July 2020 Security Awareness

Email Hacking

This is the most popular method of hacking today. Once a hacker has control over your email they will usually take one of the following actions:
  1. Spam your contact list with another phishing email because your contacts are more likely to fall for the phishing attempt with the email coming from a trusted source.
  2. Turn on auto-forwarding and try to trick one of your key contacts into a fake exchange (wire transfer, gift cards or reveal of personal information)
Here are four hacking methods, and ways to prevent them.

1. Credential Harvesting:
A phishing email or other hyperlink sends you to a fake login page. After you login, your username and password are sent to the hacker.

How to Prevent

  • Take a quick look at the address bar when logging in. Is it the right website? See the examples below.
  • Setup two factor authentication for important sites like Microsoft, Paypal, and financial sites.

2. Email address harvest:
A major site is hacked (Sony, LinkedIn) and you have used the same password for the hacked site that you used for your email.

How to Prevent

  • Do not use the same password across multiple sites or services, especially between business and personal accounts.
  • Use a password manager like LastPass, Dashlane or 1Password. These services allow you to use more complicated passwords while only remembering one access password for the manager, usually with multi-factor authentication setup.
3. Password hacking:
Hacker uses trial and error with common low security passwords (Password123, 123456, qwerty).

How to Prevent

4. Keylogger:
Malware with keylogger or other monitoring tool is installed on your system. These tools will watch silently while you work, and capture information including entered passwords.

How to Prevent