Read the text 1 to answer question.

How Scammers Exploit Variations of Your Logins

The first you know about it is when a scammer accesses one of your accounts. You've been careful with your details, but you've made a mistake: recycling part of your password. Reusing the same word, even if altered with numbers or symbols, gives criminals an open door.

An ethical “white hat” hacker named Brandyn Murtagh says information obtained through data breaches on sites such as DropBox and Tumblr and through cyber-attacks has been circulating on the internet for some time. Using this info, criminals try to log into other websites using the exact hacked passwords—a practice called credential stuffing. But in some cases they do not just try the exact passwords from the hacked data: as well as credential stuffing, the fraudsters also attempt to access accounts with derivations of the hacked password. For example, if your password was “Guardian,” they might automatically try “Guardian1” or “Guardian!”. According to Virgin Media O2, four out of five people use the same or similar passwords, making this a major vulnerability.

What the scam looks like. The criminals use scripts – automated sets of instructions for the computer – to go through variations of the passwords in an attempt to access other accounts. This can happen on an industrial scale, says Murtagh. “It's very rare that you are targeted as an individual – you are [usually] in a group of thousands of people that are getting targeted. These processes scale just like they would in business,” he says. You might be alerted by messages saying that you have been trying to change your email address or other details connected to an account.

To protect yourself, Murtagh recommends three key steps:

1. Change variations: Immediately change any passwords that use the same root word, starting with your most important accounts: banking, email, work, and mobile.

2. Use password managers: These tools, often built into web browsers, can suggest and save complex, unique passwords.

3. Enable 2FA/MFA: Two- or multi-factor authentication adds a second login step, making it much harder for a scammer to get in.

Source: https://www.theguardian.com/money/2025/sep/14/password1-scammers-logins-two-step-verification-hackers Accessed on: 09.17.2025 (Adapted)