In this era of online communication, email is one of the most preferred mode for majority of official, business and other forms of formal communication. Therefore, keeping your email account safe and secure is of the utmost importance. Imagine a situation: You are a scientist in the R&D Department of Pfizer. You wake up one morning and find out that someone has hacked into your email account and forwarded all the details of a top secret, ground breaking drug, to a scientist of a rival Pharmaceutical company. That is definitely a scenario you don’t want to face.
If you are reading this blog, it is likely that someone has or had hacked into your email account. Here, you will get to know some of the ways in which your account was compromised.
1. The “Man in the Middle” Attack:
This is one of the major ways in which you can compromise your email account while using an unencrypted public Wi-Fi network in Airports, Bus stations, Coffee shops, etc.
In this method, Mr. X sets up his laptop in such a way, that the router believes that his laptop, is your laptop. Again, your laptop is fooled into believing that X’s Laptop is the router. So basically, the connection should have been Your Laptop → Router, but it becomes: Your Laptop → Mr. X’s Laptop → Router.
Now, what can Mr. X do? He can eavesdrop on all of your online communications, keystrokes, etc. So, if you log into your email account, while under a “Man in the Middle” attack, Mr. X will know your password and your email account will be compromised.
2. Weak Password:
This is one the main reason for which a lot of email accounts get hacked on a regular basis. While setting the password as your pet’s name makes it easy for you to remember, it also makes it easier for someone to hack into your account, simply by guessing your password.
A survey by “Imperva” in 2010 found that 1% of the 32 million users of a website called “RockYou”, used “123456” as their password. Some of the other commonly used passwords included “12345”, “abc123”, “qwerty”, etc. Another survey in 2015 claimed that majority of the passwords are a combination of “12345” and “password”
You can find a list of commonly used passwords at http://www.avg.com/us-en/worlds-25-worst-passwords-revealed.
Passwords, which contain your name, name of your spouse, parents, siblings, children, pets; date of birth; company name and year of joining (Example: “TCS2014”); are best avoided.
Set a strong password, with an alpha-numeric combination, using Upper and lower case, along with a symbol. Example: “rgUCy34*btMr$71”.
3. Forgetting to Log out:
This is usually applicable when you are using a computer in a library, cybercafe, institution or any other shared workstation. If your email account gets hacked through this method, it is completely your fault and easily avoidable. Please be alert and make sure to logout of your email account whenever you are not using your personal computer.
This is one of the most common ways in which a hacker obtains your credentials, by creating a fake login page of Gmail, yahoo!, etc. Once you login, or re-login through such a fake webpage, the hacker gets a hold of your username and password. Phishing attacks are sometimes designed to attack a particular person, by observing their online behavior.
Phishing attacks are mostly used for stealing banking credentials.
The problem is, there is no fool-proof method to detect a phishing scam. All you can do, is avoid re-logging in, or entering your credentials anywhere if you are not certain about the authenticity of the website. Avoiding such emails, is the best way to avoid getting “Phished”.
You can also check “FraudWatch International” and “Millersmiles” to keep track on the Phishing scams that are currently being reported.
There are a few malware (Malicious Software) that can be secretly installed on your computer by a hacker to steal your credentials.
Key-logger is one such malware. It simply records all the keystrokes made, and sends the data to the hacker, who had secretly installed the key-logger in your system. Thus, by combing through all your keystrokes, a hacker can easily identify your email id and password.
RAT or Remote Administrative Tool is a malicious tool, that can be secretly used by a hacker to gain remote access to your computer and monitor all the activities on the system.
Trojan Horse is another such malware, that often infects your computer through a free software you may have downloaded. It can be used to steal you credentials.
To prevent such malware from infecting your system, you should use a proper, licensed anti-virus software. We recommend that you use “ABC” for protecting your system.
Now that you know how your email account got compromised, please read secure your email to know how you can prevent it from happening in the future.