How Email Accounts Are Hijacked

The most devastating exploit that can happen to you is to have your email account hijacked.  We have spilled a lot of pixels on this subject (see below).  The reason we find this so dangerous is that it is that this is the attack most likely to happen to you.

Google recently released a study that analyzed how Gmail accounts are hijacked.  If you have an Android smartphone, you have a Gmail account.  And if it is not your primary email account, it probably has a short, weak password you no longer remember.

When an attacker hijacks your Gmail account, they have access to your Google universe, your smartphone, Google Drive, Google Apps, and if you are a web master, Google Analytics.  Here are some startling facts:

  • 1.9 billion stolen user credentials (user names and passwords) were traced to data breaches.  That number is very close to the number of Internet connected humans in the world.  So basically one for each of us.
  • 12.4 million can be traced to the work of phishing exploits
  • 788,000 were taken using keylogging malware.

Google finds the credentials stolen through phishing or keylogging to be more of a security issue than the much larger data breach trove.  This is because the information is often fresher, and also contains other interesting identity bits such as telephone number and geo-location information.  This information can be used to spoof your identity more completely in a wire transfer, tax refund, or invoicing fraud.

Since phishing is the most successful attack vector, the best thing you can do for yourself is to learn how to identify phishing emails to keep yourself from clicking on a malicious link or opening a malicious attachment (which is where keyloggers come from.)

We have provided links back to some of our other articles and series about account hijacking for your review.  If there is one new cybersecurity skill you learn this year, this would be the best one.

More information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.