Using weak passwords in accessing corporate services or personal accounts has been cited has one of the reasons cybercriminals are having a field day in Kenya.

A survey by cyber security firm, Kaspersky indicates that 30 percent of Kenyans were attacked online by password stealers in September alone this year.

With this alarming trend, Kaspersky is now advising Kenyans to ensure that they come up with watertight passwords that aren’t easy to crack by attackers.

The firm says one should use at least two-factor authentication to access their personal accounts to avoid their personal data and information from being stolen or used by password stealers.

According to UK’s National Cyber Security Centre ( NCSC), one in six people uses the names of their pets, date of births or their names as their passwords, making them highly predictable. What is surprising is that these passwords tend to be reused across multiple sites, with one in three people using the same password to access different accounts.

Kaspersky found that fraudsters steal passwords by mainly using special malware called Trojan-PSW.  These are stealers capable of gathering login and other account information, including any personal data – from gaming websites and streaming accounts.

Kaspersky warns that if no tight measures are put in place, cybercrimes and frauds will increase rapidly in the coming years.

The firm’s data indicate that between January and September 2021 there were 16 percent more user attacks compare to a similar period in 2020.

Across the globe, there were about 160,000 more targets in September than in April, an increase of 45percent. In recent months, Kaspersky experts have also seen a sharp rise in the number of attempts to infect users.

The total amount of detections also increased compared to the previous year: from 24.8 million to 25.5 million.

There are several ways stealers uses to crack down one’s password. These include social engineeringwhich is rooted in the idea of deceiving or manipulating people into divulging their information or taking a certain action. Common social engineering methods used to steal passwords include phishing and using a Trojan horse attack. A less common approach is shoulder surfing, in which the hacker simply watches a user type in his or her password.

To protect user credentials, people are advised to use Multi-Factor Authentication (MFA) as it adds a security layer to logins beyond just a simple username and password. It also helps to ensure that hackers cannot access your systems even if one of your passwords becomes compromised.

“As statistics show, logins, passwords, payment details and other personal data continue to be an attractive target for cybercriminals, and they remain a popular commodity on the dark market. For this reason, we encourage Internet users to take extra steps to protect their accounts,” states Denis Parinov, a security expert at Kaspersky.

“For example – by using multifactor authentication methods. Increased scammer activity using password stealers also suggests the need for users to be more careful, not to follow unverified links and to use an updated security solution.”

To avoid falling victim to malicious programs and scams aiming at stealing credentials, Kaspersky advises users to always keep software updated on all their devices to prevent attackers infiltrating the network by exploiting vulnerabilities. “Avoid posting online personal information that may give away your identity, such as your address, your personal phone number, your email address, and so on. Before sharing anything, consider the unintended consequences and do not share anything that might compromise your or someone else’s privacy,” Mr Parinov notes.