An email account with a simple or weak password puts your information at risk. Confidential attachments, messages, bank information, contact list, or personal conversations could fall into the wrong hands if an email account gets hacked due to a weak password.
Attackers know the value of corporate accounts. With the right tools, they are able to extract email addresses associated with the business. Those users with weak passwords are at risk of getting hacked.
Password guessing attacks happen all the time. Employee email addresses are more likely to be targeted since they contain valuable information that can be used depending on the attackers objective.
Few things that could happen if an email account gets hacked:
- Pretend as the email owner and demand financial information from the person handling the finances (This is more effective if an executive's email gets compromised)
- Contact the customers and instruct them to send payments to a suspicious bank account
- Extract contacts and valuable information found on the email address
- Denial of service. Lock the user out and prevent access
- Distribute malware and infected attachments to contacts and other staff members
- Send Phishing or SPAM emails to customers
Warning signs that your email address is being accessed by another party:
- Unknown or random emails showing up on your Sent items
- You received a reply from an email you never sent out (Can also be from phishing emails that used your email as return-path)
- Weird inbox rules that move email items to another folder instead of your inbox
- Missing or deleted emails without your knowledge
- An email was delivered to your inbox but suddenly disappears. This happens to Junk emails but not with valid emails
It might be difficult to notice if your email was already hacked. Attackers observe which time of the day you access your email and will often hide their tracks. It is important to report if you notice something odd is happening with your email.
If any case this happens to you, report it to your administrator and request to investigate and review the log files. This should provide information about the history of emails that were sent and received from your account. The report will contain important details such as sender, email subject, IP address, date and time emails arrived. Body or content of the email will not be included in the report.
Your email password should be secure, difficult enough to be guessed by anyone. It should not contain any identifiable information or common passphrases. Best practice is to use alphanumeric, make it longer, and at least include a symbol to your password. The more characters you have on your password, the lesser the chance of it getting hacked.
If you feel you are not using a secure password, take time and update it now.
This is a great feature to prevent unauthorized access to your account. You need to check if your email provider supports multi-factor authentication.
What it does is it generates a unique code from the app installed on your cell phone or it will contact you to provide the code to be used during login. This will also generate unique application passwords to be used for your mail client programs.
Although this might come with an additional license cost to implement, the impact of getting your email credentials stolen is much more than paying for this additional layer of protection. Some provider also offers this at no extra cost, so it’s worth asking your provider about it.
Of course, you can also lose your phone or someone can gain access to your desktop computer. But most phones have lock codes and computers to have passwords. So, they should be using strong passwords too! Remember: refrain from sharing your passwords with anyone.