How to Check If Your Email Account Has Been Breached
It’s hard to find someone who hasn’t had their email account hacked at some point. Many people believe they aren’t a target for being hacked as they don’t hold valuable information. This is incorrect and everyone can hold information which can expose threats to an organisation.“Cybercrime is the greatest threat to every company in the world.” (Ginni Rometty, Chairman, President and CEO, IBM)
One of the most common ways cyber crimes happens is through your email account. In this article we will give you a breakdown of how an email account is breached. We will also discuss what measures you can take to ensure you are following the best practices to protect your accounts.
Let’s start with how an attacker could have gained access to your account. We are seeing more frequent incidents where users are been targeted by email phishing. This is essentially someone sending you an email to try gain information out of you. This can be as simple as them using your email layout/signature to target your clients or even members of your staff.
Another way is with emails containing links. This can be in the form of a PDF attachment on the email or there could be a link directly within the content. When you click on this link you will be prompted with a login page that is a replicate of the website/business they are impersonating. If you enter any information on this page e.g. email address /password, the attacker will now have gained access to your information. They will now be able to login into your email account.
There are constantly new techniques being developed against stopping these attacks from happening. However as fast as these are being developed and implemented attackers are quickly coming up with new ways to target people or companies. Unfortunately for the team fighting back against them, this method is very difficult. This is because people often receive many emails containing several links in them. It would require training our software to examine each link on an individual basis to decide whether it’s an authentic or corrupt link.
In the past attacker’s have gained access to mailboxes by sending out a mass spam email to all your contacts. As more people have becoming aware of generic spam email, the attackers are developing new tactics which are more inventive and methodical. One method they are undertaking is, that once they have gained access to your account they will then spy on your account in order find out as much information as possible this will include…
Gathering intelligence about you
What you do
Who you talk to
Your position in the company
How you word your emails.
They may also put a forward on your account. This will then forward any emails you receive to an email account they control. By doing this the attacker doesn’t have to stay logged into your account and the forward will remain even if you change your password.
Once they have gathered the information they require from you, they may decide that you’re not a target worthwhile. Nevertheless, they may use the information they have gathered to target someone higher up in your organisation like an accountant. Just think about what an attacker could do with access to your accountant’s mailbox. Your invoices, your customers invoices or possibly your bank details.
By using this information, an invoice can be created that looks identical to your organisations. The only change will be that somewhere in it will have or include something about “we have updated our bank details”. This can then be sent to one of your clients from the email addresses they have gained access to.
As most businesses have a good relationship with there clients and have gained a shared trust from them. Clients will pay this to the details they have received as they recognise and do business with you.
Okay, How Do I Check?
If you are using Outlook, under the Home tab you should have an option to manage your inbox rules.
This will then open a box that displays all the rules you currently have on your mailbox. Most people will have rules set in place to move emails from X folder over to Y folder.
Once here you will need to look for is any rules that forward or redirect emails. The only way to check this is to check each rule individually as they could have named the rule to something which you would suspect as not being legit.
When checking the rules in place, look for anything that contains the words “forward” or “redirect”. Pay very close attention these.
If you do have a rule that is forwarding/redirecting emails to an unknown email address this is a very strong indicator that someone has had access to your account at some point in time and they may still be monitoring your emails.
There is also a seconded type of forwarding. However, this is something which would need to be performed by your IT department. This is a quick test which usually takes couple of minutes to perform. This check is very advisable and highly recommend.
It may not be realistic to perform the above task if your have a lot of users within your organisation. You may also not feel confident with users checking this themselves. If so, you can ask your IT to check. This will involve taking all the rules people have set up and checking for works such as ‘forward’ and ‘redirect’.
My Account Is Clean, How Do I Secure Myself?
If you are using an Office365 licence which is Business Premium or above (this does not include Exchange Online Plan 1) then you can ask IT to setup multi factor authentication on your account.
With this method installed on your account if anyone manages to figure out the password, they would also need the code that is texted to your mobile phone to login to your account and access your data. So, unless the attacker also has your phone. Your safe.
What Else Can be Done?
IT can also put something in place to detect auto forwarding of emails and notify and/or block if one has been detected. This would be an early warning of a potential breach.
Putting these practises into place can help protect your email account from becoming compromised. There are still ways in which cybercriminals can access your information but by following these practises you are reducing the risk of expose your business to these types of threats.
If you would like more information on the different security services we offer to keep your business secure click here.
Or if you would like to speak with our team, please get in touch with us here.