The most devastating exploit that can happen to you is to have your email account hijacked. We have spilled a lot of pixels on this subject (see below). The reason we find this so dangerous is that it is that this is the attack most likely to happen to you.
Google recently released a study that analyzed how Gmail accounts are hijacked. If you have an Android smartphone, you have a Gmail account. And if it is not your primary email account, it probably has a short, weak password you no longer remember.
When an attacker hijacks your Gmail account, they have access to your Google universe, your smartphone, Google Drive, Google Apps, and if you are a web master, Google Analytics. Here are some startling facts:
- 1.9 billion stolen user credentials (user names and passwords) were traced to data breaches. That number is very close to the number of Internet connected humans in the world. So basically one for each of us.
- 12.4 million can be traced to the work of phishing exploits
- 788,000 were taken using keylogging malware.
Google finds the credentials stolen through phishing or keylogging to be more of a security issue than the much larger data breach trove. This is because the information is often fresher, and also contains other interesting identity bits such as telephone number and geo-location information. This information can be used to spoof your identity more completely in a wire transfer, tax refund, or invoicing fraud.
Since phishing is the most successful attack vector, the best thing you can do for yourself is to learn how to identify phishing emails to keep yourself from clicking on a malicious link or opening a malicious attachment (which is where keyloggers come from.)
We have provided links back to some of our other articles and series about account hijacking for your review. If there is one new cybersecurity skill you learn this year, this would be the best one.
- Naked Security – Google Email Hijack Study
- Foiling Email Impersonation
- What Can I Do With A Hijacked Email Account? Part 1
- What Can I Do With A Hijacked Email Account? Part 2
- Email Account Hijacking – Part 3 Extending the Exploit
- Email Account Hijacking – Part 4 Prevention and Dectection
- How Cyber-Attackers Use Your Email Against You
- Manual Account Hijacking: When It Gets Personal