How a Compromised Email Account Can Lead to Money TheftGavin DiMasi
There have been so many reports of people – consumers, businesses and large corporate brands alike – discovering their email has been compromised only after losing thousands of dollars from their bank accounts. How can this happen, and how can you protect yourself from becoming a victim of this type of attack?
How your email can become compromised
Most of us use passwords for our online accounts. But have you ever used the same or similar password to access more than one system? Most of us have; both for work and personal accounts. That’s a problem!
All it takes is a single account password to be uncovered; an effortless task for attackers to find on an insecure site. Attackers then have your password and password variants, which they can use to gain access to your accounts, including email.
What an attacker could do with access to your email
Once attackers have access to your email, they’ve won! Your business uses your email for communicating with clients and suppliers, sending and receiving invoices and account information. All this information would now be at these attackers’ disposal to exploit for their own gain.
In one scenario, attackers can communicate with your clients using your credentials, most likely informing them of new (but fraudulent) payment details so that they – not you – get paid from your clients for your work or products. Your client will likely be quite happy to accept the new payment information since the email came from your business.
It will take some time for you to realise your money has been stolen, particularly now that the attacker can intercept your client’s messages and reply without your knowledge.
Preventing your email from becoming compromised
The solution is simple:
1. Protect your email account from unauthorised access with the use of two-factor authentication (or multi-factor authentication); this way, attackers cannot access your email even if they know the password,
2. Verify any changes your suppliers may have requested by email, and
3. Educate your clients, suppliers and employees on the above two points, proving to them that you’re more trustworthy than your competitors.
If you’d like to know more about how two-factor authentication can help your business’s data security, or to request an independent audit of your IT systems, please don’t hesitate to contact us.
08 9329 3333
Unit 1, 20 Twickenham Road
Burswood WA 6100
Opinions expressed in this post are that of the author and do not necessarily represent that of Torque IT. Although the author and Torque IT have made every effort to ensure that the information in this post was correct at the time of publishing, the author and Torque IT do not assume and hereby disclaim any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from negligence, accident, or any other cause.