Recommendations to reduce credential theft: This digital risk is very common in Latin America

Credential theft is a threat that has been plaguing the world for over a decade. In Latin America, it is growing steadily in tandem with digitalization and the rise in online fraud. Last year alone, more than 2.6 million credentials were compromised in the region, according to a 2025 SOCRadar report.

This material is of educational interest to both advanced and frequent users, as well as basic and occasional users, and we should pay attention to it. It may be useful to archive and preserve it. Keep in mind that all countries and internet users have some degree of vulnerability and are therefore at risk. No one is immune to this risk; we must act preventively to reduce or mitigate it.

ESET, a leading company in proactive threat detection, warns that access to an email account allows attackers to access banking services, corporate platforms, financial information, and even medical records.

The ways cybercriminals obtain user passwords vary in difficulty and technical expertise. ESET categorizes them into three methodologies: those that exploit social engineering techniques, those that use malware, and those that result from an attack on the organization that should be protecting them.

What methodologies do hackers use?

1.Social Engineering Techniques:

This method falsely uses the names of public entities or well-known companies to lower suspicion and increase the effectiveness of attacks. The most common method is sending emails or messaging applications in which the attacker impersonates a legitimate entity to deceive the victim and persuade them to voluntarily hand over their login credentials.

These messages share a common characteristic: they appeal to urgency and simulate a notification of a problem requiring immediate action: account issues, a rejected payment, problems with a reservation, among countless other excuses. They often contain a malicious link to sites that mimic legitimate ones to steal victims’ sensitive data, such as passwords and usernames.

Another form phishing takes is through fake websites that rank highly in search engine results like Google with sponsored ads, because the attacker pays for visibility to impersonate real pages. In these scenarios, even cautious people can be tricked into clicking on a seemingly legitimate result that replicates the visual identity of banks, email platforms, cloud services, or reputable companies.

2.Distribution of specific malware:

Another common way to steal passwords is through the use of malware, which activates once the user’s device has been compromised. In these cases, ESET explains, there is no specific deception or alert message; instead, the theft occurs in the background, often without the victim noticing.

Infostealers, keyloggers, and spyware all share the common characteristic of continuously collecting sensitive information, including passwords stored in browsers, autofill data, application credentials, and active sessions. The impact of these types of malware is not limited to a single account, as the malicious program continues to collect credentials as long as the user uses the infected device, ESET points out.

 

Within this same ecosystem, banking Trojans emerge, specifically targeting login credentials for bank accounts and financial platforms. Through fake windows, they capture data the moment the user enters it. This type of threat, not new to the region, exceeded 650,000 unique detections in 2025, 110,000 of which belonged to a single family: Guildma.

3.Attacks on organizations:

Another significant source of credential theft is incidents where an organization’s databases are exposed due to a weakness or failure in its systems. In the most critical scenarios, leaks include complete credentials, either in plain text or with weak security mechanisms, allowing attackers to reuse them immediately. However, even when passwords are not directly exposed, leaked emails or usernames remain valuable to malicious actors. This information is then used as the basis for credential stuffing or brute-force attacks, exploiting the reuse of passwords across different services.

Once a database is compromised, the information can circulate for years in underground forums and be reused in different contexts and against multiple platforms. In this way, a single breach in one organization ends up amplifying the risk for other companies and for users themselves, even long after the original incident has been fixed.

“There are also brute-force threats. These consist of automatically trying multiple username and password combinations until successful access is achieved, without needing to deceive the user or compromise their device beforehand. They typically rely on lists of common passwords or credentials leaked in previous incidents, taking advantage of password reuse and the lack of additional authentication controls. When exposed services lack mechanisms to limit login attempts or adequate monitoring, this type of attack remains effective, especially against remote access, web applications, and corporate services published on the internet,” comments Martina López, Cybersecurity Researcher at ESET Latin America.

It is advisable to combine and add best practices with preventative measures

Credential theft by cybercriminals can occur through various vectors. The ESET research team maintains that prevention does not depend on taking a single measure, but rather on a combination of practices:

• Use unique and strong passwords for each service, since credential stuffing is common among cyberattackers using credentials that are sold commercially.
• Enable multifactor authentication whenever possible, as this mechanism complements and strengthens the passwords you use.
• Be wary of unexpected messages and avoid downloading files or clicking on suspicious links, as malware and phishing remain the most common ways credentials are stolen.
• Store passwords in password managers and avoid saving them in plain text or on shared devices.
• Keep systems and applications updated to patch any vulnerabilities.
• Review unusual access and activity on your accounts, either by keeping login alerts enabled or by checking the privacy or access settings of your applications.

In the event that a password has already been stolen, ESET emphasizes that reaction time makes the difference between an isolated incident and a major problem. Therefore, they recommend:

• Change the affected passwords and any others where the same credentials were used.
• Close active sessions on the affected account and revoke recent access in services and applications where possible.
• Check for unauthorized changes to accounts and monitor for future changes to messages, settings, payments, and other data.
• Use a security tool on potentially affected devices to remove any malicious code.

“While password theft is not a new problem, it continues to grow and adapt to new technologies, along with our increasingly complex digital lives. In this context, digital literacy and best practices become essential to protect our identity, information, and devices at both the individual and corporate levels. Staying informed is vital to staying ahead of the latest cybersecurity trends,” concludes López from ESET.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventative information, also available in Venezuela at:  https://www.eset.com/ve/, and on their social media channels @eset_ve. Also on Instagram (@esetla) and Facebook (ESET).

Information and images provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram