Email Account Attacks & Takeovers by Cyber Criminals

Cyber Criminals

If organizations thought that cyber criminals have mainly moved on from email exploits to other more lucrative points of attack, they are unfortunately, mistaken. In fact, email exploits remain a significant contribution to account takeover attacks. This article will discuss some of the stats surrounding email attacks, ways in which cyber hackers like to exploit email users, and it will also outline some steps organizations can take to combat this persistent security threat.

The Stats 

When hackers do attack email accounts, 78% of them do so without the help of any applications outside of email. This overwhelming percentage shows that the use of email alone remains a powerful potential source of unwanted cyber attacks. Another interesting statistic centers around the length of time that hackers stay undetected while exploiting an email account(s). Researchers show that data thieves were able to linger undetected for an entire week in over one-third of all hacked email accounts. For organizations working with confidential data, this is particularly disturbing, as a week’s worth of email correspondence is often significant.

Other email hacking attempt stats include:

  • 31% of email hackers focus solely on compromising email accounts.
  • 20% of single email attacks affect other email accounts, including personal accounts. 

 If one thinks it is comforting to learn that only 31% of hackers are interested in gaining access to an email account and assume that’s the end of their exploit, it is a false assumption. While the stats show that some hackers do only focus on gaining access to the accounts, their next step often involves selling the information they observed to other cyber criminals, who then use the data for blackmail or other criminal purposes. Of course the other stat which shows that 20% of successful email exploits also involve the exploitation of multiple user accounts, means hackers are gaining access to a password for one account and are able to use that same password to exploit multiple accounts.

How They Do It

We’ve already learned that it’s not uncommon for hackers to gain access to multiple accounts, merely by trying to re-use an employee’s password.  Some hackers will research a company to find details about employees who hold significant positions within the organization. They then impersonate a person in power by sending an email to a first-line employee, who in turn gives up confidential corporate information, since they assume they’re interacting with a corporate representative in a position of significant responsibility. 

Hackers may also do online research, looking for clues about a company such as what clients they serve and/or what vendors with which they interact. They then use this information to impersonate employees from these companies and send spear-phishing emails to key members within a targeted organization.

Data thieves may also employ brand impersonation tactics throughout an email and send it to unsuspecting employees. When the employees open up the email it looks like it is from a trusted source such as Microsoft, Apple, or Google. The body of the mail may state the employee needs to reset their password with the specific company, only to steal the employee’s “new password” after they click on the reset link.

How to Combat Attackers 

Certainly, training staff members on how to spot phishing and other hacking attempts, should be part of every organization’s strategy to combat exploits. Computer security specialists have multiple tools at their disposal to help them with early detection and mitigation of compromised emails. Computer security professionals also use software apps that include forensic tools, advanced detection techniques, and incident-response resolutions.

Summary

If the thought of trying to ward off data thieves and hackers seems daunting, there is help available. Third-party computer security specialists are thoroughly trained in providing comprehensive security packages for all sizes and types of organizations. If you would like to know more about how to develop a complete strategy to thwart off security exploits, including how to effectively secure an organization’s email accounts, please contact us.

Four Major Benefits of an MSP

Four Major Benefits of an MSP

When so many of your business operations depend on computers and digital communications, high-quality IT services are essential for your company’s success. Hiring a managed service provider (MSP) to oversee critical IT functions can help your company grow and thrive.

What are Some of the Key Benefits of an MSP?

  1. The services an MSP provides are flexible and can change with your business’s evolving needs. Sometimes, MSPs serve as a well-run, outsourced IT department, managing a wide variety of IT functions and precluding your need to hire in-house IT staff. On other occasions, MSPs manage a smaller set of IT tasks or are hired for specific projects. If you already have in-house IT personnel, the MSP may work as their partners and share responsibilities with them.
  2. They enhance your abilities to handle complex IT issues. MSPs bring their support and expertise to bear on a range of areas, including cyber security, cloud computing, communications (e.g. email and VoIP), vendor management, network maintenance and monitoring, and data backups and restoration. Their round-the-clock management and support give you reliability of service, improved productivity, compliance with regulations, and stronger security.
  3. They can provide you with a more proactive approach to IT services. Rather than merely reacting to IT emergencies, your MSP works to anticipate and act on problematic issues before they develop into disasters. MSPs can also help you with IT planning, guiding you in IT-related decisions that best serve your company’s short-term and long-term needs.
  4. They save you on various expenses. When working with MSPs, you pay only for the services that you need, and often you can sign up for deals that include a bundle of essential services. Furthermore, with the reliable support and management you receive from MSPs, you minimize costly downtime and reduce the chances of suffering devastating IT disasters. By taking over different IT functions, MSPs also free up more of your time, so that you can focus on growing your business.

Don’t hesitate to contact us for more information about our managed services. Working with an MSP will give you reliable, high-quality IT services tailored to your business needs.