Phishing For Passwords easy as 1,2,3.

October 7, 2009

The big news of the past week has been the large scale security breach of popular email service Hotmail. Last Thursday, more than 10 000 usernames and passwords were posted by an anonymous user on pastebin.com (Hacker leaks thousands of Passwords, Says Site).

What the incident shows is not so much the vulnerability of Hotmail’s servers, however, but how very security un-conscious its users are.

According to this article ‘Hotmail phish exposes most common passwords“:

“The most common single password in the sample of 10,000 purloined Live ID login credentials posted as a text file to developer site PasteBin.com was “123456”, something only marginally more secure than the traditional favourite “password”.”

Nearly half (42 per cent) of the passwords used only lowercase letters, 19 per cent were purely numeric and only six per cent mixed up alpha-numeric and other characters, according to a separate analysisof the data by web application security firm Acunetix.”

In an online world where cyber crime and phishing scams are so prevalent, it is hard to believe that people are still so laissez faire about their online security. I would argue that people still greatly underestimate the dangers posed by online crime.

According to the article “ID Theft has hit 20% of Aussies”

“A fifth of Australians have fallen victim to online identity related crime as criminals use low-tech means like snatching mail to commit the fraud, a report has found.

More than 1.5 million Australians had credit cards illegally copied in the past year, and 1.2 million had bank accounts illegally accessed, the Veda Advantage Identity Crimes Report, conducted by Galaxy Research, showed.”

Research shows it’s Generation X that are the most lax about their security. Perhaps Baby-Boomers are more suspicious online, or use online services such as online banking less frequently because the internet still holds a foreign quality to them. Generation Y are constantly being warned about the dangers of the online world and are more internet savvy – I think you would find Generation Y could detect a phishing scam within moments of looking at an email, while someone a little older might see the name of the corporation they trusted and think nothing of it.

According to the article:

“I think (the 25 to 49 age group) are more casual. I think its some ‘it won’t happen to me’ thinking,” Kirk said. “But if they ask their family and friends, they’ll find out that family and friends have had their identity stolen. It’s massive.”

If phishing is now the great new security threat of the 21st century, more time and money needs to be spent educating people on how they can combat these dangers in their online use. And the starting point needs to be a good, solid password for your important accounts – 123456 just doesn’t cut it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: