In the previous article, we presented a case describing the consequences of taking over the e-mail box of the president of a small IT company by unauthorized persons. In the following article, we will try to suggest how to deal with a similar situation. Because an e-mail hack can affect each of us, both privately and professionally. As a consequence, this can lead to real problems.
Password strength
By using one password for many websites, it is enough to leak login details to one of them, and hackers have access to all the others, e.g. to our social media accounts, e-mail or bank account. Fortunately, the latter is a bit more difficult, because banking systems are obliged to verify users through multi-factor authentication.
If someone uses a simple password, consisting of a few dictionary characters, a simple “password cracking” tool with the appropriate computing power is enough to crack it. With such tools, simple passwords can be cracked in a few seconds. In this case, it does not even have to be done by the criminal himself – most often machines are used for this.
Cyber incident response
Let’s be vigilant. If our password has been broken and it concerns our private mailbox, we should immediately change the password and, if possible, activate multi-factor authentication. Almost all mail providers on the market offer such solutions. This is often a free service as part of the implemented security policy. Let us remember that our correspondence contains not only simple stories from the lives of our relatives or friends. We can also store, for example, our financial or health data in it.
It is worth immediately assuming that the data from our e-mail box has been stolen and copied. If so, they are likely to be used. It is, therefore, necessary to review all correspondence to find all confidential, sensitive data, e.g. passwords, scans of ID cards, information on logging into other websites, bank accounts, contracts and all other confidential information that may consequently lead to large financial losses or images.
If a data leak could expose third parties, e.g. your friends or family, we should inform them about it. They should have known this happened. It seems to be tedious and sometimes expensive, but let’s remember that our every negligence can be ruthlessly exploited by criminals.
In the event of a company e-mail account being taken over, we should immediately report this fact to the people from the IT or security department. Hiding this fact can expose the entire organization to much greater consequences. Criminals, after taking over a given account, immediately check to which systems they can still log in using the same password. They can also use a compromised e-mail box for social engineering attacks on co-workers or contractors.
Unwanted effects of cyber attacks
It all depends on how cybercriminals will use the compromised account. However, it is not worth counting on them to use it only to send spam. The longer hackers have access to your email, the more damage they can do. If the mail contained a lot of valuable information, it can be used many times in many different forms of attacks: from the use of a phishing mailbox to more complex phishing attacks or disclosure of confidential data.
Mail hijacking protection
As described above, taking over the mail has many, often serious consequences. It may therefore be worth preventing a real threat rather than eliminating its effects. In the beginning, it is enough to implement a few basic rules that will increase our security. For each account, system, portal, etc., use separate, individual and unique passwords. Don’t let these passwords be easy. Let’s use “password managers”. These types of software help you securely store, create, and manage your passwords. Let’s introduce our password change policy, systematically changing passwords to new ones. In addition, let us limit access to unauthorized persons. Let’s use multi-factor authentication processes for users, confirmation of login via SMS, or an additional application is not a problem and significantly increases security.
Let’s be sensible, careful and safe!