What can cybercriminals do with a hacked email account?
Personal and business email addresses can provide cybercriminals with numerous opportunities to carry out their schemes.
People with malicious intent can infiltrate your email accounts and gain useful data to access your work and personal life. Take a look at the consequences a hacked email account and what cybercriminals can do with an email address.
1 – Employing an email address to send malicious messages.
Perhaps the most common use of a compromised email account is for the hacker to send messages. While this activity might not seem dangerous, it can still cause harm. Without access to your email account, a hacker who knows your email address can transmit spoofed messages. Outbound mail server and some store-bought mail software can make this possible.
With forged email addresses, hackers can launch scams that you’d prefer not to be associated with. These could include email content containing malware links or fake requests to receive a payment. In best-case scenarios, this would make you look foolish, cast suspicion on you and damage your professional and personal image. In extreme cases, you may find yourself participating against colleagues, clients, suppliers and members of the public.
2 – Obtaining credentials using phishing tactics
Accessing an email address can be stage one in a cybercriminal strategy. Having obtained your email address, the attacker can contact you and try to fool you into parting with your password. If successful, the hacker will be able to access your email accounts.
A common ploy to steal credentials is to send users an email reporting that their account has been illegally accessed. A simple password request email, and when a new one is selected, the hacker will harvest it to use later.
3 – Accessing company and personal accounts online
When setting up an online account today, it’s common practice for your email address to be used as a form of user login. Social media sites, e-commerce websites and financial services, such as PayPal, adopt this approach.
This means if a hacker knows your email address, they have one part of your login details. And they then only require the password to access your account.
This vulnerability is made worse by the sad fact that many users do not understand the importance of password security. Oversimplified options are chosen, like “Password”, “12345678”, names of pets and dates of birth. These last two choices for passwords might seem hard to crack. However, if a hacker browses unprotected content on social media, they can discover these details from posts about pets and birthday messages from well-wishers.
4 – Stealing financial information
Email accounts can contain a wide range of personal information. Some users may exchange company and personal banking passwords and payment card details by email, which end up stored and forgotten. If a hacker manages to access your financial details via a compromised account, like your debit and credit card numbers, the effects can be devastating. The cybercriminals can use your details to make purchases, deplete account funds and even open up brand-new accounts to give themselves a fresh line of credit.
5 – Collecting Personally Identifiable Information (PII)
Illegally obtaining email addresses, can quickly lead to accounts being accessed. Hackers then use the data retained in inboxes and outboxes, having used the search function.
In compromised email accounts, hackers can locate all types of different PII from copies of an individual’s driving licence to company credit card details, shared when a team member made a purchase.
Having access to your email account will also provide cybercriminals with a gateway to your professional or social network. This gives them a mailing list of new targets, including friends, family members, business contacts and colleagues.
Hackers often use this information together with social engineering tactics to increase their foothold in your network. Using your contacts’ email addresses and an understanding of your professional and social circles, these cyber criminals create finely honed attacks known as ‘spear-phishing’.
This technique selects you as its target and attempts to trick you, using a credible impersonation of a trusted colleague or company executive. With a wealth of personal data and a list of regular email contacts from your compromised email account, the process is child’s play for hackers.
6 – Identity theft
After obtaining your PII, like your full name, date of birth, NI number, driver’s license and financial credentials, hackers can steal your identity. As well as being extremely distressing, this can lead to a series of unwanted scenarios, including criminal investigations and financial losses which could damage your professional and personal reputation.
Bonus – Wiki Details
Gaining access to an email account is know as Business Email Compromise [BEC], You can read more about BEC here on Wikipedia [read more]
Specialists in email security
At CARA Technology, we advise firms on safeguarding their infrastructure and protecting their digital assets from hackers and scams.
Contact our specialist team for a FREE audit. To measure or to discuss how we can help you strengthen your security defences. Or take our FREE Cyber Security Risk Assessment right now: https://cara.uk.com/csra
