How does your account become compromised?

Experts estimate that more than 4 billion data records were stolen in 2016.

There is a black market for selling website credentials. When a site like LinkedIn or eBay is hacked, the hackers can collect thousands (if not millions) of usernames and passwords which they then sell. They can sell 100 usernames to one person, and 5,000 to another depending on what the buyer can afford. With this list in hand, the thief will try each password and username they purchased until finding the ones that work.

​

Hackers parse existing breach data for emails, usernames, and passwords, and then attempt to reuse those credentials on popular websites. To achieve this, hackers will make use of 'checker' scripts. These are scripts which are designed to test batches of username:password combinations on specific websites to identify valid accounts. These scripts exist for every imaginable service, and are constantly updated and circulate within the hacker underground.

Once a target, always a target. Statistics show that if you've been breached, you are much more likely to be attacked and suffer another breach. If you have not taken steps to enhance your security posture, you are taking a significant risk

Almost half of those who fell victim to an additional attack (49 percent) were successfully attacked within the first 12 months following the initial incident and 86 percent of those who fell victim to additional 'significant' attacks were found to have more than one unique attacker active in their networks and systems.

Attackers rarely randomly targets; once the reconnaissance has been conducted on a target the attacker will want to complete their attack. 

But the subsequent attacks aren't necessarily going to be anything to do with the original hackers -- it could be a separate attack by a different hacking group eager to take advantage of what they perceive to be a weak target. (zdnet.com)

​

Find a complete list of data breaches

Think about it...  LinkedIn was hacked in 2016 and hackers sold 117 million passwords. 'Bob' has a LinkedIn account that he doesn't use or has forgotten about, and therefore, 'Bob' never changed his password or secured his account. 

Not only does 'Bob' use his work (or business) email for all of his accounts (business email, gmail, Google (Android phone) or iCloud (iPhone), banking, etc., he usually uses the same passwords.

Due to the availability and accessibility of his information, 'Bob' is and will continue to be a target for hackers.

also see

Tax Scams

Internet Security

Top Scams of 2018

Common Business (& Personal) Scams

​