We are updating our website
So that we can direct you to the right page,
please select your product from the list below.
Are you unknowingly handing cybercriminals the keys to your online life?
Since the beginning of 2024, a surge in account take-overs and fraudulent online orders has plagued Australian and New Zealand online businesses and retailers like The Iconic, Bunnings and many others. While news outlets often cite ‘credential stuffing’ as the cause, many underestimate the alarming simplicity of this type of cyber-attack.
Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of email addresses and the corresponding passwords.
Let's break down this alarming trend and how to protect yourself.
Credential stuffing doesn't involve sophisticated hacking at all. It's shockingly simple.
Criminals know that many people reuse the same passwords across multiple services or websites. When your password for one site gets leaked in a data breach, it could potentially unlock all your other accounts that use the same password.
Massive lists of stolen usernames and passwords are bought and sold on the dark web for just a few dollars. Each list comes from previous data breaches, meaning your details might already be out there without you even knowing.
A very recent example of the ease in which hackers can obtain and share large data sets of stolen credentials is from Australia Day 2024, where a Russian hacker posted on a popular Dark Web hacking forum that they had the details of a whopping 25 million Australians for sale:
“Australia consumer optimised 25 million leads” the post said.
The list included legitimate emails addresses and passwords. Almost every email address in the list has been shared online multiple times as part of multiple previous breaches and datasets. Unfortunately, your details could already be out there in one of those batches without you knowing it. But don't worry - we'll explain what you can do to protect yourself.
Imagine one re-used password giving criminals access to your email, banking, financial accounts, social media and more. It's not just about fraudulent purchases; you could face full-blown identity theft. This kind of situation can be very traumatic and can take a long time to resolve and recover from.
Protect yourself and your family – solutions you can use
Don't wait until it's too late. Strengthen your online security today to limit the opportunity for scammers to take advantage of you.
Any advice and information on this website is general in nature and is provided by Resolution Life Australasia Limited ABN 84 079 300 379, AFSL No. 233671 (Resolution Life), which is part of the Resolution Life Group. Resolution Life can be contacted via the Contact us page. The advice does not take into account your personal objectives, financial situation or needs. Therefore, before acting on the advice, you should consider the appropriateness of the advice, having regard to those matters as well as the relevant Product Disclosure Statement (PDS) or Policy Document, available here or via the Contact us page. Before making a decision about the product, consider speaking to a financial adviser if you have any concerns.
If you decide to purchase or vary a financial product, Resolution Life and/or other companies within the Resolution Life Group will receive fees and other benefits, which will be a dollar amount or a percentage of either the premium they pay or the value of their investments. You can ask us for more details.
These products are not issued by the AIA Group. The AIA Group has sold to the Resolution Life Group that part of the business that previously provided or administered these products. The Resolution Life Group and its products and services are not affiliated with, or guaranteed by, the AIA Group. The Resolution Life Group uses AIA's trademarks under licence.