As a web hosting professional, I often come across with issues where clients’ email get hacked.
It is not something tough to guess what the consequences are:
- Sends out thousands of spam emails
- Steals financial or other important documents
- Pretends to be actual email sender and commits forgery
- Email domains and IPs get blacklisted
- and many more…..
Now, the question is – how can email account get hacked/compromised and what could be done to prevent this?
How does an email account get hacked:
- An email account can get hacked by various means but the most common method is by opening email attachments which contain virus.
- If an email account password is too weak. Hackers can implement a dictionary attack and hack the account easily
- If the user’s computer is compromised – virus/malware affected. This is one of the most common reasons.
- Use of a publicly available Internet to access the email account.
- If the hosting account Control panel (ie, cPanel, Plesk) details get leaked. Hackers can do all kind of damages to the website as well as get hold of all email addresses. Again a compromised computer can cause this if the cPanel account is accessed through it.
- Using office or corporate email accounts for signing up public forums, websites, social media platforms etc. This exposes the email account to the whole world and attracts the attackers.
What can be done to prevent Email Account Hack:
1. Educate the email users on how to safely use the email account. They should not open attachments in emails from unknown users. Should not fall in a trap of phishing links – should not sign in to any other link with their email username and password other than the webmail link.
2. The email password should be very strong. It should be minimum 8 characters with atleast 1 uppercase letter, 1 number, and a special character.
3. A user needs to maintain a safe and secure computer. They should use a paid Internet Security Program (Like, Kaspersky, BitDefender, Norton) and not just a simple antivirus. A simple antivirus can only detect a virus affected file. But an Internet Security program proactively monitors emails, attachments, phishing links, virus attacks, external DDoS attacks and identifies Virus affected files even before getting the affected files downloaded into the Computer.
4. Users should not use a publicly available internet as most of the times hackers trace packets sent over these networks.
5. Whoever accesses the main hosting control panel – should have a secured computer as discussed in point # 3.
6. Users should not use email accounts in multiple devices and especially devices that are not secured. I have noticed some users use office emails in their personal devices and access them from home or from outside of the office perimeter. Sometimes, the devices that they use are not safe or are compromised. For example, a handheld mobile device which is compromised can leak the credentials to the hacker. Most of the time – our home internet Network is not secured enough. Accessing the email from such a network can also lead to hacking as someone in the network can sniff packets and trace login credentials.
7. Users should not use office emails for personal communication, signing up social accounts, signing up in public forums or websites.
Lastly, the most important thing that I would like to mention is to maintain the high standard of the Awareness among the users. NO SYSTEM IN THIS WORLD IS UNBREAKABLE. It is our awareness and knowledge which can reduce the chances of getting hacked and ensure the safety of the technology that we use.