Security Behaviour Database
/

Account Compromise

Account compromise happens when unauthorised people access them.


Behaviours

SB001: Enables multi-factor authentication for workplace accounts

SB001: Enables multi-factor authentication for workplace accounts

Multi-Factor Authentication (MFA) is the process of signing in to an account using more than one piece of ...

SB003: Uses a strong password or passphrase

SB003: Uses a strong password or passphrase

Strong passwords/passphrases should be used for all accounts containing sensitive data, such as workplace ...

SB005: Uses Single Sign-On (SSO)

SB005: Uses Single Sign-On (SSO)

Single Sign-On reduces login friction and can encourage stronger password/passphrase use.

SB007: Checks whether passwords (or other personal data) have appeared in known data breaches

SB007: Checks whether passwords (or other personal data) have appeared in known data breaches

Tools such as haveibeenpwnd.com can be used to check if passwords (or other personal data) have been leaked in ...

SB008: Checks whether personal information shared publicly online could be used to answer security questions

SB008: Checks whether personal information shared publicly online could be used to answer security questions

Security questions provide a recovery option for online accounts. Their answers must be protected. Before posting ...

SB009: Ensures online accounts that are no longer needed are de-activated

SB009: Ensures online accounts that are no longer needed are de-activated

Dormant accounts may still hold or provide access to sensitive data. Security teams should be notified when ...

SB010: Does not share passwords

SB010: Does not share passwords

Password sharing increases the likelihood of an account being compromised. Passwords should not be shared. Any ...

SB013: Reports known or suspected security incidents

SB013: Reports known or suspected security incidents

Reporting known or suspected security incidents helps protect people as well as their place of work. If the ...

SB014: Asks security professionals for help with security issues

SB014: Asks security professionals for help with security issues

Asking for help can help people learn. Security professionals can advise on how best to approach and resolve ...

SB015: Completes assigned security awareness training successfully

SB015: Completes assigned security awareness training successfully

Security Awareness training is an important part of organisational security. Completing awareness training ensures ...

SB016: Does not re-use passwords between accounts

SB016: Does not re-use passwords between accounts

Using unique passwords ensures that if one of your passwords is leaked, not all your accounts can be accessed.

SB022: Installs antivirus on all compatible devices

SB022: Installs antivirus on all compatible devices

Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB022a: Installs antivirus on all compatible workplace devices

SB022a: Installs antivirus on all compatible workplace devices

Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB022b: Installs antivirus on all compatible personal (i.e. non workplace) devices

SB022b: Installs antivirus on all compatible personal (i.e. non workplace) devices

Antivirus/Endpoint protection programs provide excellent coverage against known online threats. They should be ...

SB023b: Enables firewalls on all compatible personal (i.e. non workplace) devices

SB023b: Enables firewalls on all compatible personal (i.e. non workplace) devices

A firewall is a set of virtual rules that help prevent malicious applications from communicating with a device. ...

SB030: Follows advice given in security warnings

SB030: Follows advice given in security warnings

Security warning alert to potential harmful activity, like when a malicious website is visited. The advice should ...

SB048: Uses a privacy screen when working with sensitive information in shared spaces

SB048: Uses a privacy screen when working with sensitive information in shared spaces

Privacy screens prevent opportunistic onlookers from viewing sensitive information. They should be used when ...

SB055: Reads organisational security policy

SB055: Reads organisational security policy

Security policies help reduce risk by increasing the chance that people will understand what to do to keep their ...

SB056: Highlights security controls that prevent or disrupt ability to work sensibly

SB056: Highlights security controls that prevent or disrupt ability to work sensibly

Sometimes security controls can prevent or disrupt job activity. In these instances controls may be ignored to ...

SB073: Sets account passwords with network provider

SB073: Sets account passwords with network provider

Criminals with access to network providers can launch SIM swap or mobile phone number porting attacks. Agreeing a ...

SB074: Uses a private browsing on shared devices

SB074: Uses a private browsing on shared devices

If workplace devices are shared between colleagues, private browsing should be enabled by default. This means ...

SB081: Checks instant messages for signs of deception

SB081: Checks instant messages for signs of deception

Criminals will often use instant messaging (e.g. Whatsapp, Facebook and Slack) as an attack vector. Unexpected ...

SB087: Reports suspicious messages (e-mails, texts, phone calls)

SB087: Reports suspicious messages (e-mails, texts, phone calls)

Suspicious messages received via email, text or phone should be reported to a single point of contact. This allows ...

SB088: Checks emails for signs of deception

SB088: Checks emails for signs of deception

Criminals will often use emails as an attack vector. Unexpected emails should always be checked for malicious ...

SB089: Does not share MFA codes

SB089: Does not share MFA codes

Doesn't share MFA codes (including verfication codes and OTPs) with other people, preventing them from accessing ...

SB093: Deletes old personal online accounts if no longer used

SB093: Deletes old personal online accounts if no longer used

Deleted online accounts and "zombie" apps that no longer used. These accounts are a security risk as they often ...

SB105: Uses a security key

SB105: Uses a security key

Security keys are USB keys or dongles that work as an advanced form of multi-factor authentication. Using them ...

SB150: Does not use a password that has been compromised in a data breach

SB150: Does not use a password that has been compromised in a data breach

Passwords that have been compromised in data breaches are often shared or sold amongst cyber criminals. Other ...

SB152: Does not log in with shared credentials

SB152: Does not log in with shared credentials

People should not log into their accounts using credentials that have been shared with other people. Doing so can ...

SB156: Discloses credentials to a phishing site

SB156: Discloses credentials to a phishing site

Disclosing credentials to a phishing site places the individual and their organisation at risk of account ...

SB156a: Discloses credentials to a simulated phishing site

SB156a: Discloses credentials to a simulated phishing site

Disclosing credentials to a phishing site places the individual and their organisation at risk of account ...

SB159: Does not click a phishing link

SB159: Does not click a phishing link

Clicking on a phishing link could lead you to a fake website that asks for private credentials, or tricks you into ...

SB159b: Does not click a simulated phishing link

SB159b: Does not click a simulated phishing link

Clicking on a phishing link could lead you to a fake website that asks for private credentials, or tricks you into ...

SB161: Reports a suspected phishing email

SB161: Reports a suspected phishing email

Reporting phishing emails notifies IT or security teams that employees are being targeted by cyber attackers. ...

SB161b: Reports a simulated phishing email

SB161b: Reports a simulated phishing email

Reporting phishing emails notifies IT or security teams that employees are being targeted by cyber attackers. ...

SB163: Does not open a phishing email

SB163: Does not open a phishing email

Some phishing emails include macros that autorun on opening. Even though these cases are rare, if possible it is ...

SB163a: Does not open a simulated phishing email

SB163a: Does not open a simulated phishing email

Opening a simulated phishing email informs the IT or security team that employees might be at risk of taking ...

SB164: Does not open an attachment in a phishing email

SB164: Does not open an attachment in a phishing email

Opening attachments on phishing emails could lead to malware infections and cyberattacks.

SB164a: Does not open an attachment in a simulated phishing email

SB164a: Does not open an attachment in a simulated phishing email

Opening an attachement in a simulated phishing email informs the IT or security team that employees might be at ...

SB167: Reports a suspected phishing message

SB167: Reports a suspected phishing message

Reporting suspected phishing messages notifies IT or security teams that employees are being targeted by cyber ...

SB167a: Reports a suspected phishing message in Slack

SB167a: Reports a suspected phishing message in Slack

Reporting suspicious Slack messages notifies IT or security teams that employees are being targeted by cyber ...

SB167b: Reports a suspected phishing message in MS Teams

SB167b: Reports a suspected phishing message in MS Teams

Reporting suspicious messages in MS Teams notifies IT or security teams that employees are being targeted by cyber ...

SB173: Does not use work email addresses for non-work purposes

SB173: Does not use work email addresses for non-work purposes

Using work email for non-working purposes increases the chance that the email might be compromised in a data ...

SB175: Does not log in from a rooted mobile device

SB175: Does not log in from a rooted mobile device

Gaining root access ('rooting', also known as 'jailbreaking') on a mobile device is akin to running Windows as an ...

SB177: Does not lose device through theft or negligence

SB177: Does not lose device through theft or negligence

Losing devices containing sensitive information through theft or negligence increases the likelihood of cyber ...

SB177a: Does not lose mobile device through theft or negligence

SB177a: Does not lose mobile device through theft or negligence

Losing a mobile phone or tablet containing sensitive information through theft or negligence increases the ...

SB177b: Does not lose laptop/desktop through theft or negligence

SB177b: Does not lose laptop/desktop through theft or negligence

Losing laptops/desktops containing sensitive information through theft or negligence increases the likelihood of ...

SB178: Does not share a desktop device

SB178: Does not share a desktop device

Sharing a desktop device allows someone else to have access to your personal and/or company's confidential data.

SB192: Does not disable MFA

SB192: Does not disable MFA

Disabling MFA increases the risk of an unauthorised person gaining access to your account if they know your ...

SB192a: Does not disable MFA on Slack

SB192a: Does not disable MFA on Slack

Disabling MFA on Slack increases the risk of an unauthorised person gaining access to your account if they know ...

SB192b: Does not disable MFA on Microsoft 365

SB192b: Does not disable MFA on Microsoft 365

Disabling MFA on Microsoft 365 increases the risk of an unauthorised person gaining access to your account if they ...

SB192c: Does not disable MFA on Google Workspace

SB192c: Does not disable MFA on Google Workspace

Disabling MFA on Google Workspace increases the risk of an unauthorised person gaining access to your account if ...

SB195: Completes policy attestation

SB195: Completes policy attestation

Most organizations today have multiple compliance requirements and contractual obligations that require all ...

SB198b: Does not use unapproved desktop or laptop for work purposes

SB198b: Does not use unapproved desktop or laptop for work purposes

Using unapproved desktops or laptops for work purposes increases security risks. This could be for a variety of ...

SB203: Uses biometrics to access online account

SB203: Uses biometrics to access online account

People can access devices and accounts with biometric information (e.g. a fingerprint or facial scan). The unique ...

SB204: Uses biometrics to access mobile device

SB204: Uses biometrics to access mobile device

People can access devices and accounts with biometric information (e.g. a fingerprint or facial scan). The unique ...

SB209: Uses a stand-alone password manager application

SB209: Uses a stand-alone password manager application

A password manager is an application that securely stores passwords. Some password managers also create and enter ...

SB210: Saves passwords or passphrases into a browser

SB210: Saves passwords or passphrases into a browser

A browser-based password manager is an application that securely stores passwords. Browsers often create and enter ...

Case study

Sarah Morrison

In 2019, Sarah Morrison found out why reusing passwords is such a bad idea. It cost her $13,000.

Her ordeal started with an email. The email concerned a takeaway she’d “ordered” 3,000 miles from her home in New York.

Sarah thought little of it. She notified Grubhub of the charge, which Grubhub promptly refunded. Just to be safe, Sarah also changed her Grubhub password. But the precaution wasn’t enough.

Five months later, Sarah logged into her bank account and realised she’d lost $13,103.91. Sarah had reused the compromised Grubhub password to protect her online bank account. Which, of course, wasn’t much protection at all.

It took Sarah several stress-ridden months to regain full control of her accounts. The trouble could have been avoided if she’d used separate passwords for her individual accounts.

Sarah could have also turned on two-factor authentication as an extra security layer.

“I really should have bothered!” says Sarah. “So should you.”

Claire Pearson

In April 2017, Claire Pearson watched as a £71,000 inheritance from her late father was stolen from her account.

It started with a text message from her bank informing her of suspicious account activity. Worried about possible fraud, she called the “fraud prevention helpline” mentioned in the text... without checking the identity of the sender.

After a quick chat, Claire shared her account details and password and was told she’d receive a new card within three days. However, when she called her bank back – this time using a saved number – she realised she’d been tricked.

Despite her efforts, Claire could not recover all her money. In retrospect, Claire wishes she’d verified the fraudulent text by calling her bank using the number she had stored in her phone.

The incident could also have been avoided had Claire realised that real bank officials never ask for account passwords.

Twitter Hack, 2020

In July 2020, various high-profile celebrities and companies tweeted a link to their followers. The tweets asked followers to send in Bitcoin payments, then watch as the payments were doubled then returned.

The tweets were fraudulent, posted by hackers who were about to earn $120,000 through one of the biggest account compromises Twitter has ever known.

The hackers breached 130 Twitter accounts in total, including those of Barack Obama, Elon Musk, Kanye West, Bill Gates, Apple and Uber. Twitter called the hack an elaborate case of social engineering.

In response to the breaches, Twitter restricted password resets and temporarily restricted verified accounts from tweeting.

SebDB is brought to you byCybSafe| © 2023 CybSafe Ltd