email breach

Why Hacked Email Accounts Are So Dangerous

Spread the love:

Have you ever received a suspicious email from someone you know? It’s more common than most of us might imagine. That’s because when a hacker steals their victim’s email account, they use it to create more victims by sending out spam messages to users on the stolen account’s address book. It’s a major invasion of privacy, not to mention dangerous.

These messages frequently contain links to fake or “phishing” websites, which will be designed to resemble real websites but exist solely to either infect visitors with malware or pose as a location for people to “log in,” thereby unwittingly handing over their account info.

Naturally, some of those emails contain good old fashion infected files. As most of us live busy lives, downloading a file sent by a friend isn’t usually something we’d consider suspicious. But that’s exactly where it can start.

So how big is the problem and what can we do about it? Read on to find out.

The Infamous iCloud “Hack” and Phishing

If you recall 2014, you may remember reading about famous celebrities being “hacked” and having hundreds of their nude photos leaked onto the rest of the internet. Apple, apparently, was implicated in the incident because iCloud was where these photos were leaked.

But that’s only the face of the story. In reality, the iCloud “hacks” were actually the result of phishing emails targeted at celebrities. They exclaimed that there was a problem with their account and that they needed to submit their usernames and passwords. Amazingly, it worked.

Once the victims willingly handed over their logins, it was only a matter of time before their private information was exposed. Fortunately, this is one of the easier types of “hacks” to avoid in the email sphere.

Read any email that asks for information carefully: remember that companies never will ask for your username and password via email because they already have it! If you click a link in an email to visit a “login” page, check the URL address at the top of the page. It should be an exact match for the site. Facebook.com isn’t and will never be Facebook.login.com.

This brings up an important point about URLs; the part directly before the .com, .edu, .gov, or .net part is the actual host page. For instance:

  • com vs Google.search.com
  • google.com vs. google.scholar.com

The first one in each point above is still a part of “google.com,” whereas the second in each point come from an entirely different page. Learn to spot the differences; it can help avoid phishing.

Public WiFi Hacks

Another place people frequently get hacked is while using public, unsecured WiFi connections. They go to check their email and in the meantime, someone else connected to the network is infiltrating their device and stealing information.

The cost can get high quickly; stolen email accounts contain a laundry list of personal information about both the victim and people they know. Emails may contain information about other accounts, names, addresses, and proprietary information in the case of business emails. Considering the cost of identity theft—frequently in the thousands of dollars for individuals, not to mention the damage to credit—prevention is invaluable.

The best way to keep unsafe connections from being a source of hacks is to use a Virtual Private Network (VPN). A VPN is a service that encrypts your connection regardless of the source and allows you to surf the net without concern of your data being taken midstream. It does this by connecting you to a remote server—the medium between you and the rest of the net—so that you’re safe from attack and anonymous to boot.

The difficulty is finding the right provider, as there are many. This VPN review by Secure Thoughts is a good way to get started. In general, it’s best to seek a service that offers unlimited bandwidth and good customer service.

The Enemy Within; Outdated Software

So far, we’ve looked at how email accounts can be lost as a result of phishing attacks and unsafe internet connections, but there’s another vulnerability that puts just as much at risk.

Outdated apps and software present major security risks as vulnerabilities within old versions can be exploited by hackers to get into your systems and accounts. On the bright side, this is also the easiest problem to fix; just install updates! Automatic updates are rarely a bad thing, although you may need to ensure you have the data to spare for them (or just use WiFi with your now VPN secured connection).

The Consequences Are Dire

No matter how an email account ends up compromised—even if it’s because the password was old, reused, or just weak—the results can end up the same. Putting aside the obvious identity theft issues, reputation is another area that a lost email account can really become painful.

Whether the hacked account is your fault or not, it doesn’t change the perception that recipients of your tainted emails may have of you after the fact. Business contacts are less likely to trust you and contacts will likely screen your future emails more carefully.

Keep in mind that hacked accounts often end up hacked a second time later on. Clever hackers may leave themselves a backdoor into your account or set up forwarding of your mail to intercept future communications.

So don’t let it happen; be on the offensive and look for threats actively. Use the above tools to your advantage so you don’t end up on the wrong side of a hacked email account. And share that information with your friends; be on the lookout for suspicious emails that may indicate someone on your contacts was hacked.

We’re all in this together; will you be ready? Tell us what your strategy will be in the comments!

About the Author: Cassie is a cybersecurity blogger and technology specialist. With the increase in cybercrime, she finds herself increasingly busy writing tips and guides on how to avoid becoming the next victim.

~

‘Massive’ 808 million emails and data breach at Verifications .io

Spread the love:

A massive number of emails of about 808 million with personal information were leaked online when a public MongoDB was kept without a password by an “enterprise email validation service provider” Verifications.io.

Compromised data were Dates of birth, Email addresses, Employers, Genders, Geographic locations, IP addresses, Job titles, Names, Phone numbers, Physical addresses of individuals.

The discovery was made by Bob Diachenko of SecurityDiscovery.com on February 25, 2019.

According to HaveIBeenPwned – an online service which detects and reports if your email has been part of a data breach –

In February 2019, the email address validation service verifications.io suffered a data breach. Discovered by Bob Diachenko and Vinny Troia, the breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included additional personal attributes such as names, phone numbers, IP addresses, dates of birth and genders. No passwords were included in the data. The Verifications.io website went offline during the disclosure process, although an archived copy remains viewable.

— HaveIbeenPwned

How does an Enterprise email validation service like that of Verifications.io works?

  • Someone uploads a list of email addresses that they want to validate.
  • Verifications.io has a list of mail servers and internal email accounts that they use to “validate” an email address.
  • They do this by literally sending the people an email. If it does not bounce, the email is validated.
  • If it bounces, they put it in a bounce list so they can easily validate later on.

For more information about this data breach, click here for Bob’s blog post.

To check if your email is part of a data breach, go to HaveIBeenPwned website.

Image courtesy of www.securitydiscovery.com