Enumeration has become a focal point recently, especially with election season in full swing. However, that is not the kind of enumeration we’re discussing here. We’re talking about the type cybercriminals use to exploit vulnerabilities. During this time of year, the internet typically sees a surge in traffic. Unfortunately, this also means an increase in cyber threats, including enumeration attacks.

What Are Enumeration Attacks?

Enumeration attacks are a type of security breach where attackers exploit weaknesses in a system to systematically guess or uncover sensitive information, such as user accounts, passwords, or other personal details. During the holidays, these attacks are particularly prevalent as cybercriminals take advantage of distracted users, holiday shopping spikes, and the general rush of seasonal online activity.

How Does It Work?

In a typical enumeration attack, an attacker attempts to discover valid usernames, email addresses, or other identifying information within a system by sending multiple requests to a website or server. These requests may involve login attempts, password resets, or other actions where the system responds with clues indicating whether the entered information is valid.

For example, if a system responds differently to an incorrect username vs. an incorrect password, the attacker can use this information to deduce the valid usernames. By repeating this process and analysing the system’s responses, the attacker can potentially create a list of valid user accounts. This can then be followed up with further attacks like identity theft or brute force password cracking, which is like guessing every key to open a lock until one works.

How to Guard Against Enumeration Attacks

There are several proactive steps you can take to minimise the risk of enumeration attacks this festive season and beyond.

1. Use Strong, Unique Passwords – Remember, the first line of defence against any type of attack is a strong password. Ensure you have strong passwords that are a mix of uppercase and lowercase letters, numbers, and special characters. Ideally, each account you have should have its own unique password.
2. Enable Multi-Factor Authentication (MFA) – Whenever possible, enable multi-factor authentication (MFA), which makes your accounts much harder for hackers to break into. It adds an extra layer of security by requiring more than just your password to log in. For example, after entering your password, you might need to enter a code sent to your phone or verify your identity with a fingerprint. Many popular websites and services, including email providers, social media, and online shopping sites, offer MFA.
3. Avoid Using Public Wi-Fi for Sensitive Transactions – When shopping online or entering sensitive information, avoid using public Wi-Fi networks, such as those in restaurants, parks and airports, which are often unsecured. If you must, use a Virtual Private Network (VPN) to encrypt your internet connection, making it harder for cybercriminals to access your data.
4. Monitor Your Accounts Regularly – Frequently check your bank, email, and online shopping accounts for any suspicious activity. Set up alerts to help you spot unauthorised access early and look out for unusual login attempts or changes in personal details, like your email and telephone contact. If you spot anything suspicious, take action to report it and change your password immediately.
5. Be Cautious with Account Recovery Options – Many systems allow you to reset your password using “Forgot password?” features. While these can be handy, they can also be exploited by attackers if they can guess your answers to security questions. Choose recovery questions and answers that are hard to guess. Avoid using easily available information such as your mother’s maiden name, your pet’s name, or your birthday.
6. Keep Software and Devices Updated – Ensure devices you use for online shopping or banking are up to date with the latest software updates and security patches. Many attacks exploit known vulnerabilities in outdated software, so regular updates can protect you from these threats.
7. Beware of Phishing Attempts – Be cautious of unsolicited emails or messages that ask for your personal information or direct you to a login page. Always double-check the sender’s email address and avoid clicking on links in messages from unknown sources.
8. Avoid Over-sharing on Social Media – Enumeration attacks can be made easier if attackers gather information from your social profiles. Limit what you share publicly and be careful about how much personal information you post, especially around the holidays.

Take some time to review and strengthen your security practices today. A little preparation now can ensure your information and accounts remain safe and secure, allowing you to focus on what truly matters, enjoying the holidays!

Safe Banking Tip

Always pay attention to your transaction alerts and bank statements, especially during the busy Christmas season. Failing to act on suspicious notifications right away can lead to serious consequences, so make sure to review alerts promptly to catch any unauthorised transactions early.