Over the past year there has been a significant rise in calls to G First where folks believe their email has been ‘hacked’. While this is a bit lengthy to read, it encompasses most of what we hear from folks and how we mitigate/resolve and how you can help.
Bottom line is that most of us take email for granted much like and even more so than postal mail. However, in postal mail it is a piece of paper we can simply shred and recycle. Email is different because what’s inside can ruin your computer systems and, in some cases, ruin your identity, credit, etc.
The fear of being hacked is very real and warranted. This is usually because someone has received an email from you that you didn’t send or you receive one from someone you know that they didn’t send. Another alert is receiving an email from a company like a vendor or customer or even Microsoft and they are always compelling you to click on a link or reply with information. At G First with over 100 clients we have only seen 2 actual ‘hacks’ in the past 3 years for which a quick password reset solved the problem immediately.
Most everyone that thinks they are hacked, are usually just “spoofed” and that is explained below. I would encourage you to read this information and pass it on to you staff, friends, and relatives.
So the next question becomes, how do I detect/avoid a Hack and identify a Spoof?
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing and spam campaigns because people are more likely to open an email when they think it has been sent by a legitimate source.
How do ‘they’ get our email addresses?
Crawling the web for the @ sign. Spammers and cybercriminals use sophisticated tools to scan the web and harvest email addresses. If you publicly post your email address online, a spammer will find it.
Making good guesses… and lots of them. Cybercriminals use tools to generate common user names and pair them with common domains. These tools are similar to the ones that are used to crack passwords. And they work.
Tricking your friends or vendors or customers. Even if you know better than to publicly post your email address on the web, it could still be stored in the email inbox of anyone who’s ever emailed you or whom you’ve ever emailed. Cybercriminals can steal contact lists or use social engineering to trick people into giving them access the same way they are trying to get you to click a link. When you click a link they get notified and immediately know they have a legitimate email address.
Identifying a true hack:
Your Password has been changed – One of the most obvious signs of your email being hacked is discovering you cannot sign in to your account. If your email password is rejected as incorrect and you did not change it, it could indicate that it was changed by someone else. If a hacker accesses your account, he is able to change your password to prevent you from logging in and retaking control. Some hackers won’t change your password so you won’t notice that anything’s wrong. One way to determine if this is the case is to look at your sent mail folder and see if there are messages there that you are confident that you didn’t send. Also check your Deleted Items folder the same information. If you find some, then you know a spammer probably has access to your account. Watch for password reset emails that you have not instigated. The hacker may have tried to change your password on other sites, using access to your email to perform password resets.
Please know that even the best defenses can be breached. It is imperative that you as a user of the systems remain diligent in your ability to prevent outbreaks as well. Remember these 3 tips when dealing with email:
Be skeptical! Don’t take any email at face value, even if it looks like it came from someone you know and from whom you expect to receive messages. Review the content. Is it written in the manner in which the person normally communicates? Does it use strange words or phrases they don’t normally use? Be suspicious of messages that ask you to open an attachment or otherwise respond immediately. Contact the person through another method such as calling them on the phone to confirm the urgent response. Do not open any attachments until you confirm the request. If the message asks that you click on a link, hover your pointer over the link to reveal the URL. Check to see that the URL looks legitimate. Also confirm any messages that ask you to release corporate or personal information. Make sure you are dealing with someone authorized to have that information prior to sending anything.
Be paranoid! Does anything in the message make you uncomfortable, or is there something odd or unusual about the communication? If so, confirm the message through another channel like phone or text.
Trust your instincts! You are the first and best line of defense when protecting your companyand your personal data. Things that seem unusual or out of place should be scrutinized. Ask yourself: Does this message seem normal? Is there anything out of place or unusual? Is it requesting an immediate response that includes private company or personal information? Is this message in the normal style and tone I expect to see from this sender? Does this message include links to websites that look suspicious or are out of character for the sender? Are there unexpected or unusual attachments?
AS ALWAYS – if you need any help or question a particular situation email us at email@example.com and we’ll let you know if it’s safe to go forward with an email.
Yours in Security and IT Support,
Ernie T. Pomeroy
G First Security
480.454.5578 ext 701 (direct)