In the wake of two large breaches at Yahoo that compromised a billion accounts, including users’ email addresses and passwords, experts say email accounts are a major target for criminals.
“When an attacker compromises your email account, his possibilities are limitless,” said Omri Iluz, the co-founder and CEO of PerimeterX, a cybersecurity company.
WikiLeaks aside, it’s not necessarily the content of your emails that cyberattackers care about. More likely they’re using your account to make money.
Since many accounts use email addresses as the log-in or to reset passwords, email accounts are highly connected to your online identity, including banking and shopping accounts.
“[A hacker] can go and log into any account that you have by simply clicking on the ‘forgot my password’ and getting a new password to your email. He can create new accounts by using your email and faking your identity,” Iluz said.
Once cybercriminals get into email accounts, they move quickly and often go unnoticed.
“Within an hour, they drain your bank account. They ship items from your stores. They try to infect your friends [on social media],” said Iluz.
Another option for cybercriminals is to sell access to hacked email accounts on the black market. “Email accounts go on the underground marketplaces for 10 to 20 times more than credit card [accounts],” Iluz said.
PerimeterX specializes in preventing attacks from malicious bots. Bots are an application programmed to do a task, such as sift through files, much faster than a human can. They can be used maliciously, such as to crack passwords, known as a brute force attack.
“Brute force is the most popular attack [against email accounts] right now,” Iluz said.
To get your email password, cybercriminals have bots guess passwords. Sometime they use lists of usernames and passwords stolen in other breaches and sold on the black market, such as those from breaches like that of Yahoo.
“Consider this ammunition,” said Iluz. “It can take hours, it can take days, but eventually [a hacker] will be successful. He will be able to enter and take over thousands of accounts.”
One reason hackers are so successful is that many users reuse passwords.
“Users use on average only 6 passwords throughout their entire online identity,” said Iluz.
To protect yourself, you should use different passwords for different accounts and change them frequently.
“If you reuse your password and it was leaked, you have to change your password everywhere you use it,” said Iluz.
You also need to watch out for fake emails. Cybercriminals may send out phishing emails pretending to be Yahoo or other recently breached websites. Hackers may also send emails from hacked email as if they were the owner accounts trying to get personal information.
Find out how to protect yourself and business at: http://cyber.aspida.org