{"id":21296,"date":"2025-09-14T20:13:11","date_gmt":"2025-09-14T20:13:11","guid":{"rendered":"https:\/\/naijaglobalnews.org\/?p=21296"},"modified":"2025-09-14T20:13:11","modified_gmt":"2025-09-14T20:13:11","slug":"password1-how-scammers-exploit-variations-of-your-logins-money","status":"publish","type":"post","link":"https:\/\/naijaglobalnews.org\/?p=21296","title":{"rendered":"Password1: how scammers exploit variations of your logins | Money"},"content":{"rendered":"<p>\n<\/p>\n<p class=\"dcr-130mj7b\"><span style=\"color:var(--drop-cap);font-weight:700\" class=\"dcr-15rw6c2\">T<\/span>he first you know about it is when you find out someone has accessed one of your accounts. You\u2019ve been careful with your details so you can\u2019t work out what has gone wrong, but you have made one mistake \u2013 recycling part of your password.<\/p>\n<p class=\"dcr-130mj7b\">Reusing the same word in a password \u2013 even if it is altered to include numbers or symbols \u2013 gives criminals a way in to your accounts.<\/p>\n<p class=\"dcr-130mj7b\">Brandyn Murtagh, an ethical \u201cwhite hat\u201d hacker, says information obtained through data breaches on sites such as DropBox and Tumblr and through cyber-attacks has been circulating on the internet for some time.<\/p>\n<p class=\"dcr-130mj7b\">Hackers obtain passwords and test them out on other websites \u2013 a practice known as credential stuffing \u2013 to see whether they can break into accounts.<\/p>\n<p class=\"dcr-130mj7b\">But in some cases they do not just try the exact passwords from the hacked data: as well as credential stuffing, the fraudsters also attempt to access accounts with derivations of the hacked password.<\/p>\n<p class=\"dcr-130mj7b\">Research from Virgin Media O2 suggests four out of every five people use the same or nearly identical passwords on online accounts.<\/p>\n<p class=\"dcr-130mj7b\">Using a slightly altered passwords \u2013 such as Guardian1 instead of Guardian \u2013 is almost an open door for hackers to compromise online accounts, Murtagh says.<\/p>\n<p class=\"dcr-130mj7b\">Working with Virgin Media O2, he has shown volunteers how easy it is to trace their password when they supply their email address, often getting a result within minutes.<\/p>\n<p class=\"dcr-130mj7b\">A spokesperson for Virgin Media O2 says: \u201cHuman behaviour is quite easy to model. [Criminals] know, for example, you might use one password and then add a full stop or an exclamation mark to the end.\u201d<\/p>\n<h2 id=\"what-the-scam-looks-like\" class=\"dcr-n4qeq9\"><strong>What the scam looks like<\/strong><\/h2>\n<p class=\"dcr-130mj7b\">The criminals use scripts \u2013 automated sets of instructions for the computer \u2013 to go through variations of the passwords in an attempt to access other accounts. This can happen on an industrial scale, says Murtagh.<\/p>\n<p class=\"dcr-130mj7b\">\u201cIt\u2019s very rare that you are targeted as an individual \u2013 you are [usually] in a group of thousands of people that are getting targeted. These processes scale just like they would in business,\u201d he says.<\/p>\n<p class=\"dcr-130mj7b\">You might be alerted by messages saying that you have been trying to change your email address or other details connected to an account.<\/p>\n<h2 id=\"what-to-do\" class=\"dcr-n4qeq9\"><strong>What to do<\/strong><\/h2>\n<p class=\"dcr-130mj7b\">Change any passwords that are variations on the same word \u2013 Murtagh advises starting with the most important four sets of accounts: banks, email, work accounts and mobile.<\/p>\n<p class=\"dcr-130mj7b\">Use password managers \u2013 these are often integrated into web browsers. Apple has iCloud Keychain while Androids have Google Password Manager, both of which can suggest and save complicated passwords.<\/p>\n<p class=\"dcr-130mj7b\">Put in place two-factor authentication or multi-factor authentication (2FA or MFA), which mean means you have two steps to log into a site.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The first you know about it is when you find out someone has accessed one of your accounts. You\u2019ve been careful with your details so you can\u2019t work out what has gone wrong, but you have made one mistake \u2013 recycling part of your password. Reusing the same word in a password \u2013 even if<\/p>\n","protected":false},"author":1,"featured_media":21297,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[52],"tags":[10224,1150,2062,13070,8232,13071],"class_list":{"0":"post-21296","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-exploit","9":"tag-logins","10":"tag-money","11":"tag-password1","12":"tag-scammers","13":"tag-variations"},"_links":{"self":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts\/21296","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21296"}],"version-history":[{"count":0,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/posts\/21296\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=\/wp\/v2\/media\/21297"}],"wp:attachment":[{"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/naijaglobalnews.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}