What is Credential Stuffing?
Credential Stuffing is a type of attack where the fraudster uses a known-good combination of a username and password, typically coming from another site’s data breach. Fraudsters take advantage of the tendency of users to reuse the same credentials on multiple sites (which is very common). When the username and password are known together, fraudsters manually set up accounts using an aggregator or money-movement service to take money from the user’s account.
How to Prevent and Protect Your Passwords
Ensuring you’re not using the same login credentials for online sites can prevent this type of attack. Statistics show that 81% of users have reused a password across two or more sites, and 25% of users use the same password across a majority of their accounts. If this sounds like you, updating or changing your passwords so you’re not using the same credentials across multiple sites, should help prevent this from happening.
What Else Can You Do to Protect Yourself?
You are allowed a free credit report each year from each of the reporting agencies (Experian, Equifax and TransUnion). This year, due to the pandemic, the three reporting agencies are allowing you to access your credit report weekly online through April 2021. Credit reports can be a useful tool in the fight against cyber criminals. You should review these reports and ensure all the information being reported is accurate and up to date. If you are interested in getting your free report, visit www.annualcreditreport.com
Written by: Carmen Thiede, Vice President/Information Security Officer