Exchange of confidential documents via email has become a dangerous endeavor. This is especially true for law firms, investment banks and corporations. Take attorneys as one example. The bar obligates attorneys to protect the information of the clients, and apart from the financial damage the client may suffer, the attorney can be faced with a potential disciplinary measure.
How Bad Can It Get?
The risks have become so high that even government agencies can be hacked. One wrong click or a misstep in the cyber security protocol can leave the hackers with open access to the entire network, along with the most valuable secrets of the clients.
A proof that exchange of confidential documents is extremely risky is the recent hack into the AOL account of CIA Director, John Brennan.
The teenager who hacked his account posed as a Verizon worker and tricked another CIA employee to reveal the Director’s personal information. He managed to access government documents that were stored as attachments on the director’s personal account.
Companies put themselves at great risk by doing such exchanges. Usually the employers are legally liable for all information transmitted through their system.
Additionally, new regulations impose an even greater risk by forcing companies to store all email based communication while managing to protect the privacy of their clients.
Who Does This And How?
Email hacking is not necessarily something done by highly sophisticated hackers. Everyone can do it, even without extensive technical knowledge.
There are three basic methods used by hackers:
- Phishing – The most common technique known to web security heads. It’s usually done by redirecting users on a fake website incredibly similar to the legitimate site requiring user information including passwords, usernames and credit card details.
- Keystroke capturing – Essentially a Spyware that hacks remote computers. Attackers usually send key-logger apps that convey the users to install them. Afterwards the key-logger constantly monitors user activity and collects entered keystrokes.
- Password guessing – The process of manual user manipulation with the goal of discovering their personal info. In this case, the hacker knows the user and information such as birth date, phone number, hobbies, professional occupation, interests, etc. This is enough for the hacker to try guessing the email account security questions.
Recently, there were two cases where Indian companies had to pay 5 million US dollars to prevent hackers from disclosing sensitive information.
Also, the Oil and Natural Gas Corporation Limited lost Rs 197 crore because hackers duplicated the official corporate e-mail address, applying minimal changes, and used it to convince a client to transfer money to their bank account.
The Role Of Mobile
Using webmail services on your mobile makes the life of an average hacker relatively easy. Adding your mobile phone number as a means of verification for any online service you’re using right now, can make you more exposed to attacks.
The hacker needs to know your email address and phone number. Once he knows this he can send you a message posing as a representative of your webmail service and ask you to send the verification code you got via message.
And that’s it. By sending your verification code you give this cybercriminal an access to your e-mail account.
How To Handle This?
What to do if this happens to you? Here’s a simple step by step guide that will work in most cases:
- The first step, of course, is to change your password.
- If the password is already changed by the hacker use the ‘forgot password option’ and answer your security question.
- Then add a second type of authentication like a one-time code generated by an application.
- Next, check if your account settings are changed in case the hackers selected the option to receive a copy from every email address you send, and if so, change this option back.
- Run a full scan for malware.
- If the computer detected a malware, change the password of the email once again.
- Then check whether some other sensitive information had been compromised from the content of your emails.
How To Prevent This
Businesses usually have numerous different contact information forms presented on the various communication channels they’re using to reach their audience.
The bigger the number of contact sources, the bigger the risk from hacker attacks.
Medium sized companies and corporations start thinking about virtual data rooms more often than before while secure transfer protocols and software solutions are getting huge attention from business owners.
These are probably the two best ways to protect your business from hacking attacks at the moment, but if you want to prevent this from happening again make sure you have a strong password and be very careful where you click or enter personal information.
Hackers hide behind each corner.