September 17, 2021
“There is no silver bullet with cybersecurity, a layered defense is the only viable defense.”
Senior Fellow & co-founder Institute for
Critical Infrastructure Technology
Cyber threats can originate from various actors, including corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal organizations, lone hackers, and disgruntled employees.
Small and medium businesses and non-profits are the top targets for cyberattacks. Unlike large corporations who have the money and resources to pay for cybersecurity and upgrade their network to match the latest hacker tricks, small to medium-sized businesses do not have that same luxury, and hackers know it.
Your credentials can be obtained in a number of ways by hackers who have a toolbox of software programs and databases to help them figure out more details.
One of the primary ways hackers obtain stolen credentials is by getting access to large data breaches from popular online services like LinkedIn, eBay, and Adobe as well as lesser-known websites. In a data breach, millions of records are leaked, and the passwords stolen are compiled in large databases to be sold on illicit websites found on the Dark Web.
Keep in mind, many of these popular online services use email address as the User ID for the login credential. Once this information is stolen, a hacker not only has your User ID and Password, but they also have your email address. For example, if LinkedIn has a breach, and your User ID for your LinkedIn account is also your work email, a hacker now has your LinkedIn User ID and Password and your email address for work. Do you use the same password for your LinkedIn Credentials as your email login credentials? Or maybe you use a similar password that could easily be cracked using another hacker “tool”? If so, a hack of your LinkedIn credentials has now exposed your entire workplace.
Email remains the primary avenue for attackers to enter a network by using phishing attempts which are getting more sophisticated and harder to identify. Phishing can take many forms—from fake emails sent from known email addresses, or a bogus email from IT support purporting to fix a computer problem, to a phony rebate offer from a familiar brand.
What can a hacker do with your email address?
Send emails from your address
Once hackers have your email address, they can use it to target more than just you, sending out email blasts to anyone (maybe even everyone!) in your contact list. Even if they don’t have your email password, they can ‘spoof’ an email message with a forged sender address. The emails they send can be anything from harmful malware to scams and requests for money.
Send phishing emails
When a hacker knows your email address, they have half of your confidential information, and they will employ several methods to access your password. The most common being phishing emails. This is an email disguised as a legitimate email from a trusted source, designed to trick you into logging in and exposing your credentials. A phishing email can look like a legitimate-sounding email that seemingly comes from Amazon, eBay, Paypal, or any number of other popular services. Links in phishing emails will always direct the user to a purposefully built website that looks identical to the real service but is actually a fake website that captures the credentials for the real account. Phishing emails more often than not result in a user relinquishing their id and password
Access your online accounts
Emails are often our login IDs for social media sites, in addition to Google Docs, online retailers, and many of our other accounts. Many of us have a habit of using the same passwords for all of these accounts. Even if you don’t use the same password, the hacker can click the ‘forgot password’ button which will result in an email that contains a link for resetting your password. That email will be delivered to your email address for which the hacker may already have your password. The hacker can then open the password reset emails and change your account passwords, essentially giving them access to any of your accounts.
Access personal information
Once a hacker has access to your online accounts, just think about all the information that is right at their fingertips. They can search on Facebook and determine your public name, the names of friends, and possibly pictures. On LinkedIn, they can see where you work and your position, who your colleagues are, your responsibilities, plus everywhere you worked or went to school. That is more than enough information to start some real-world stalking or potentially steal your identity.
Steal financial information
When a hacker has enough personal information, they may be able to find and crack your credit/debit card information or online bank accounts, particularly if you use your email address as the. A reset to your bank account login by a hacker allows them to begin issuing transactions, potentially devastating your finances, and ruining your credit score.
Hackers can utilize the access to your email and social media accounts to spy on you and review your most personal emails and messages, using this information to ruin, or threaten to ruin, your reputation. This is a rare occurrence, but it can happen, especially if a hacker finds something that the user wouldn’t want to be seen publicly.
Steal your identity
As alluded to earlier, once a hacker has your personally identifiable information, they can steal your identity. With information like your tax file number and credit card info, identity theft can sadly be well within reach for hackers.
The pandemic has increased digital engagement and in turn, cybercrime has spiked. In 2020 cybercrime schemes generated $1 trillion more in revenue than Walmart, so these attacks aren’t going to stop any time soon. Right Click Solutions offers a comprehensive suite of security software and services to protect against the latest cyber threats. We recommend layers of security solutions for your operation including using a Virtual Private Network, Multifactor Authentication, Email Security, Business Continuity & Disaster Recovery, Virus Protection, Dark Web Monitoring, and Cyber Threat Education.
For more information, sign up for our Right Click Academy session here.