If today’s cybercriminal obtains your login credentials, he can change your account settings, steal sensitive personal or company data, send out phishing emails as you, and possibly access additional accounts within your organization.
Criminals can attempt this “malicious account takeover” through:
Hacking: Automated scripts run through various password combinations (AKA, brute force attack) to discover the correct access.
Phishing and Spear Phishing: Highly targeted emails from seemingly credible sources trick users into to revealing personal information.
Social Engineering: Researching online databases and social media to data mine potential password information based on your name, location, phone number, or names of family members, etc.
Botnets: Bots from multiple IP addresses perform high-volume username and password hacks to take over a number of accounts while staying unnoticed.
Credential Stuffing: Stolen or leaked credentials are tested against multiple websites in the hope that the victim uses the same password for everything.
In order to prevent the above, connecting to your network and critical applications has developed from a simple password into a process of multi-factor authentication (MFA).