Has My Email Account Been Hacked? You’re Not the Only One and Here’s Why.
Cybercriminals sent millions of malicious messages from compromised email accounts last year — and that number is expected to rise. Find out how cybercriminals take over email accounts and what businesses can do to protect them.
Email account takeover is on the rise. Cybercriminals sent out 3 million malicious messages from compromised email accounts last year — and that number is expected to rise, according to researchers at Barracuda Networks.
An account takeover occurs when cybercriminals obtain both the username and the password for an online account. A popular target is the email accounts of business executives. “Accounts of CEOs and CFOs are almost twice as likely to be taken over compared to average employees,” said the researchers. “Once they have access, cybercriminals use these high-value accounts to gather intelligence or launch attacks within an organization.” Another popular target is the emails accounts of executive assistants. Hackers know that these employees typically have access to executives’ email accounts and can often send messages out on their behalf.
Here is a look at how cybercriminals hijack and use email accounts, and what businesses can do to protect those accounts.
How Email Accounts Are Hijacked and Used
Cybercriminals obtain email account credentials a variety of ways, including:
- Phishing scams. Cybercriminals often use phishing scams to trick people into revealing their credentials.
- Data breaches. Hackers breach IT systems to get credentials and other stored data.
- Malware. Cybercriminals install malware that enables them to obtain email account credentials and other personal data. For example, they install keyloggers on devices to record victims’ keystrokes, including any entered credentials.
- Wireless network sniffers. Hackers can use wireless network sniffers to obtain the credentials of people who do not utilize a virtual private network (VPN) when using an unsecured public Wi-Fi network, such as a free Wi-Fi network in coffee shop or hotel. Alternatively, hackers might set up a malicious hotspot to steal credentials.
- Dark web. Attackers can purchase compromised credentials being sold by other cybercriminals on the dark web.
- Automated brute-force password-cracking tools. Hackers try a known user ID (e.g., an email address) with numerous possible passwords using automated tools.
- Password spraying. Hackers know that people reuse passwords, so they try a victim’s known password with possible user IDs.
After cybercriminals access an email account using compromised credentials, they often create rules that will hide the messages they plan to send and receive so that the victim does not become suspicious. For example, they might create a rule that forwards or deletes their messages. More than a third of the companies that had compromised email accounts in 2021 indicated that hackers had set up malicious inbox rules to hide their activity, according to Barracuda researchers. On average, two rules were created for each compromised account.
Cybercriminals use the compromised email accounts for many different types of attacks. For example, they might use the account to send out phishing emails or spam. Much worse, they might impersonate the person to whom the account belongs in order to carry out a business email compromise (BEC) scam.
What Businesses Can Do to Protect Their Email Accounts
Since email accounts are popular targets for account takeovers, it is important for companies to protect those accounts. The most important step is to use multi-factor authentication (MFA). Microsoft notes that MFA can block more than 99.9% of account compromise attacks.
With MFA, two or more distinct factors are used to authenticate a user’s identity, according to the National Institute of Standards and Technology (NIST). For example, businesses might implement a two-factor authentication system in which employees need to provide a password as the first credential and a one-time security code as the second credential when logging in. That way, even if cybercriminals obtain an employee’s password through a data breach, a brute-force password-cracking attack, or some other means, they wouldn’t be able to access and hijack the person’s email account.
There are additional security measures that companies can take to further protect email accounts. For example, they can physically secure computers to prevent keyloggers and other malware from being installed on them. Or they can install VPN software on company-provided mobile devices so that employees use a secure connection, even if they access their email accounts on an unsecured public Wi-Fi network. We can recommend further protections as well as help you implement an MFA system.
We hope you found this article informative and helpful for taking steps to protect your email. With WAMS, you can focus on your small to medium sized firm or business without having to worry about your backend IT problems and issues. We’ll help manage and provide IT solutions and best-of-class managed services, so you don’t have to. To get in contact with our team of experts, please email email@example.com or call (800) 421-7151.