The impact of an email compromise on your business
A single email from a hacker can be responsible for bringing down your entire business. Don’t let an email compromise be the poison arrow that brings you to your heels like Achilles.
Educate and protect yourself by understanding how to spot a compromised email. After all, prevention is better than cure. But if you are hit by that poison arrow, you’ll need to act quickly.
In this blog post we’ll show you what to look out for in a compromised email account. We’ll also tell you what to do if you have been hacked. Again, if you want to contain the damage, you’ll need to act fast.
Let’s start by going into what an email compromise is.
What is a compromised email account?
A compromised email account is an email account that is under the control or influence of hackers. They’re used by hackers to gain access to your data and the data of your contacts.
It’s an advanced scamming technique that uses real email accounts to infect other users. The infected account can be an actual contact on your email list that got hacked. It can also be a hacker doing an attorney impersonation or acting like a business you know, such as a bank.
Anyone’s email can become compromised, and anyone can fall for a compromised email attack. That’s because there are plenty of ways an email can become compromised.
How do hackers compromise an email account?
Here’s a list of the most common hacks that give cyber criminals access to your email account and possibly your business data.
A phishing attack
A phishing attack is when hackers send communications that look official. The goal is to make you give up confidential information by tricking you with a legitimate email account.
Again, these mails can look like they’re sent from the proper institutions. Hackers will use domain spoofing and possibly change logos as well. They’re laying the bait for you to bite – they’re “phishing”.
Phishing emails can have malware in them or send you to a link to fill in your passwords and personal details. Usually, they require your action. As long as you don’t click the links, you’ll be fine.
Hackers will tend to use an authority figure and demand immediate action. They may try to impersonate you and give instructions to your employees. They could then gain access to company data through an employee’s email account.
Not logging out of a public or shared device
Using a public device to check your emails without logging out properly is practically handing your account to hackers. Closing the window doesn’t always automatically log you out of an account.
Any user can access your details from the public device afterwards and lock you out of your account. Public devices might also have malware or spyware on them, making it easier to harvest data.
In general, you want to be wary of using public devices to access personal accounts or data.
Weak passwords that are easy to guess
A strong password is an excellent defence against hackers. Weak passwords that are easy to guess can make accessing your email account much easier than it should be.
Remember, hackers aren’t trying each guess manually. They use software to brute force their way into an account with weak passwords. That means a computer runs through thousands of guesses in seconds.
The weaker the password, the easier it is for the computer to guess.
They can narrow the search down by finding out details about you or your business online. That information is then used as target words for the brute force software.
For instance, using your pet’s name and the year you were born in a series of combinations to find the password.
Read this blog we wrote on creating a strong password.
You can also use this online engine to find out if your password has been in any recorded data breaches.
Hackers might have installed malware on your device
Hackers can install malware on your device by means other than you clicking on a link in your email.
They could hitch a ride in outdated software that you download, or when you visit an unsafe website. Another method is creating websites that look legitimate but actually harvest data. You may not suspect the fake website because it looks official but it’s a front to steal your data.
Some common types of malware are:
- Ransomware – Locks you out of your device or data until you pay a fee
- Trojans – Packaged in actual software unknowingly, these give backdoor access to your device
- Spyware – Records information and keystrokes from your device that tells them what your passwords are
- Drive-by-downloads – Using outdated software and apps to hitch a ride and be downloaded when you update them
Why are hackers after your email?
Hackers want your email account because it’s the central point where almost all your data can be accessed. They’ll have insights into who you do business with, when you make payments, and the finer details of transactions.
With email access, they can also commit CEO fraud or send wire transfers to their accounts.
Your email account is often where:
- You verify an account
- You receive bank statements
- You reset a password for an online account
- Your bills are sent to
- Your online purchasing statements are sent.
It also houses other personal communications. With access to all of these, hackers could recreate a complete online clone of you using the data points they find. This kind of data theft is becoming increasingly common.
A compromised email account gives hackers knowledge into what websites you visit. It’ll also tell them what financial institutions you use. They may not have the password to those sites per se, but they could request a password change.
Changing the password would naturally lock you out. They could then ransack anything of value or sell your personal data on the dark web.
Like we mentioned earlier, they could also use your account in phishing attacks on your contacts. This allows them to commit further fraud, in your name no less.
With this trove of information and the possibility of further exploits, compromising emails is a big draw for hackers. This is especially the case for businesses as the financial incentive is a lot higher than a single person.
How do I know if my email account is hacked?
There are a few telltale signs pointing towards a compromised email account. They aren’t always a sign that you’ve been hacked, but if you experience one or more of them you should be on alert.
Your password is no longer working
We all stumble with our fingers from time to time when typing our passwords. However, if you’re certain you typed your password correctly and still can’t log in, you’re in trouble.
Hackers will change the password on a compromised email account to lock you out. That way they can sift through your data without being disturbed.
Unfamiliar emails are being sent to and from your account
Sometimes hackers will keep your password the same so they don’t arouse suspicion. They’ll also use your email account to conduct other attacks or request password changes.
Emails you didn’t send and password resets you didn’t request, are a strong sign you may be hacked. Sometimes they may also change the mailing rules of your inbox or start sending money to their own accounts.
They could add mail forwarding so they receive all emails intended for you, or they could change your display email address.
Pay attention to the mails you send and receive so you can spot any activity that seems out of place.
Contacts saying that they received odd messages or spam from you
A compromised email account is a quick way to initiate phishing attacks. The attacker poses as you and will generally spam your contacts with requests for money. Sometimes they’ll persuade them to join a club or local tournament for a sport.
Whatever method they use, pay attention to what your contacts say to you. This can be via email or social media. A hacked email account will generally pave the way to a social media hack as well.
So, if any of your contacts ask you about spam messages you’ve sent, you may have been hacked.
Unfamiliar IP address in your log
Some email providers have tools that show you the IP addresses that accessed your email account. In some cases, they also show you the location and time when the mail account was accessed.
Gmail is one example. Using this tool, you can quickly see if you accessed your email in a location that’s foreign to you. To do this in Gmail, click on “details” in the bottom right corner of your inbox.
From there you’ll be able to see the access type and the location of activity. If there are any logins from places you don’t recognize, you’ve been hacked.
What to do if your email account is compromised
Here are some fixes if you’ve already fallen victim to a scam and your email is compromised. Sometimes the damage may already be done, but there are ways you can salvage the remains.
It’s important to note that hackers will be looking for a way to commit financial fraud and scam you out of money. Once they gain access, they can send funds to themselves from your personal or business account.
The safest course of action is to get rid of any possible malware.
1. Run a scan with your antivirus program
Depending on how far the hackers got, they may have installed malware on your device.
Start off by running a full scan on your device. You want it to be a full scan so no trojan or malware is missed. Although you may not be sure, it’s better to be safe. If you don’t run the scan but try other methods first, you’re setting yourself up for future attacks.
Hackers may have installed trojans and spyware that track your movement and keystrokes. This can set you up for another hack when you think you’re safe.
2. Change your passwords
After you’ve run your full scan, change your password. If you can’t access your email account, contact your email provider to begin the recovery process.
This will likely involve you proving who you are. Make sure the new password request and confirmation are not sent to the email account since the hacker will still have access to the mailbox.
Again, make sure you use a strong password. Nothing related to your name, birthday, or any obvious trait that people can find on social media. Use a minimum of 12 characters. That includes numbers, symbols, and upper and lowercase letters.
Once you’re in your email account, end all sessions on all devices. This will kick the attacker out if they still had an active session when you made the change.
3. Reset other account information
Once you’ve changed the password and ended all other sessions, do the same for all your other accounts. You don’t know what access they may have obtained while inside your compromised email, so this is an important precaution.
Having access to one of your accounts can possibly compromise all other accounts. Follow the same steps as you did in Step 2 for every other account. Although this time you can send the password request and confirmation to your email account.
Note: Don’t complete this step until you’ve changed the password and are absolutely sure your current email session is the only one.
4. Change your email security questions
Change your security question to something memorable but not on your social media. Hackers can easily guess your password and security question by researching your activities and posts online.
If your security question is your dog’s name and you routinely post pictures of your pet online, you’re giving away key information.
A good tactic is to make any password or security question something that can’t be related to you online.
5. Enable multi-factor authentication on your email account
Further your security measures by enabling two-factor authentication. This adds an extra layer that hackers will need to break through to get into your account.
There are a few ways you can do this, but the best option is an authenticator app like Google Authenticator. When you log into your account, you’ll need to enter a security key that is only accessible on the app.
This is a safer option than an SMS two-factor authentication, because hackers can change the corresponding phone number and receive the security SMS.
6. Check for any mailbox rules that seem unusual or suspicious
Hackers may have enabled some suspicious rules while they had access to your email account. They could have enabled email forwarding or deletion. Sometimes they also try running unwanted applications in the background.
It’s a good idea to set the email rules to default and configure them from there. That way you ensure almost everything is back to normal, especially if you weren’t sure what changed.
Take special care to disable email forwarding for your mailbox.
7. Tell your contacts you’ve been hacked
Now that you’ve taken steps to secure your account, it’s time to tell your contacts that your email has been compromised.
This gives them a heads up in case the hacker sent any spam mails with malware from your account. This step is especially crucial if you’re running a business and your customers are affected.
We don’t need to tell you it’ll ruin your reputation and give the hacker a host of new victims.
A proactive message to your contacts can help save them from falling for any scams perpetrated in your name.
Once you’ve completed all the steps, run another full scan on every device you can.
A compromised email account can be the snowball that starts an avalanche. Protect yourself first by educating yourself on the signs of an email compromise and how it can take place.
Geared with your security knowledge, implement the safety protocols we listed. Each security measure will make hacking your email account harder. Protecting yourself and your business is best if you’re focusing on prevention.