Before I started my career in cybersecurity, I thought hacking only happens as seen in movies. The least suspicious-looking member of the hacking crew manages to evade security checks by pretending to be a cleaner, then gets lucky enough to insert a removable drive into the laptop of a key employee of the target company (usually a large organisation), or into a server. Elsewhere, a couple of bad guys in a dark room with computers remotely activate the malicious code into the planted flash drive and boom shakalaka – the network is down.
While this method of hacking isn’t obsolete, I know that more fatal security breaches can result from a less dramatic channel of attack – email. Here’s why:
- There is a steady increase in email usage for personal and business activities, with many users either oblivious to, or ignorant of, cyber threats.
- Even with a growing number of online communication tools, email remains an indisputable favourite, especially for corporate communication.
- Email attachments is one of the oldest ways to spread harmful software such as malware.
In this article, I will give you a fairly non-technical overview of why your email accounts are frequently in the crosshairs of cybercriminals.
Our digital lives are encapsulated in our inboxes
We often don’t realise how much of our entire lives revolve around this piece of technology – email. We keep everything in our inboxes: photos (including nude ones), contracts, vendor and customer information, invoices, bank and login details, tax forms, scanned IDs, contacts, order confirmations from online shops, travel itineraries, password resets for various accounts, and so much more. Additionally, our emails are connected to all our other digital accounts – from bank accounts to social networks (Instagram, Facebook, etc.), cloud services (Google Drive, iCloud, etc) and online shops such as Jumia, where you most likely saved your credit or debit card details.
So, by simply breaching your email account, a malicious hacker can get access to your whole life quite easily
Don’t be so naïve to imagine that they want your money only. Rather, they want all the details they can possibly get, whether you’re the CEO of a top company, a celebrity, or just someone who believes they have ‘nothing valuable’ in their inbox.
Let’s imagine John is a hacker. I will share three examples of what John can do with some of the information in your inbox.
- Passwords, credit card details and bank account information: John will thank you for making his job of hacking your bank account easier. Also, he might call you, pretending to be your bank, ask for your one-time password (OTP) and begin to help himself to your money.
- Personal conversations: John will obtain copies of personal conversations that, if exposed to the public through the media, could cost you your job or business. Depending on how important you are, this skeleton in your cupboard might be a good blackmail tool in John’s hands. Even if you have no hidden skeletons, remember that incomplete conversations, taken out of context, can have damaging effects.
- Travel itinerary and calendar: This is pure gold to John. Just think about it; he will know precisely when you’re going to leave home, when you will be on a plane without a phone signal, when you’ll be in a meeting and when you’ll return home.
Hackers know you can’t be bothered with keeping good password hygiene
Politicians, diapers and passwords have one thing in common: they should all be changed regularly. That is what we are told but not many of us practice it. First, we hardly have strong passwords, and if we do, we use the same password across all our accounts. To make the situation worse, we don’t change these passwords regularly. I can’t tell you enough how endangered you are; if you were here, you would see me shaking. I’ve previously shared some practical steps to help you set strong passwords.
It requires little effort but delivers the biggest bang for the buck
“The last thing I want to do is hurt you,” said no cybercriminal ever. Like the devil, hackers come to steal (money, assets, etc.), to kill (your reputation) and to destroy (infrastructure). To put this into perspective, business email compromise, also known as wire transfer fraud, has caused more than $12.5 billion in losses since 2013, according to the FBI.
Cyber criminals use social engineering tactics to deceive users and obtain sensitive information via email. Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Social engineering is perhaps the most convenient method to breach a secure network that is otherwise difficult to breach through technological means. This explains why hackers are increasingly turning to social engineering to enter corporate networks; because they know that humans are the weak link in any company’s security plan. Phishing is the most common type of social engineering. Little wonder that over 85% of successful security breaches begin with a phishing email.
In my next article, I will tell you all about phishing and how you can protect yourself from being phished.
You share a lot via email – sometimes more than you should
There is a lot you share via email that should never have been sent in the first place. Top of my list is credit/debit cards and passwords. If you have these and other sensitive information in your inbox, please delete them immediately and empty your trash.
Attackers generally gain access to your inbox and start scanning and monitoring your inbox for sensitive documents like invoices. They can pick up these types of documents, alter them, or use them as templates to forge documents that allow them to steal from you. That, in a nutshell, is how bank fraud happens. But that’s a full article for another day.
You’ll make a fine delivery man/woman … for malware
Sometimes, you might not be the main target, but a means to the main target. When your email account is compromised, your contacts are at risk too. Your contacts could comprise family, friends, vendors, clients, prospective clients and government representatives.
Hackers have been known to use compromised accounts to deliver harmful software to their main targets via the contact list of their victims. Think about it; you might be more open to clicking on a malicious link or downloading a virus-infected attachment in an email from someone you know and trust.
They see gold everywhere in your inbox
I can’t help but repeat that you have plenty that is extremely valuable to a hacker. Bank accounts, personal details, credit and debit cards, identity documents, social media accounts and hacked computers are worth a small fortune on the dark web. Putting this in perspective, cybercrime is now a far larger global market than the illicit drug trade. So each time you think about your email accounts, think about them as a stash of gold; this might help you to have a better attitude towards safeguarding the information contained therein.
The benefits of email technology outnumber any potential risks. I didn’t write this article to frighten you from using email, but with the aim of reminding you to take cybercrime seriously and to be proactive in finding the best email security solutions for you and your business.