In recent times there has been the growth and prominence of mobile messengers and chat apps. Despite this, e-mail has not lost its centrality as the crux of daily online life. In 2019, the number of global e-mail users amounted to 3.9 billion and is set to grow to 4.48 billion users in 2024. Even in Nigeria, there is a high usage of e-mail due to the proliferation of android mobile phones which require the use of a Gmail account to access its services.
Unfortunately, most users of email are oblivious to the security issues associated with the use of an email account. Some erroneously believe that since they are not high net worth individuals or work for important organizations, they are not a target for an email account takeover.
We would like to dissociate your mind if you’re amongst those who believe there’s not much value in an email account by showing you six ways cybercriminals can make use of your hacked email account.
Registered Online Services
A common means to register for a service online is to provide an email address. Hence all a cybercriminal needs to do once in control of your email is to search through it for important registered services, visit the website and click the forgot password option. This will send an email with a link to change the password of the service. Just imagine the number of services you have registered for using your email and imagine the havoc a cybercriminal can wreak with this process.
Social Media Accounts
Social networking is now a major part of our everyday life. We tweet, post on Facebook, Instagram, and other social media sites, and these are now routine for millions of people in our world today. One thing these have in common is that they all link back to an email account. Not only records of the posts, but the password authentication request.
A compromised email account used for social media can give a hacker more personal data about your real-time whereabouts, messages, pictures, videos, and contact lists. Using the chat application, the hacker can send specially crafted malicious messages impersonating you to your friends and family.
Bank Account
Most banks request an email address during the account opening process. Such emails are used to send statement of account and other information from the bank. If the email you use for receiving information from your bank was to be hacked then vital information regarding your finance can be harvested. If an Accountant or anyone in a financial position have their emails compromised, it can dish a big blow to a company, as the malicious attacker can recreate (impersonate) emails to financial institutions that can lead to financial losses.
Forwarded Work Email & Docs
Business emails are a treasure trove of information. They typically contain work-related documents in excel, pdf, and doc formats. Sensitive emails could contain payment requests and schedules with vendors, leading to the risk of business email compromise should an attacker gain access. Also, various surveys have shown that employees do forward business files to either a personal email account or a cloud account. If you’re in a habit of doing this you could expose sensitive company files when your emails get hacked.
Google Doc, Drive, and Dropbox
Some email services usually come with their own cloud storage or app, while most cloud storage vendors require an email to use their service. Services like Dropbox, iCloud, and Google Drive back up automatically and can contain photos, files, videos, and documents. If two-factor authentication is not deployed, a hacker with access to your email may also be able to compromise your cloud storage, and this mostly leads to blackmailing and extortion.
Calendar, Phone number, and E-mails
Gmail provides a calendar in which you can put your appointments and a phone book where you can back up your phone contacts. If your email is compromised, all these will be available to the hacker. With details including your name, address, calendar appointments, and invoices a hacker will be able to easily craft an email that you – or your family/friends – may not realize is a scam. Using your personal information as a foundation, creating convincing emails will be easy, hence, you become a victim of targeted phishing also known as spear phishing.
How to Protect your Email Accounts
- Check sender, check URLs and never click on suspicious links. Always look closely at the URLs or web address before clicking.
- Enable Two-Factor authentication for all your email accounts to add an extra layer of security.
- It is not advisable to use one email address for all your online presence, hence, use a different email address for your social media and online registrations.
- Ensure you use a password manager which can provide a strong and unique password.
- Be careful how your devices automatically back up to the cloud.
Contributors:
Obanla Hassanat Kehinde
Olu-Akinyemi Emmanuel
Ajayi Opeyemi John