Have you ever received a suspicious email from someone you know? It’s more common than most of us might imagine. That’s because when a hacker steals their victim’s email account, they use it to create more victims by sending out spam messages to users on the stolen account’s address book. It’s a major invasion of privacy, not to mention dangerous.
These messages frequently contain links to fake or “phishing” websites, which will be designed to resemble real websites but exist solely to either infect visitors with malware or pose as a location for people to “log in,” thereby unwittingly handing over their account info.
Naturally, some of those emails contain good old fashion infected files. As most of us live busy lives, downloading a file sent by a friend isn’t usually something we’d consider suspicious. But that’s exactly where it can start.
So how big is the problem and what can we do about it? Read on to find out.
The Infamous iCloud “Hack” and Phishing
If you recall 2014, you may remember reading about famous celebrities being “hacked” and having hundreds of their nude photos leaked onto the rest of the internet. Apple, apparently, was implicated in the incident because iCloud was where these photos were leaked.
But that’s only the face of the story. In reality, the iCloud “hacks” were actually the result of phishing emails targeted at celebrities. They exclaimed that there was a problem with their account and that they needed to submit their usernames and passwords. Amazingly, it worked.
Once the victims willingly handed over their logins, it was only a matter of time before their private information was exposed. Fortunately, this is one of the easier types of “hacks” to avoid in the email sphere.
Read any email that asks for information carefully: remember that companies never will ask for your username and password via email because they already have it! If you click a link in an email to visit a “login” page, check the URL address at the top of the page. It should be an exact match for the site. Facebook.com isn’t and will never be Facebook.login.com.
This brings up an important point about URLs; the part directly before the .com, .edu, .gov, or .net part is the actual host page. For instance:
- com vs Google.search.com
- google.com vs. google.scholar.com
The first one in each point above is still a part of “google.com,” whereas the second in each point come from an entirely different page. Learn to spot the differences; it can help avoid phishing.
Public WiFi Hacks
Another place people frequently get hacked is while using public, unsecured WiFi connections. They go to check their email and in the meantime, someone else connected to the network is infiltrating their device and stealing information.
The cost can get high quickly; stolen email accounts contain a laundry list of personal information about both the victim and people they know. Emails may contain information about other accounts, names, addresses, and proprietary information in the case of business emails. Considering the cost of identity theft—frequently in the thousands of dollars for individuals, not to mention the damage to credit—prevention is invaluable.
The best way to keep unsafe connections from being a source of hacks is to use a Virtual Private Network (VPN). A VPN is a service that encrypts your connection regardless of the source and allows you to surf the net without concern of your data being taken midstream. It does this by connecting you to a remote server—the medium between you and the rest of the net—so that you’re safe from attack and anonymous to boot.
The difficulty is finding the right provider, as there are many. This VPN review by Secure Thoughts is a good way to get started. In general, it’s best to seek a service that offers unlimited bandwidth and good customer service.
The Enemy Within; Outdated Software
So far, we’ve looked at how email accounts can be lost as a result of phishing attacks and unsafe internet connections, but there’s another vulnerability that puts just as much at risk.
Outdated apps and software present major security risks as vulnerabilities within old versions can be exploited by hackers to get into your systems and accounts. On the bright side, this is also the easiest problem to fix; just install updates! Automatic updates are rarely a bad thing, although you may need to ensure you have the data to spare for them (or just use WiFi with your now VPN secured connection).
The Consequences Are Dire
No matter how an email account ends up compromised—even if it’s because the password was old, reused, or just weak—the results can end up the same. Putting aside the obvious identity theft issues, reputation is another area that a lost email account can really become painful.
Whether the hacked account is your fault or not, it doesn’t change the perception that recipients of your tainted emails may have of you after the fact. Business contacts are less likely to trust you and contacts will likely screen your future emails more carefully.
Keep in mind that hacked accounts often end up hacked a second time later on. Clever hackers may leave themselves a backdoor into your account or set up forwarding of your mail to intercept future communications.
So don’t let it happen; be on the offensive and look for threats actively. Use the above tools to your advantage so you don’t end up on the wrong side of a hacked email account. And share that information with your friends; be on the lookout for suspicious emails that may indicate someone on your contacts was hacked.
We’re all in this together; will you be ready? Tell us what your strategy will be in the comments!
About the Author: Cassie is a cybersecurity blogger and technology specialist. With the increase in cybercrime, she finds herself increasingly busy writing tips and guides on how to avoid becoming the next victim.