One of my friends recently had their email compromised and all of their contacts got a ‘begging’ mail for funds. Hackers wanted the email contacts and caused distress which required immediate action to protect data, restore security and reputation.
Why do hackers go for your email accounts?
At the beginning you are probably not the target.
Hackers send many thousands of emails to addresses generated by a robot or found on the web. The targeting comes when they get a response.
What are the most targeting methods?
Answering an email confirms the email account is valid and can open the way to download malware to access it.
Hacking emails are framed to get you to respond to an email asking for help, offering services or getting you to log into a dummy site with a malicious link, an attachment or a weblink button.
A particularly clever trick is to invite you to unsubscribe in an email which links your account which is then compromised.
Opening links can download malware into your machine, search for data or access key maintenance tools – email programs, remote access tools etc.
A hacker who has accessed your email account, can read your mail, and go to sites where you login and reset the password using the forgot password link.
Watch this short video from the National Cyber Security Centre.
OK I’ve got a strong password, how else can I protect myself?
There is no way of being completely safe and accidents will happen. But here are some more tips to minimise the risk of a slip up.
Hackers want your email address so have more than one! For example, keep one email account and one payment card just for online shopping.
On all your accounts, don’t click on attachments or email links you don’t recognise and always:
- Hover over the link to check the web address and ensure that it looks valid before clicking. Sometimes this will reveal an obvious fraud but be careful sometimes part of the address is recognisable but the second half is not correct.
- Avoid the short-cuts on emails: Don’t use the link. Go to the website direct by typing the address in the browser rather than clicking the live link in the email.
AND NEVER use a site that is not ‘https’ or displays a padlock in the address bar of your browser.
What to look out for to check if you have been hacked?
- Have you noticed unexpected activity from and on your account?
- Have you received a notification stating that your account information has changed, and you didn’t change it? Or,
- Noticed your password is no longer working?
- You get an email prompting to you to reset an email, or other password, or enter personal details to access an account?
- Friends say they have received emails from you which you didn’t send.
If any of these things happen, you should warn your contacts and:
- Access your email services through a web server and change any passwords, DO NOT use the same username and password across accounts.
- Go to online accounts, like social media, that use the compromised email address and change the username and/or reset the passwords on those accounts as well – especially finance accounts!
Always use a strong password.
Good Luck – keep safe and watch out for our next blog on protecting your personal or business resilience.