Personal and company email addresses can provide cybercriminals with a wealth of new opportunities to execute their schemes and scams. Infiltrated email addresses can supply a mine of useful information for hackers to exploit by providing a portal into our personal and working lives. In the following passages, we discuss some of the most unfortunate consequences of a hacked account and what cybercriminals can do with them.
Using your email address to send messages
The most obvious action a cybercriminal can take after accessing your account, or simply obtaining your address, is sending emails from it. This can still cause plenty of problems. Even without access to your email account, a hacker who knows your address can send spoofed messages using an outbound mail server and mailing software.
With your forged address they can send out a variety of schemes via email that you would rather not be associated with, including messages containing harmful malware links or requests for payments. At best, this can hurt your reputation, and in worst case scenarios you can unwittingly be involved in crimes that can also harm other people.
Collecting your credentials using phishing campaigns
Obtaining your email address can be the first step in a cybercriminal’s scheme. After discovering what your email address is, they have the means to contact you and try to gain your personal passwords linked to it. Once they know the associated pieces of personal information, they will be granted access to your accounts.
There are multiple ploys used by hackers to harvest user credentials, one of the most common is the phishing email. Under the pretence of being a reliable email from a legitimate source, the message will try to trick you into signing in with your private passwords. The email will include links to a site that identically resembles the authentic page, so when you are redirected there, you may never be able to tell the difference. Sites that resemble eBay and Amazon are common, as are Microsoft login pages and company portals.
When you enter your details into the fields, they are collected by the criminals, giving them access to your personal accounts via an email address and password.
Another approach used by hackers is to send an alert email to you, stating your account has been accessed without authorisation. The request will ask you to create a new password, and when you do, the hacker has it, along with access to your account.
Accessing your accounts online
Current trends have seen our email addresses incorporated as logins for multiple sites, from online retailers and social media platforms, to financial services like PayPal. Combined with this vulnerability, internet users often employ the same passwords for multiple accounts to keep life simple. On top of this, many sign-in pages offer a “forget password?” option that if used by a hacker who has access to your email account already, allows them to set one of their choosing. With this step complete, the cybercriminal has the power to use or update your accounts in any way that you can.
Stealing financial details
If a hacker manages to access your financial details through your compromised account, such as debit or credit card information, the impact can be crippling. Hackers can use your details to make online purchases, depleting the funds in your account or worse, open up additional accounts, run up credit and take out additional loans and payment cards in your name. This can have a devastating effect on your personal credit score and a serious impact your long-term plans.
Accessing Personally Identifiable Information (PII)
What started as obtaining your email address, led to accessing your email and associated accounts and the chain reaction continues as the hacker starts exploring the data within them. A wealth of information is stored in personal and work email accounts, with most mail providers even delivering a helpful search facility that can be exploited by cybercriminals to filter your email history for useful data.
Among your sent messages, they may find all manner of PII they can use, from copies of your driving licence you attached, to banking details you provided a client or colleague with to make a payment.
Having their hands on your account will also give hackers access to your social or professional network, allowing them a mailing list of your friends and family for phishing campaigns, or a way to contact your colleagues and penetrate your company’s network security.
Spear phishing is the latest trend in mailing scams, with PII combined with publicly available information to create more authentic spoofed emails. With access to your account, a cyber attacker can send messages from your address and, by researching your sent messages, even mimic your style of writing. The National Cybercrime Security Centre (NCSC) states in its site that even its trained experts have difficulty spotting these sophisticated tactics.
Stealing your identity
After gaining access to your PII that may include your full name, date of birth, national insurance number, driving licence and financial details, a cybercriminal will have the option to steal your identity entirely. This can lead to a host of unwanted circumstances, from financial losses and criminal investigations, to damage to your personal and professional reputation.
Staying safe from cybercrime schemes
While recognising scams like phishing emails and changing your passwords regularly is advantageous, at Galaxkey, we understand that cybercriminals adapt their tactics in line with every new defence developed. With this in mind we have created our secure platform to offer comprehensive protection through a system that never stores passwords.
If hackers do gain access to your accounts, all data contained will remain completely secure due to powerful three-layer encryption. Whether emails are being sent or sitting in your inbox, all the content they contain, including attachments, will be totally protected.
Our secure email service also features a digital sign solution that ensures only those authorised can ever view messages and the identity of a sender can always be verified. Get in touch with our specialist team today to explore the benefits of our secure platform with a 14-day free trial.