Beware Of Credential Stuffing

This spring and summer, our Risk Management team noted that our area seems to be seeing an uptick in credential stuffing, a type of cyber attack. While hackers have not been able to use this attack to access accounts at the Bank, we wanted to alert you to this increased risk against all of your web-based shopping and banking.  If we believe hackers are trying to access online banking using your username, we will be reaching out to you to alert you and discuss how to protect your information and your accounts.

Hackers use credential stuffing to hijack your online accounts, such as online banking or shopping sites.   These fraudsters attempt to log in to websites by using stolen usernames and passwords using automation tools.  These tools give them great speed and they can try thousands of credentials in a matter of minutes.  When the credentials work, the hackers are able to commit fraud in the victims’ online accounts.  The hackers also use sophisticated tools to fool the affected websites into thinking that each one of the hacked attempts is coming from a different computer or device.

Unfortunately, many of us have compromised credentials, such as usernames and passwords and are not aware of it.  They are often stolen from large data breaches, and then harvested and sold on the dark web.  In recent years, hundreds of millions of login credentials have been stolen, sold and used to commit fraud.

Cyber attacks such as this one are successful when consumers use the same username and password on more than one website or application; or when they use simple or easy to guess usernames and passwords.   We strongly suggest that you change your usernames and passwords frequently, that you don’t repeat the same username and password on more than one website or application, and that you use complex passwords with numbers, letters, special characters and uncommon phrases.

If you are concerned that your credentials may be compromised, please reach out to us so we can assist you.