How fast can bad actors steal your credentials?

 Short answer - VERY FAST!

Most people understand that it is bad to sign in to a login page that you aren't 100% sure is the page you want to log into. So when a page like this pops up, most people close the window and don't log in.

But people are people, and people make mistakes. Most times users who login to a fake page realize what they've done immediately after hitting the submit/send button.

Unfortunately, even with that sudden realization, it's too late.

In the time just after clicking the send button and the time the user realizes what they've done, THAT'S how long it takes for bad actors to get your credentials from you.

I made a quick video showing a little behind-the-scenes activity to highlight how quickly this happens.

https://youtu.be/dDJXPBqEtoo

Key things to pay attention to:

- how quickly the attack can get set up

- how fast after hitting send the user's credentials get to the bad actor.

If you ever find yourself in this situation, the best course of action is to IMMEDIATELY CHANGE YOUR PASSWORD! Yes the bad actors will still have your login username but changing the password makes the password they do have completely irrelevant, provided you use a new password that is completely different from the one just sent. Bad actors can use the password they have to develop alternative passwords to try using in a brute force attack.

For example, if your current password is password1 and you accidentally send your credentials across a fake login page, the bad actor can create similar passwords like Password1, p@ssword123, P@ssw0rd1, etc. to use to try and force their way into your account. There are even programs available that can accept a password and automatically create possible alternatives to that password. The bad actor only has to type in the currently held password and let the program do all the work.

Bottom line is this: when you come to a login page ALWAYS CHECK THE URL to make sure you are logging in to the page you want to log into. If not, CLOSE THE PAGE OUT!!

Stay safe out there! It only takes 1 accidental oops to let bad actors into your accounts and disrupt your life in a myriad of ways!