The data is in and the results are clear – cybercrime is on the rise. According to recent reports from the FBI, cybercrime has increased as much as fourfold since the beginning of the pandemic. But the truth of the matter is that cybercrime had become increasingly problematic far before the onslaught of COVID-19. In fact, one study conducted by the Clark School at University of Maryland found that the rate of attacks on computers with internet access was “near constant”, happening every 39 seconds on average to be exact, and affecting one in three Americans every year. According to Assistant Professor Michel Cukier, the computers in the university study he conducted were noted as being attacked “on average, 2,244 times a day”. That’s some food for thought.
When it really comes down to it, many individuals simply just aren’t as vigilant as they should be when it comes to being diligently proactive in their efforts to prevent themselves from becoming a victim of cybercrime. We know what many of you are thinking: Hey, it’s not like I’m some bigwig at a Fortune 500 company, and I really don’t use my personal email for much more than internet subscriptions and casual conversations. It’s not like I have anything of value to offer, right? Wrong. If you’re interested in learning the value of a hacked email account to a cybercriminal, then this article is just for you.
1. Access to personal/private information
When it comes to hacking, you have to think of it like mining for buried treasure. Yes, there are some hackers which are looking for that massive payout, that huge breach that will make them famous in the world of cybercrime. However, the truth of the matter is that many cybercriminals are simply looking for little bits of valuable information that they can glean from everyday individuals. If you’re like most people, your email is integrated with your personal device and numerous apps. But how would you feel about a hacker gaining access to your messages, your Google or Skype chats, or your personal calendar? Many individuals’ email accounts also provide access to personal information such as photos, call records and even cell phone account numbers. Access to these bits of information can open the proverbial Pandora’s Box to even more sensitive information about you and your loved ones – all of which can be leveraged in order to compromise your security, identity, and safety.
2. Access to financials
According to a study conducted by Verizon, a whopping 86% of security breaches are financially motivated. So, it comes as no surprise that hackers would find a particular interest in harvesting information which can give them access to your financials. Do you pay your bills online? What about your bank account? If you’re like many individuals, you most likely have your banking institution’s app on your cell phone. But how did you register your online account with them? Chances are, it all began by providing them with an email account and a password. Impersonation is a popular tool of choice for cybercriminals, who often leverage account information in order to access an individual’s financials or make significant adjustments such as a change of billing. Think about the damage that could be done if a hacker had access to your email account and password, as well as any correspondence you may have had with your financial institution through your email. This doesn’t even take into consideration the fact that many individuals use the same exact password or a simple variation of one for all of their devices, apps, subscriptions, and platforms. The results could be catastrophic.
3. Account credential resale opportunities
We all pretty much realize that one of the primary motivating factors for cybercriminals is a payout. But did you know that many of these cybercriminals profit from the resale of private and personal data on sophisticated forums on the dark web? One former reporter for the Washington Post by the name of Brian Krebs identified a forum by the name of Rescator which was being used for just this purpose. Krebs found that individuals were using this platform to sell millions of individuals’ stolen credit card information for as low as $20. According to Krebs, cybercriminals sell everything from Verizon accounts to iTunes and BestBuy accounts, even stolen W-2 forms. The scary part isn’t just that Rescator is far from the only highly sophisticated forum out there for such dealings, it’s that any Joe Schmo with internet access has the ability to purchase your personal and private information for as little as $20.
4. Ability to compromise your network
Gaining access to a hacked email doesn’t just give a cybercriminal the ability to compromise your personal information, security, and safety, it also gives them the opportunity to do the same for your entire network. Take a moment to think about all of the contacts you have in your personal or professional email. When a hacker gains access to your account, they are effectively able to impersonate you. Many times, cybercriminals will send emails containing malicious code in a variety of formats en masse to a person’s contacts. Sometimes, they take a more personalized approach and try to coerce individuals into revealing personal information, financial information, or sending money under the guise of being you in distress. When a cybercrimnal hacks your email credentials, they ultimately have the ability to exponentially increase their reach by gaining access to your entire network of friends, family members, and coworkers. That’s a lot of value.
5. Personal identity harvesting opportunities
The issue with email is that it often contains hundreds if not thousands of records of information, often personal, that have been built up over time. In this day and age, email is one of the most efficient and popular means of communication and as a result, we use it for a lot – to pay our bills, to register our online financial accounts, to communicate with our employers, our doctors, our children’s school. Maybe you moved to a new town and emailed your doctor’s office your new patient forms and a form of photo ID for verification. Perhaps you booked a vacation with a travel agent and emailed them your passport number. Maybe you take care of your taxes online and received a verification email from your tax provider or a copy of your W-2 statement in your email. Or, have you ever given a friend your home address via an email message? The key isn’t necessarily in getting large chunks of information all at once, it’s being able to harvest little, tiny bits of useful personal information from various locations and use it in order to build a complete profile of your personal identity.
6. Access to sensitive employer data and information
Business Email Compromise (BEC) has become increasingly popular in recent years, and has taken off during the pandemic. This type of scam varies in methods but often involves a cybercriminal impersonating a key individual at a company in order to exploit the recipient of an email into revealing valuable information. The criminal naturally relies on the hopes that the recipient will not double check that the communications being received are authentic and unfortunately, in many cases, they don’t.
However, this isn’t the only way that hackers can gain access to sensitive business information via email. Many times, it’s due to neglect in following proper protocol. According to a recent Stroz Friedberg survey, an astounding 87% of Senior Managers admitted that they had uploaded business files to either a personal email account or a cloud account and failed to properly utilize company servers in order to store sensitive data. What this shows is that any individual within a company, regardless of rank, can become susceptible to a lackadaisical mentality regarding corporate security. When it comes to handling professional matters and sensitive information from your company, it’s essential to keep matters confined to a secure server and never use personal email.
According to Cybersecurity Media, by the end of this year, there will be an estimated 300 billion passwords used by humans and machines globally. That’s a lot of opportunity. Recent estimates from IBM show that the average time it takes to identify a security breach was 206 days – the better part of a year. However, despite the fact that cybercrime is on the rise and the stakes are high, recent research by Varonis found that an astounding 64% of Americans have never even checked to see if they had fallen victim to a data breach. Cybercriminals are becoming increasingly more savvy and difficult to catch and something as simple as access to your email account can have devastating consequences on not just you, but your employer and those closest to you. Despite what many may think, the value of a hacked email account is quite significant. Here at VisioneerIT, we urge you not to throw caution to the wind because at the end of the day, you and only you are responsible for taking steps to protect yourself against becoming a victim of cybercrime. So, stay educated and remain vigilant.
Have you ever fallen victim to cybercrime? If so, was there anything in particular you learned from the incident? Let us know in the comments below. We would love to hear about your experience.