails
  • File anti-virus searches the contents of your device and any attached media to find malicious files


The objective of phishing emails, which come in a variety of formats, is always to fool you into visiting a false website and entering your credentials. It could be a notification that your bank account has been suspended or an introductory offer to join an online movie theater. Yet, it may be a phishing link sent to you by a trustworthy friend, a potential Amazon customer, a hot stranger on Tinder, or even a stranger you know well (if their e-mail was hacked by scammers).

In this circumstance, the conventional advice is to carefully examine the URL because some phony websites will have an extra letter in the address or a duplicate domain name, for example. That, however, is not always helpful because today's fraudsters are skilled at disguising their fakes. In a browser-in-the-browser attack, for instance, you might see a phishing site with a real URL.

Therefore, it's preferable to be careful and utilize a security solution that detects and alerts you to phishing assaults. This is taken care of in your Kaspersky program by:

  • Safe Browsing scans the website content for hazardous elements
  • URL Advisor checks the URL against a cloud database of risky websites.

Browser Attacks

Passwords are frequently stolen through extensions or browser flaws. In the first scenario, malicious code placed on a web page infects your device with spyware. In the second, a malicious script that poses as a useful browser plug-in is installed by you. Following that, this script routes all traffic through a hacker proxy server when you visit, let's say, a bank website, leaking your credentials in the process.

  • Kaspersky's Safe Money function offers defense against such assaults. When you visit online shops, banks, or make purchases using online payment systems, Protected Browser mode is automatically enabled.

Public Wi-Fi

If you're utilizing unprotected or outdated WEP-protected Wi-Fi, attackers can also intercept data (including passwords) flowing over the network. A further variation is when a hacker creates a public Wi-Fi hotspot with a name that seems like an already established network (usually belonging to a nearby cafe, hotel or business center). By connecting to the bogus hotspot, the careless user sends all of their internet traffic directly to the online crooks.

By carefully scrutinizing network names, avoiding dubious access points, and preventing automatic connection to Wi-Fi, you can prevent such leaks. Even better, make sure that all of your communication is encrypted so that even if you do connect to the incorrect hotspot, anyone listening in won't be able to see what or where you are transmitting data.

  • In the privacy settings section of your Kaspersky software, you can enable VPN Secure Connection. Take note that limitless VPN traffic is included with the Plus and Premium subscriptions.

Passwords All Around

Of course, there are also some who write their passwords on sticky notes and other pieces of paper and then leave them where anyone walking by may see them. Be different from them. Additionally risky are writing passwords inunsecured text files on your PC or smartphone or saving passwords for autofill in the browser.

What should one do instead? After all, infosec professionals often harp on the importance of using secure passwords that are impossible to guess. Additionally, they never stop preaching the need of never using the same password more than once because doing so would give hackers access to more of your personal information. Is building a memory palace chock-full of lengthy, complicated passwords the answer, then? But not many people possess such a talented mind.

Using a password manager with robust encryption is a simpler choice. Enter all of your login information, remember just one master password for the vault, and enter all of your other credentials.

  • Password Manager in your Kaspersky application offers this secure vault. Whatever you do, avoid sticking a sticky note to the monitor with your master password on it!

    External Leaks

    The aforementioned tips are all about keeping passwords secure on your end, but external internet services, such as online shops, social networks, cryptocurrency exchanges, or any other resource requiring login verification, frequently have password leaks. Cybercriminals get access to a sizable user database as well as passwords and other personal information by hacking such a site.

    The operators of these websites are also not always eager to report hacks. Your data is being disseminated or sold in the meantime on the dark web. Information security professionals keep an eye on the release of these databases and alert consumers.

    As always, use caution because these so-called "experts" could also be swindlers. This is a typical phishing scheme: the user is informed of a purported leak and urged to click on a link to a website that requests their login information ostensibly for verification, at which point their password is actually taken.

    • A service provided by your Kaspersky application allows you to determine whether a leak actually occurred or not. Its name is Data Leak Checker, and it may be found there under Privacy. It enables you to see if your email has been identified in a stolen database someplace. If so, you will be given a list of the sites with data leaks, information about the data that was made public (personal, banking, internet activity history, etc.), and suggestions for what to do next.

      View them all