Common Ways Cybercriminals Steal Your Passwords
18 July 2023


Common Ways Cybercriminals Steal Your Passwords

Stay ahead of cyber creeps with our inside info on the methods they use to get your password and gain entry to your digital life.

Criminals in general always strive to stay ahead of the curve, developing new methods to steal a jump on those trying to catch them. The pattern is no different for cyber criminals trying to get their hands on your passwords.  

In an interconnected world, password security is important. Cybercriminals are good at using various methods to gain unauthorised access to personal accounts and you need to be aware of them. We explore some of the latest and most common techniques hackers use to steal passwords and give you practical tips to avoid getting caught out. 

Phishing attacks 

Phishing attacks are one of the most common methods used by hackers and are still one of the most effective. It involves tricking people into sharing their passwords by posing as legitimate brands and entities. The hackers do this using deceptive emails or by faking websites of trusted organisations and brands (spoof websites). These messages often request sensitive information or require you to log into “your profile”, so you inadvertently give your login details to the hacker. Companies are constantly making their customers aware of things they will never ask for, like your password via email. But it’s also important to be vigilant: 

  • Double-check email addresses and scrutinise website URLs for anything out of the ordinary (bad spelling, grammar or unusual punctuation).  

  • Never click on suspicious links.  

Social engineering  

Ever seen the scene in the series Mr Robot where the main character Elliot poses as a tech support agent to gain access to someone’s username and password? That is social engineering. Attackers manipulate human psychology by impersonating trustworthy individuals, such as colleagues, tech support personnel, or even friends. They then gain your trust while exploiting your emotions, creating a sense of urgency to trick you into releasing information instantly. Never share personal information or passwords over the phone or via social media. Verify the identity of anyone requesting information on these channels and always ensure you have strong authentication methods. 


If you think people are being pedantic when they tell you to keep your antivirus updated, think again. Keylogging is one of the main reasons this is necessary. Keyloggers are malicious programs that record keystrokes on a device, including passwords. These programs can be installed via infected email attachments, compromised websites, or malicious software downloads. Avoid being caught out by installing the latest antivirus software on your device. Also, avoid opening suspicious email attachments and visiting dodgy websites. Using virtual keyboards or password managers can help mitigate the risk of keylogging attacks by working around keyloggers’ ability to capture keystrokes. 

Brute force attacks  

This type of attack is the reason services require you to have a 12-digit password that includes a number and special characters. Brute force attacks involve a hacker systematically attempting different character combinations until they find your password. To do this they use automated tools and computing power to quickly guess passwords. This is why a complex and unique password with a mix of uppercase and lowercase letters, numbers, and special characters is best. Implementing multi-factor authentication also helps, adding an extra layer of security by requiring more than one verification step. 

Credential stuffing  

Credential stuffing takes advantage of people who often use the same password on multiple personal accounts. Cybercriminals who may have obtained username and password combinations from an earlier data breach, try these on various platforms, hoping the victim has used these credentials on other accounts. This is why you must never use the same password in different places. You can also add protection by using a password manager to securely store and generate complex passwords. In addition, keep an eye on data breach notifications that help you act swiftly to change compromised passwords. 

Cybercrime is continuously evolving, so ensure your online safety by keeping up with the methods hackers use. Things like antivirus, password managers and other security measures are important, and you need to keep them updated. For more about how to prevent fraud, and what to do if you have been a victim of it check out these effective fraud tips and tricks