When we talk about cyber-attack, we also think to critical network infrastructure and its security controls. Beside the physical and technical approach, human is anther weak link within cyber security which is very easy to cheat or even break into.
To use any internet platforms, Email is the core requirement in their registration and verification. For instant, register Domain Name, Hosting, Facebook, Instagram, Email, iCloud, etc. Every of those applications will recognize your email for any activities such as reset your password, change your setting, or even delete your account.
By the perfection of the email, cyber attackers always focus on victim’s email rather than system exploitation. There are four popular techniques which are using to hijack your email account:
– Email Phishing: this technique is the most popular. The victim might get in the trick and provide their sensitive information such as email account, username-password, credit card, passport number, citizen ID, etc.
– Session Hijacking: the attackers can use few methodologies to steal your email session and then use some tools to clone your session to login your email.
– Man in the Middle Attack: attackers might be insider or outsider who can access to your organization network and sniff your internet traffic for malicious purpose. He can see your plain text email credential if you are not using the Secure Socket Layer (SSL and everyone know that’s HTTPS).
– Key Logger: this is a kind of malware which can be installed in your computer or smart device. It will keep listening your keystroke and then send to the attacker silently without your knowledge.
What are the possible risks once after your email compromised?
It is depend on the objective of the attack. Intruder might do any activities as below:
- Keep silently and watch your email communication for financial attack (money fraud).
- Use your email smtp for SPAM activities.
- Use your email to hijack any related internet/application accounts (Facebook, Instagram, iCloud, Twitter, access to company system, etc.)
- Hijack your domain names that registered with your email account.
- Use your email to distribute the malware or payload to your contact list.
How to secure your email account?
- Always user HTTPS while you are using your email box. Request your email provider, if they are not applying the SSL.
- Use complex password and don’t use same password for any applications.
- User step two verification such as SMS, Call, or Code Generator.
- Always check your send box.
- Configure your security settings base on the best practice of security requirements.