Ready for the biggest shopping spree of the year? Got all the best deals in line? That might actually not be the case. Since everyone is looking for a chance to save money during this sales season, cybercriminals are locked and loaded with a diverse range of scams to cash in on the occasion.

If you’re looking out for the worst and most common Black Friday scams, we’ve got a different guide for you. If you’re aiming to be proactive and avoid scams altogether, you’ve come to the right place. Today you’ll learn how to stay safe, sane, and cautious while scouring for the best Black Friday deals.

1. The one letter that all secure sites have

Take a close look at the URL of the site you’re visiting. If it has HTTPS in the URL field and a tiny green padlock next to it, consider yourself safe – the “S” in HTTPS stands for “secure.” However, if you’ve noticed that the URL only contains HTTP, tread carefully.

To avoid visiting malicious sites, you can configure your browser’s security preferences to block potentially dangerous websites or downloads. Most popular browsers like Chrome and Firefox allow users to customize their security preferences according to their needs. You can configure your security preferences in your browser’s settings.

2. Pay with Apple Pay, Google Pay, or a credit card

These payment methods offer stronger consumer protection than can be provided by debit cards, wire transfers, or cash. For instance, Apple Pay employs security features built into the hardware and software of your device to ensure secure transactions. Google Pay and credit card purchases are covered in Section 75 of the Consumer Credit Act, which ensures legal protection if a company or seller you are buying from doesn’t deliver what it promised or goes bankrupt. You can also set up a virtual credit card with a spending limit. Even if your details are breached, the card will decline all transactions beyond the set limit.

Be especially wary of any seller that requests wire transfers. Scammers prefer such transactions because there’s virtually no way to reverse them once they are processed. Being smart and cautious about payment methods means you’ll have more success claiming your money if things go haywire.

3. Use a password manager

If you are going to do most of your bargain-hunting online, prepare to create a lot of accounts and remember dozens of passwords. To make things easier for yourself, you’ll probably reuse the same login details on most online stores, if not all of them. However, this convenience can lure you into the danger of breached login credentials – and if one of your accounts is affected, all of them are.

It’s always recommended to have unique and strong passwords for your accounts. However, that doesn’t mean you have to memorize every single one. To make your life much easier and stress-free, use a password manager which will securely store and remember your passwords for you. NordPass is a password manager that lets you store your passwords as well as your credit card details, making it a perfect fit for online shopping. NordPass comes equipped with a password generator, saving you a headache of coming up with unique passwords each time.

4. Update your software

It can be so tempting to check “Remind me later” each time a new update notification pops up. However, whether you’re shopping online or browsing new sites, you need to keep your guard up.

Make sure your apps are up to date and the latest software is installed on your devices. Scammers always look for weak spots in older software to plant their mischief, but regular updates can help you stay secure, as developers issue bug fixes to eliminate security vulnerabilities.

5. Use a VPN app

Black Friday fever can strike you anywhere. Perhaps you’re walking through a mall, spot an item you really want at one of the shops, and check to see if they have it in your size. They don’t? Not a problem – you can just connect to the mall Wi-Fi and quickly check their stock online. And just like that, you’ve opened up your data to bad actors – turns out that Wi-Fi was as accessible as it was insecure.

Instead of connecting to an insecure network directly, you should use a virtual private network (VPN) first. A VPN is a one-click security cloak. It hides your internet traffic from scammers with state-of-the-art encryption that would take hundreds of years to crack.

6. Be cautious with SMS and email offers

It’s not unusual for companies to send their clients text messages or emails with special offers during Black Friday or any other sale period. Some malicious actors like to take advantage of this and send spoofed messages of their own. Usually these messages contain a phishing link designed to look very similar to a real website. But there’s a catch: if you enter your login credentials or card details into this site, you’re inadvertently handing it over to the hackers.

If you’ve received a suspicious offer via a text message or an email, don’t click any links. Check the online store’s website and social media to see if they’ve announced similar deals. You can also get in touch with customer support to cross-check if the offer is real. If it’s not, delete the message and block the contact.

7. Avoid suspicious pop-ups and redirect links

You’re visiting a seemingly innocuous website. Suddenly your scrolling is interrupted by a pop-up window exclaiming a super exciting deal, valid only for the next ten minutes so hurry up! What do you do – click it or close it?

Aside from being annoying and distracting, pop-ups and redirects can also be dangerous. Clicking them can send you to fake sites or even prompt an unwanted malware download. Once that’s done, scammers are free to do almost anything they please with your device. So close the pop-up and back out of the website. If you accidentally clicked anything, run a system scan for viruses for good measure.

8. Watch out for too-good-to-be-true deals

The hype around Black Friday is huge. Scammers know it and try their best to cash in on the opportunity. All too often, the internet gets flooded with impossibly good deals. A brand new smartphone for just $25, no strings attached? A pair of designer sneakers or a shirt from this year’s fall/winter collection for $10? Sounds great, but remember — anything that seems too good to be true probably is.

Be careful not to let your guard down. Ridiculously low prices are a typical bait that scammers use to lure you into their trap. Generally, Black Friday deals fall within the 20-30% off range. Some websites offer price trackers to let you see how the price of the item has changed leading up to Black Friday. Can’t find any prior data for that one shop with cosmic deals? Then it was probably arranged solely to trick unassuming shoppers and rob them of their money and data.

9. Click the site’s trust badges

With so many copycat websites around, how can you be sure you’re buying from a legitimate source? Keep an eye on what trust badges the page has. Trust badges confirm that a security authority has verified the website. VeriSign, Better Business Bureau (BBB), and PayPal-Verified are some of the most easily recognizable ones. You will normally find trust badges at the bottom of most websites.

However, the badges being on the page aren’t proof alone of legitimacy. Trust badges are just images, and scammers can copy and paste them onto their fake websites. If a site is really certified, clicking on the badge should take you to the site of the issuer (for example, to verisign.com). If you’re having doubts, hover over the badge to see if it’s interactive and check what URL it links to. If the link clearly leads to the trust verification provider, you’re safe to proceed.

10. Do your research

Keeping yourself safe during the shopping craze requires some research from your end as well. After all, new scams pop up each year, and you have to be ready for anything. So do your due diligence – research news portals, forums, and Reddit boards to see what new scam tactics are popular.

Always double-check the websites you’re visiting for reviews and negative experiences. Perhaps the site is very new and conveniently only seems to be available during the Black Friday-Cyber Monday season – it could be someone trying to copy a pop-up store model online, but it’s more likely to be a scam. Make sure the URLs of the stores you’re visiting are accurate. Even if you don’t catch every great deal, it’s better to be safe than sorry.

11. Limit sharing personal information

Last but not least, be mindful of what information about yourself you’re sharing online and who might have access to it. When it comes to online shopping, the stakes are high – you need to provide your name, address, and card details.

Be mindful when you create new accounts – don’t reveal more information than necessary. If possible, select an alternative delivery method, like a parcel locker. Always check the data storage and retention policies – is the store compliant, how is your information stored and for how long? Put your privacy first and shop securely.

Conclusion

In the rush of finding a bargain, safety may be the last thing on your mind, but please do stay extra vigilant. These precautions take just a few seconds, but it will take you days to reclaim your money. Worse still, you might have your details spread all over the dark web for years to come. But there’s no need to stress this Black Friday shopping season – you’re all set to notice attempts to scam you and you’ll dodge them with ease.

Before you start your hunt for the best discounts, make sure you’re armed with the right security tools – NordPass is here to make your shopping experience smoother and safer. NordPass generates strong passwords for each new store you sign up for, auto-fills your address and card details once you get to the checkout screen, and ensures your login credentials are kept secure in your encrypted vault.

In the spirit of the season, we’re bringing you some great Black Friday deals. Planning to hit up brick-and-mortar stores first and save online shopping for later? No worries – we’ve got you covered with special offers for Cyber Monday as well. And for now – happy shopping and stay safe!

For some, Black Friday and Cyber Monday are the perfect time to check the boxes on their Christmas shopping list. For others – an opportunity to use the shopping frenzy against you and steal your data. Today, we’re learning more about the most common Black Friday and Cyber Monday online scams, how to identify them, and what to do if you fall victim to them.

Common Black Friday and Cyber Monday scams

Over the years, scammers have developed numerous strategies to trick people out of their money and sensitive data. Here’s what you should look out for:

1. Websites requiring you to download an app

Imagine you’re about to make an online purchase on a website with a killer deal. Suddenly, it turns out that the only way to grab this exclusive offer is by making a purchase through the app.

It’s true that some online shops might offer exclusive deals for mobile app users. However, you need to be cautious here. If you are shopping on a website you’re unfamiliar with and the company asks you to download its app to complete the transaction – it’s time to run. You’re most likely being tricked into downloading a fraudulent app designed to steal your payment information.

2. Spoofed websites

Spoofed websites are websites that are designed to look exactly like well-known, legitimate pages. However, what lies beneath them is a system created to steal your passwords, card details, and other personal information.

The good news is that with a few tips and tricks, it’s pretty easy to catch them:

• Check the URL. Trustworthy websites will always use HTTPS in their URLs, where the “S” stands for “secure.” Most browsers will also have a padlock icon indicating that the website is approved and trustworthy. If you see only HTTP or a broken padlock, the site isn’t safe, and you should avoid supplying your sensitive data.

• Look out for bad grammar. Glaring spelling mistakes usually mean that the website shouldn’t be trusted. Legitimate websites have dedicated teams who put a lot of time and effort into polishing their content.

• Check the “Contact Us” page. A registered company will typically provide its place of business and contact details. If the only way to get in touch regarding refunds or delivery problems is via email, you should probably steer clear of such a website.

• Do your research. Look up online reviews about the company across a variety of sources – but take them with a pinch of salt. If they’re all new, written in the same tone, or sound too good to be true, they might be falsified – and that’s reason enough to become suspicious.

3. A delivery issue with your purchase

Beware of follow-up emails and text messages you receive after you’ve made online purchases. These days, scammers send notifications pretending to be from UPS, FedEx, or even online stores such as Amazon or Shein, claiming that they can’t deliver your parcel for one reason or another.

A fake delivery message might read something like this:

“We’re sorry, but your package couldn’t be shipped. Please click the link to rearrange delivery or update your method of payment.”

Like spoofed websites, scam delivery messages also often contain bad grammar, so keep your eye on that. Don’t click any unfamiliar links. If you’re having goods shipped from abroad, be wary of messages telling you to pay extra customs fees. Pause for a moment and check the delivery status on the website where you placed your order. Also, check whether custom fees were included in the delivery price.

4. Free Black Friday gift cards

Another common scam involves a notification that you won a gift card from a big retailer like Walmart. All you need to do to claim it is text back a random code or click a URL.

In reality, this is how scammers can collect your details and infect your device with malware. The scam might then be sent to all of the contacts in your address book. Simply avoid clicking any suspicious links and don’t interact with the notifications.

5. Phishing scams

In a phishing attack, the victim receives an email or a text message with bait, like a deal that is too tempting to pass up on or information you have to act upon immediately. The purpose of such bait is to lure you into a spoofed website and for you to provide your sensitive data, like your login credentials or payment details.

If you take the phisher’s bait and accidentally reveal your password, the scammers can use this stolen personal information to create fake online profiles, take out loans, ruin your credit score, or even steal your identity.

6. “Money-saving” browser extensions

What’s something people love as much as a good deal? Convenience. Combine the two and you’ll get browser extensions built to find the best deals on numerous e-commerce sites. However, extensions can also be used for more nefarious purposes, like gathering all your browser data.

Before you install a new extension in your browser, do some digging. Check if the developer is reliable – do they have any other extensions, what are the ratings, what do the reviews say? If anything seems suspicious, it’s best not to install the extension. Many browsers and extension catalogs will let you report such extensions as performing illegal activities or actively harming your device.

What to do if you were scammed

If you’ve been scammed, don’t panic. It’s not too late to protect your accounts and money. Here’s what you can do:

• Check your bank statement. If nothing has happened yet but you think that your details might have been stolen, regularly check your bank statements for any suspicious purchases, no matter how small. Then move to the next step.

• Notify your bank. Get in touch with your bank immediately if you have seen a suspicious charge or paid for a good or service and realize it’s a scam. Your bank will be able to tell you whether the suspicious transaction was fraudulent (or whether you just forgot about it) and in some cases can stop or revert the transaction.

• Freeze your card. While you are in contact with your bank, request for your card to be frozen. Some top-up card providers make this solution easy; you can freeze your card in-app. That way, even if someone has acquired your card details, they won’t be able to use it.

• Notify the seller. It’s a common scamming practice to use well-known brands to lure people into traps. If this happens to you, contact the official seller and inform its customer service that someone is using the brand’s name. The brand can make an official statement, inform its customers directly, and take further security precautions to prevent other people from falling prey.

• Learn more about cybersecurity. Once all the steps above are completed, all that is left to do is make sure that you don’t fall prey again. The best way to do so is to learn how to recognize and avoid such scams.

Eight easy ways to avoid a scam

Even when you know how to spot a scam, accidents can happen. So to mitigate the risks further, here are some proactive steps you can take to keep your money and data safe:

1. Try alternative payments

Avoid using bank details that are directly tied to your lifelong savings or your wage. Use alternatives such as:

• Apple Pay or Google Pay. These methods use a combination of biometrics and other digital safeguards, such as 2FA or TOTP, to secure your details.

• Credit cards offer consumer protection in case you need to claim your money back.

• Virtual cards can be issued for a one-time purchase or purely for online shopping with a spending limit imposed to prevent scammers from draining your funds.

If you use alternative payment methods and your data ends up in the wrong hands, the damage will be minimal. These payment methods usually don’t create access to huge amounts of money and can be frozen fairly quickly, meaning that your savings will be unaffected.

2. Protect your data with a VPN

If you’re shopping on public Wi-Fi, it’s advisable to do so with a VPN. You never know who’s “reading” the online traffic, and it’s really easy for bad actors to do so over an unprotected Wi-Fi connection. A VPN encrypts and hides the data you transmit over the internet, so cybercriminals can’t steal a thing. NordVPN can help you reinforce your security on all your devices with Meshnet and Double VPN.

3. Create complex passwords

Setting passwords for a number of online shops can seem arduous and often leads to people using the same easy-to-remember passwords everywhere. However, if the passwords are easy for you to remember, they are often just as easy to crack. And since e-commerce sites have access to your name, address, and payment details, they’re a goldmine for hackers.

Make sure you use strong passwords that contain at least 12 characters and include numbers, upper- and lowercase letters, spaces, and special characters, such as .,! @ # ? ];. Don’t worry – you don’t need to do it all on your own. The NordPass Password Generator can help you create complex passwords in a matter of seconds.

4. Keep track of your spending

Keep a close eye on your online accounts and credit card reports, and make sure you see no inconsistencies following the big shopping season. Be on the lookout for suspicious purchases, especially minor ones, because scammers tend to start small before going all in. If you spot any suspicious activity, inform your bank or credit card provider immediately.

5. Choose apps with caution

Inspect the name, description, and icon of an app you are about to download. Fraudulent apps can’t use the same name as the real app they want to disguise themselves as, so they’ll replace o’s with 0’s or change the name very slightly – for example, they can replace SwiftKey with SwiftKeyboard or WhatsApp with Update WhatsApp.

If you see the same icon in the app store more than once, be alarmed. A fraudulent app cares little for copyright laws, and not all app stores vet the catalog thoroughly. Unfortunately, it’s up to you to choose a verified app. Take a look at the developer and the number of downloads – if the numbers seem suspiciously low, steer clear of the app.

6. Stay rational

Most scams are designed to use your emotions against you. Read carefully through the sudden notification or email you’ve received. Is it trying to instill a sense of urgency, greed, or fear? These are indications that the deal or the message you’ve just received is trying to trick you into handing over your sensitive details ASAP.

Refrain from clicking on links, downloading files, or entering personal details. If you’re told that your delivery is suspended, contact the seller or the delivery company directly to confirm its status. Check the social media accounts of the stores and see whether the promotion is public and active. If everything aligns, perfect – take advantage of the deal. If not, it’s better to stay away from it.

7. Check for new scams

Scammers are a creative bunch. As such, the average person may find it difficult to keep track of all the new scams that emerge every season. One way to keep up to date is to simply use Google search.

Try running a search with these keywords:

• Company name + scam (“Amazon scam”)
• Product name + scam (“new iPhone scam”)
• New method + scam (“delivery SMS scam”)

You can also check forums or recent discussions on Reddit to see if anyone’s had experiences with recent scamming attempts.

8. Use a password manager

Password managers are tools that store your complex passwords, help you generate new ones, and protect them from intruders. Additionally, they can also make your online shopping experience a breeze.

Password managers like NordPass can store your payment and delivery details, which you can then fill automatically anytime you shop online. You don’t need to cancel the purchase just because you can’t find your wallet – just log in to your NordPass account, and Autofill will do the rest.

Frequently asked questions

What are some of the red flags to watch out for?

• Suspicious URLs and website design. Never open URLs that you don’t know and check if the domain is legitimate. Furthermore, while it’s possible the site you’re visiting has rebranded, if anything is giving off uncanny valley vibes – say, the fonts, color schemes, or the layout – it’s probably better to double-check.
• Too good to be true offers. Always check with the official retailer’s site and social media to see the deals they’re running. If there’s no mention of the offer you received, it might be a scam attempt.
• Unsolicited emails and messages. If you’re not subscribed to the store’s newsletter, you probably shouldn’t be receiving emails from them. Check for suspicious sender email addresses and don’t click on any links.
• Poor grammar and spelling. Delivering quality is key to maintaining a good brand image, so online stores don’t want their sites to be riddled with typos.
• Pressure tactics. Some online shops offer limited-time deals and include countdowns in their promotional emails. However, if you’re being coerced into buying something or dealing with your order delivery immediately, you’re probably being pressured into revealing your personal details.

Is it safe to click on ads promoting Black Friday and Cyber Monday deals?

Sometimes, but not always. If you see an ad on social media from a verified account and the information corresponds with the deals on the official website, you can go ahead and shop away. However, if the URLs seem suspicious and the domains are slightly different from the official website, it’s best not to click them.

Are mobile shopping apps safe to use during Black Friday and Cyber Monday?

If you download a shopping app from the official retailer, it’s perfectly fine to use it. However, be cautious with random downloads on the app store. Always cross-check the developer to see if it’s really the official app and check the reviews on the app store and elsewhere on the internet.

Keep a cool head this season

Who doesn’t love a good bargain, especially during the busiest shopping season of the year? It can be easy to be swept away by the maelstrom of discounts and deals. Now you’re fully equipped to identify and avoid the most common Black Friday and Cyber Monday scams.

So, shop until you drop – just remember to always double-check the merchant and what they are offering. Keep a cool head before pressing the “buy” button because, as the old adage goes, if it is too good to be true, it probably is.

If you’re looking for ways to stay safe this Black Friday and Cyber Monday, consider the NordPass password manager. NordPass uses encryption to protect your login credentials, credit card details, home address, and more. Create new secure passwords for all your favorite shopping platforms and keep them safely encrypted with NordPass. Enjoy all the best deals of the shopping season – without compromising your security.

“Data leak jeopardizes more than 150 million users.” “Hacker leaks 33 million usernames and passwords.” Sound familiar? As security technology advances and becomes more sophisticated, companies struggle to keep up with the latest requirements. Hardly a day goes by without news about a new data leak or a breach. Let’s find out how they differ and how to prevent your company’s data from leaking.

First, what is data leakage? In short, it’s a security incident where private information becomes available to unauthorized parties. People may steal, accidentally transfer, or willingly give it away. Leaked data can be digital (electronic files) or physical (documents, letters, pictures, devices). However, data leaks are not the same thing as data breaches.

Data breach vs. data leak: What’s the difference?

While you might sometimes see these terms used interchangeably, conflating them isn’t wholly accurate. Both carry the same consequence – unauthorized data exposure. The difference lies in the cause.

Data leaks typically happen due to poor security measures or someone’s accidental actions. In most cases, cyber leaks aren’t meant to be malicious, and human error is at fault. Security researchers from vpnMentor have been exploring open databases for years. One of their most significant findings was in 2020 – they discovered that the Key Ring app had used a misconfigured Amazon S3 bucket to store 44 million records, including people’s IDs, insurance information, driver’s licenses, and credit cards. Even if no malicious actors noticed it before them and the company took care to close the database, it still counts as a data leak.

On the other hand, data breaches are deliberate. A data breach occurs when a cybercriminal attacks a company or a database and manages to obtain secret and sensitive information. Common tactics used during data breaches include DDoS attacks, malware, and social engineering that can break the company’s defenses. The outcomes of data breaches and leaks are similar, but leaks lack the malicious intent of breaches.

Types of data leaks

If you want to spot data leaks quickly, you need to recognize the different incidents and strategies that may be causing them.

• Human error

  An unintentional leak can be caused by something as trivial as sending a confidential email to the wrong address. Leaving a database with your customers’ data publicly accessible or losing a device with access to the information are also considered accidental data leaks. However, the consequences depend on who got the email or found the loophole allowing them to access the database. Some might delete it while others might get sneaky ideas.

• Scams and system breaches

  Sometimes, people look for vulnerabilities in your security, like out-of-data software or system bugs, to prove that they exist. They will not attack you openly. Instead, they look for loopholes to access information that’s not supposed to be accessible from the outside. Others might employ social engineering tactics to create the perfect environment for a data leak.

• Intentional data leak

  Although data leaks often aren’t malicious, they may still be deliberately instigated. A situation can result from an employee who accesses the company’s secrets or users’ records to resell for financial gain. It might also be a whistleblower who has moral objections to what they witness in their company and uses the leaked information for exposition. Either way, they know what they are doing and usually try to remain anonymous as they work from the inside.

What type of data is at risk?

Data leaks are a disaster for the victims and a golden opportunity for cybercrooks, who usually look for impacted sensitive information to make a sizable profit. They go after identifiable information such as names, addresses, social security numbers, and credit card details. Such data can then be used for identity theft and money laundering. Stolen login credentials are often packaged into password leak databases and sold on the dark web.

When bad actors look to hurt a specific business, the information they go after might expand beyond personally identifiable data. For instance, they may target sensitive company information like internal communications or strategic plans. Trade secrets and intellectual property, such as proprietary code and software, can also be on the radar.

Today, data is paramount. With the increasing frequency of cyberattacks, businesses have to take serious steps to ensure the ironclad security of their data.

How is the leaked data used?

Once hackers have their hands on leaked or stolen data, they can exploit it for their goals. Here are a few ways exposed data can be used for nefarious purposes.

Social engineering

Leaked data often includes identifiable information like names, passwords, and email addresses. Hackers can use that information in social engineering attacks. Phishing is an attack during which hackers send out fake emails that impersonate a reputable source to get the potential victim to download a malicious attachment or click on a dangerous link. Without password leaks, hackers would be less successful in targeting and carrying out their attacks.

Doxing

Doxing, or doxxing, is the act of exposing identifiable information, such as a person’s name, home address, and phone number, with malicious intent. After acquiring leaked data, hackers usually have more information than they need to dox a person. Doxing is often targeted against a specific person or group of people and has historically been used in harassment campaigns.

Slowdown or disruption of business operations

A data leak can have a tremendously negative impact on the affected organization. According to the National Cyber Security Alliance, an astounding 60% of companies go out of business within six months after falling victim to a data leak.

Real-world examples of data leaks and breaches

Data leaks and breaches are more common than ever, and experts believe that the frequency of such cyber incidents will only rise in the future. Here are a few major incidents that had companies around the world on their toes – some carrying graver consequences than others:

• ChatGPT

  In March 2023, a bug was discovered in OpenAI’s chatbot ChatGPT, leading to the leak of customer data, including their names, chat titles, and limited credit card details. The team emphasized that full credit card numbers were not exposed, and the leaked data was limited to the last four digits of the credit card numbers, as well as the expiration dates. The platform was temporarily taken offline to fix the bug.

• Credit Suisse

  In February 2022, a whistleblower initiated a data leak to expose a number of high-profile criminals who were employing the services of the Swiss bank Credit Suisse. The scope of the leak affected over 18,000 accounts. The exposed data was shared with the German newspaper Süddeutsche Zeitung, which published an exposé on the Swiss banking system.

• Twitch

  In October 2021, the live-streaming platform Twitch revealed it had experienced a massive data breach. The breach exposed over 100 GB of sensitive data, including the streamers’ names, addresses, email addresses, and earnings.

• Facebook

  On April 3, 2021, a security expert discovered a massive data leak that affected 533 million Facebook users. Overall, the leak produced 2,837,793,637 data points. On average, hackers exposed at least five types of data per user, including phone numbers, full names, dates of birth, Facebook IDs, email addresses, and user bios.

• Experian

  In February 2021, reports came out about the most significant data breach in Brazil’s history, which exposed the sensitive information of more than 200 million people and 40 million companies. The culprit was suspected to be Serasa Experian, a company providing information and data services. The exposed data included personally identifiable information like dates of birth, full names, addresses, headshots, credit scores, income, and other financial data.

How to prevent data leaks and breaches

To minimize the risk of a data leak, you must establish security practices and procedures in your company. Remember that you can’t always control every single thing security-wise. You can never know if or when you might become a target. However, taking a few preventive measures will give you peace of mind.

• Control your data

  You should always keep backups of your data – that said, don’t store unnecessary copies. Keeping your sensitive information in one secure database instead of multiple terminals will reduce the chances of it leaking. Knowing and controlling who has access to what information is also essential. Employees should only be allowed to access the data they need for their work. This way, you can avoid accidents and intentional leaks.

• Place restrictions on your employees’ emails

  You can set up Google Drive to notify your employees whenever they attempt to share the company’s files with an outside party. Also, set up spam and phishing filters to cut the risk of successful social engineering attacks.

• Train your employees

  A basic understanding of potential cybersecurity risks is essential for everyone in your company, especially those handling sensitive data. Receptionists and head analysts alike should be aware of social engineering attacks, malware types, and internal security requirements. If they know and understand how much damage a data leak would do to the company, they will act more carefully.

• Establish strong security measures in your company

  Use firewalls to protect your network and restrict specific traffic. Ensure you’re safe from malware, like ransomware, spyware, or keyloggers. Use a VPN with robust encryption to ensure secure connections, especially if your employees often travel or work from home. Ensure they use strong passwords and enable two-factor authentication for their most sensitive accounts. Encourage using a password generator to create complex passwords, storing them safely in an encrypted vault and updating them frequently to avoid password leaks.

• Prepare for the worst

  No one wants to go through the worst-case scenario, but accidents can happen. Therefore, it’s a good idea to set up a response and damage control plan in case of a data leak. If you suffer a cyberattack, every minute is precious, and being able to act fast could save you a lot of money – and customers’ trust – in the long run.

• Establish proper cloud storage security

  Ensuring the security of data stored in the cloud is imperative. Without appropriate security measures, sensitive information can be exposed and stolen. Take your time configuring your cloud storage following the best security practices, and if necessary, adopt additional tools to protect your cloud storage.

• Evaluate and monitor third-party risks

  Even if you can ensure complete security within your organization, remember that your data can be exposed via third parties such as your partners and vendors. Supply chain attacks are on the rise, and businesses need to evaluate their partnerships with third parties security-wise to minimize the risk of falling victim to data leaks.

Data leak prevention practices

First, find out what kind of data was leaked. Account names, email addresses, and passwords often end up in data leaks. If your account was affected, change the password as soon as possible. If you use the same password anywhere else, you must change it over there, too. If you don’t, you will be susceptible to a credential-stuffing attack, and all your online accounts will be at risk. If your credit card or banking details were affected, contact your bank immediately and block your cards.

If your business experiences a data leak, swift action is vital. Make sure to contain the leak as soon as you discover it. Immediately start a detailed probe into what exactly happened and why. Inform your customer base about the leak. Disclose all the relevant information: the date and type of the leak, as well as the affected systems and users. Finally, upgrade your organization’s security infrastructure to lower the risk of future cyber incidents.

Bottom line

Data leaks are an ever-growing threat in the digital landscape, and staying ahead is as important as ever. If you’re concerned about the safety of your professional and personal data, you can start taking steps to protect it. The first order of business is setting up your business password manager.

NordPass is a password manager that offers encrypted storage for all your sensitive data, whether that’s your login credentials, address, credit card details, or ID information. In addition to your secure vault, you’ll also access features that help reinforce your data safety, like Password Health, which checks whether your passwords are weak or reused, and the Data Breach Monitor, which alerts you if you’re affected by a password data leak. Stay one step ahead of data leaks and start patching the holes in the ship before your information seeps into the wrong hands.

While you only need one key to lock your apartment door, the digital world is far more complicated. People often have dozens of accounts online – and just as many passwords to protect them with. Since building a password that is equal parts unique and secure can be frustrating, we have prepared some ideas and suggestions for strong passwords to keep you one step ahead of hackers.

What is a good password?

You might think that the answer to this question would be very subjective, but that’s far from the case. In simplest terms, a good password is one that’s difficult to crack. The stronger your password is, the better it works to protect your accounts from hackers and other malicious actors. A strong, reliable password can sometimes take millions of years to crack, which means that the hackers are less likely to even try to gain them.

When you’re thinking of good password ideas, you need to keep the following criteria in mind:

• The password should be at least 12-15 characters long.

• It should use a combination of letters, numbers, and special characters. Spaces are also allowed.

• It should not be a common word, product, character, name, or anything you can easily find in a dictionary.

• It should be a combination that only you know and others could not easily predict. We’ll cover some creative password ideas shortly.

• Each password should be unique and you shouldn’t reuse them for several accounts. If a password you use on several platforms is cracked, that puts all of your accounts at risk.

What is considered a weak password?

Weak passwords consist of sequential letters or numbers, are fewer than eight characters long, or use common words and phrases. The most popular passwords are well-known by malicious actors and are usually what they try first.

According to NordPass’ annual top 200 most common passwords list, “123456” and “password” are the most commonly used and vulnerable passwords. Another example of a weak password would be using the name of a fictional character like “Superman,” “Batman,” or “Joker.”

Examples of bad passwords

Here are some more examples of weak, easy-to-crack passwords:

• 123456789

• abc123

• qwerty

• iloveyou

• hello

• computer

• password123

If you’re wondering whether your passwords might be weak links, check out the list of the top 200 most common passwords. You’ll find even more examples, as well as some fun facts about the most common passwords around the world.

The most common password-cracking techniques

Brute-force attack

During a brute-force attack, a malicious actor uses software that tries every possible combination to find the right one. An eight-character password consisting of upper- and lowercase letters, numbers, and special characters can be cracked in just two hours. Good passwords will take months or even years to break through, depending on their uniqueness and complexity.

Dictionary attack

While brute-force attacks try various combinations of special characters, numbers, and letters, a dictionary attack uses a program that goes through a prearranged list of words. Essentially, if your password can be found in a dictionary, specialized software can easily crack it.

Phishing

Phishing is a social engineering method to trick people into revealing their credentials. Phishing attacks often use email services as a medium: hackers send emails pretending to be reputable sources and refer users to fake login pages. A user then inputs their login credentials themselves and inadvertently grants this information to the hackers.

Credential stuffing

Credential stuffing is a popular method for hackers to gain access by collecting usernames and passwords used in previous attacks and trying them on other platforms. This method often proves successful because people tend to reuse the same password for all their accounts.

Keylogging

Keylogging involves a specific type of malware, known as keylogger, infecting the victim’s device. The keylogger can then track the user’s keystrokes and device activity, depending on the software and the device. This can include copied and pasted data, phone calls, location, and screenshots. Using this information, hackers can easily access passwords and other sensitive information, allowing them to launch further attacks on the individual or data from their place of work.

How to create a strong password

• The longer your password is, the better. Many websites ask you to create eight-character passwords, but we recommend going for at least 15 characters.

• Avoid ties to your personal information, such as your name, surname, address, or date of birth.

• Use a combination of numbers, symbols, and upper- and lowercase letters in random order.

• Don’t use sequential letters and numbers.

• Avoid substitution: “kangaroo” and “k@ng@r00” are both equally weak passwords, and a brute-force attack can easily crack them.

• Don’t reuse the same password for multiple accounts.

With our free password security tool, you can check your password strength and if it has been exposed in any data breaches. You can also try the Password Health feature with NordPass Premium. It scans all passwords that you’ve saved in your Vault and checks for vulnerabilities.

Top 5 strong password ideas

Coming up with a strong and unique password can be a challenge. To make this process easier for you, we’ve gathered some examples that will help protect your data and accounts from being breached and taken over. We’ve also included some formulas and passphrase examples that you can try yourself. However, we highly recommend you don’t use the example passwords for your accounts.

1. Shorten each word

Think of a phrase and remove the first three letters of each word (in some cases, that might mean deleting full words, but that’s fine):

“Laptop running free in the jungle” -> “top ning e gle”

Sounds like gibberish? That’s exactly what we want. Just don’t forget to add special characters and numbers to make it more complicated. It would take 94,000 years to crack this password.

2. Create your own formula

Create a formula that will help you remember the password. For example, you can take a phrase and replace every letter with the next one in the alphabet:

“Cucumbers are tasty” -> “dvdvncfst bsf ubtuz”

Another clever way of creating strong passwords is to turn song lyrics into acronyms. This means using only the first letter of each line of your favorite song.

So, “Shine on you crazy diamond” by Pink Floyd becomes “rsnsybccystswrcc.”

The time needed to crack this password is 746 million years.

3. Play with the vowels

This one is much easier to implement and memorize: take a random nonsensical phrase and replace one vowel with another (for example, “a” with “e”):

“A car is floating in a pan” -> “e cer is floeting in e pen”

Don’t forget – spaces are allowed in passwords, and we highly encourage you to use them. The combination of having spaces and switching the vowels around means the above password would take 583 million trillion years to crack.

4. Mix the codes of your favorite countries

This one is quite fun and easy to memorize. You will always generate good passwords with this method. Simply make a list of the ISO codes of your favorite countries and put them together:

“Mexico, Ireland, France, Germany, Japan” -> “mex irl fra deu jpn”

You wouldn’t think so, but a hacker would require a staggering six thousand trillion years to crack this password!

If you want to spice things up and make them even more difficult to crack, you can also add each country’s calling code:

“mex54 irl353 fra33 deu49 jpn81”

Such a password would take 12 decillion years years to crack. How impressive is that?

5. Use a password manager

If creating and remembering random phrases for all your accounts seems too complicated, you can use a password manager, such as NordPass. It’s an easy-to-use app that lets you generate strong, unique passwords and securely store them in an encrypted Vault. You can also easily use NordPass to autofill online forms and fields.

You can add as many passwords as you need and access them from any device. This way, you can get the best of both worlds by combining your creative password ideas with one-of-a-kind secure ones created by the password manager for each account without the risk of forgetting them. You can use a special code and get an additional month of NordPass Premium for free when you purchase a two-year plan.

Additional tips

Here are some more tips to keep in mind when you’re looking for good password ideas:

• In order to protect your data, remember that passwords must be difficult to predict. Including special characters and spaces increases the time it takes for your password to be cracked.

• Take your phone security into consideration. According to research, pattern locks are successfully replicated around 64% of the time. Instead, set up a PIN or use our guide to generate some strong phone password ideas.

• Don’t forget to implement new password ideas for work. Don’t reuse your personal passwords because if they ever get breached, your work accounts could be in danger, too.

• Always use multi-factor authentication (MFA). Even if your password is definitively strong, accidents can happen and your first line of defense might be breached. Using MFA means that no one can access your accounts without accessing your authentication device. NordPass uses multi-factor authentication to add an additional layer of security to your password vault.