When it comes to targeted email hacking, it’s a repeated misconception that being small-fry, when compared to the mega-corporations and tech giants, puts you in an undesirable category to hackers, but now more than ever it couldn’t be less true. There’s been a shift of attention in the hackers sights, and businesses of all sizes are fair game.
The big prizes for email hacking comes from extorting big banks, billion dollar industries and the players within them. But if you play a part in the industry, even if you’re just a supplier to a supplier of a supplier (you get the picture), you’re just as viable to target. The reason being, you’re a trusted egress point into the bigger companies. If you or your staff’s email account become compromised, suddenly the hackers aren’t having to spoof sender addresses when spamming their biggest targets, they aren’t having to buy fake domains with slight changes to names to look like they’re a legit email (email@example.com anyone?). Its far simpler to land access to an account of a business that suppliers the suppliers of the bigger targets.
Its like a horrific yet beautiful chain of events that trigger where lets say for this example, your email is hacked. Suddenly all of the businesses you’ve dealt with in the past are targets for the hackers to spam with emails containing keyloggers or payloads, and if they can hack even one of your contacts past or present, that’s another step closer to finding a way “in” to Forbes Fortune 500 companies. There’s a reason 55% of the UK’s email content is spam!
You’ll notice the IT sections of certifications or supplier questionnaires are starting to double, if not triple in size, this is acknowledgement in the change of tactics hackers are taking to breach the security of the larger companies.
Fret not though, there’s a single cyber security step you can take to bolster your email defences. Multi-Factor Authentication (MFA). By now, almost everyone is on a cloud hosted email platform (Microsoft 365 being the largest), and MFA isn’t enabled by default. Turning it on and having it set up correctly (binding to an “Authenticator” app created and published by Microsoft on all mobile app platforms) completely eradicates the email breach threat. Sure an email address can be guessed and matching password can be bought on the dark web. But without your phone, its unlock code and/or your face ID/fingerprint, they’ll still not be able to gain access.
If you don’t have MFA enabled and you suspect you’ve been victim of email hacking, there’s a couple of tell-tale signs to confirm it. Check your mailbox rules – the first thing a hacker with access to your emails will do is set a rule up marking all received emails as “read” then will move them to deleted items. Sent items are also deleted so there’s no trace of the 1000’s of emails you may have spammed. Oftentimes a second rule is created to periodically delete the deleted items to prevent further recovery (our 365 backup utility can help with that!). 365 Admins can run a message trace against your email address in the Exchange Online console to see how many emails you’ve sent out.
Your 365 Admin should be able to deploy MFA in a few clicks, but if you’re a sole user and are looking for guidance, our “little” MFA guide covers it all! It explains everything you’ll need to know and provides overview of how to set MFA up for 365.
If you have any issues, please reach out to us and we’ll set up a call to assist. For what we do today, secures your business tomorrow.