We are updating our website
So that we can direct you to the right page,
please select your product from the list below.
Are you unknowingly handing cybercriminals the keys to your online life?
Since the beginning of 2024, a surge in account take-overs and fraudulent online orders has plagued Australian and New Zealand online businesses and retailers like The Iconic, Bunnings and many others. While news outlets often cite ‘credential stuffing’ as the cause, many underestimate the alarming simplicity of this type of cyber-attack.
Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of email addresses and the corresponding passwords.
Let's break down this alarming trend and how to protect yourself.
Credential stuffing doesn't involve sophisticated hacking at all. It's shockingly simple.
Criminals know that many people reuse the same passwords across multiple services or websites. When your password for one site gets leaked in a data breach, it could potentially unlock all your other accounts that use the same password.
Massive lists of stolen usernames and passwords are bought and sold on the dark web for just a few dollars. Each list comes from previous data breaches, meaning your details might already be out there without you even knowing.
A very recent example of the ease in which hackers can obtain and share large data sets of stolen credentials is from Australia Day 2024, where a Russian hacker posted on a popular Dark Web hacking forum that they had the details of a whopping 25 million Australians for sale:
“Australia consumer optimised 25 million leads” the post said.
The list included legitimate emails addresses and passwords. Almost every email address in the list has been shared online multiple times as part of multiple previous breaches and datasets. Unfortunately, your details could already be out there in one of those batches without you knowing it. But don't worry - we'll explain what you can do to protect yourself.
Imagine one re-used password giving criminals access to your email, banking, financial accounts, social media and more. It's not just about fraudulent purchases; you could face full-blown identity theft. This kind of situation can be very traumatic and can take a long time to resolve and recover from.
Protect yourself and your family – solutions you can use
Don't wait until it's too late. Strengthen your online security today to limit the opportunity for scammers to take advantage of you.
Any advice on this website is provided by Resolution Life Australasia Limited ABN 84 079 300 379, AFSL No. 233671 (Resolution Life), and is general advice and does not take into account your objectives, financial situation or needs. Before acting on this advice, you should consider the appropriateness of the advice having regard to your objectives, financial situation and needs, as well as the relevant product disclosure statement and/or policy document, available from Resolution Life at resolutionlife.com.au or by calling 133 731, before making a decision on whether to acquire, or continue to hold, the product.
The Target Market Determinations (TMDs) for our financial products (where applicable) can be found at Target Market Determinations (TMDs). The TMDs describe the key features and attributes of an applicable product that affect whether it is likely to be consistent with the objectives, financial situation and needs of consumers in the target market.
Resolution Life is part of the Resolution Life Group and can be contacted via contact us or by calling the phone number mentioned above.