Why a Criminal Might Want to Hack Into Your Email
By Prempal Singh
The last two large breaches at yahoo that compromised a billion accounts, including users’ email account and passwords, experts say email accounts are a significant target for criminals.
“When an attacker compromises your email account, his options are limitless, ” said Omri Iluz, the co-founder and CEO of PerimeterX, a cybersecurity company.
WikiLeaks aside, it’s not always the information of your e-mails that cyber attackers care about. More likely they’re using your account to generate income.
Since many accounts use emails as the log-in or reset passwords, email accounts are highly linked to your web identification, including banking and shopping accounts.
“A hacker can go and log into any accounts you have by simply clicking on on the ‘forgot my password’ button and getting a new password to your email. They can create new accounts by using your email and faking your identity, ” Iluz said.
Once cyber criminals enter into email accounts, they move quickly and often go undetected.
“Within an hour, they drain your bank accounts. They ship items from your stores. They try to infect your friends [on social media], ” said Iluz.
An additional option for cyber criminals is to sell entry to hacked email accounts on the black market. “Email medical data go on the undercover marketplaces for 10 to twenty times more than credit-based card [accounts]”, Iluz said.
PerimeterX is an expert in stopping attacks from malicious bots. Bots are an application programmed to do a task, such as sift through documents, much faster than the usual human being can. They can be used maliciously, such as to crack passwords, known as a brute pressure attack.
“Brute force is among the most popular attack against email accounts right now, ” Iluz said.
To get your email password, cyber criminals have robots guess passwords. Sometime they use lists of email usernames and passwords stolen in other breaches and sold on the black market, such as those from breaches like that of Yahoo.
“Consider this ammo, ” said Iluz. “It may take hours, it can take days, but eventually [a hacker] will be successful. He can be able to get into and dominate thousands of accounts. ”
One reason hackers are so successful is that many users reuse passwords.
“Users use typically only 6 security passwords throughout their entire online identity, ” said Iluz.
To safeguard yourself, you should use different passwords for different accounts and change them frequently.
“If you reuse your password and it was leaked, you have to change your password everywhere you use it, ” said Iluz.
You also need to watch out for false emails. Cyber criminals may send phishing emails pretending to be Yahoo or other recently breached websites. Cyber-terrorist may also send email messages from hacked email as if they were the owner accounts trying to get personal information.