Security Update: New Threat Spreads via User's Email Accounts

There has been a large increase recently in the number of user's email accounts being compromised. With each account that is accessed by an unauthorized user, this threat continues to spread by reaching out to that user's contacts. This post discusses this recent security threat, what to look for to protect yourself, and some tips for what you can do if you think your email account has been compromised.

Security Update: New Threat Spreads via User's Email Accounts

A recent security threat is spreading by taking advantage of user's contact lists after gaining unauthorized access to their attached email accounts. Once breached, a victim's account is used to email everyone in their contact list and ask for a variety of things or to try and gain unauthorized access to that user's email account to continue the spread.

Many of these threats are being found because people receiving emails from a victim of this attack noticed something odd in the email they received. The best thing you can do if you get an email from someone you know that appears to be the correct address, but somehow seems out of place or off, is to notify that person and see if they sent the email.

It is important that you do this using a medium other than the original email. Call them, message them, use another of their email accounts, or do whatever you can to make contact without using their original email. This is important because if their email account is compromised, and you email them back, you have no idea who is responding to you.

What to watch out for in emails

These are some things you can look for when receiving emails from people you know using email addresses you recognize. It is important to understand it is easy to spoof an email account, so getting an email from an account that you know does not mean it is legitimate.

  • Does the subject look like language the purported sender would use?
  • Is the language in the email consistent with how that person communicates?
  • Is the email asking for a favor like getting you to spend money in any way? This could be a request to wire money, buy gift cards, or anything else of this nature. This also includes requests stating they will pay you back later.
  • Are there misspellings in the emails?
  • Is there an urgency in the email? This clue cannot be stressed enough! Pressure can be portrayed in many ways. They may say they are trying to accomplish something and are running on a deadline and/or feeling overwhelmed and can you just help them. If you receive the information via a work email account it may direct you to do something on behalf of an "important client" or the "CFO". Any type of urgency, regardless of how it is presented, is often a scam.

It is unfortunate, but the best way to protect yourself is to question everything. When you get an email from a friend, relative, or loved one asking for help because they are struggling with something, you may be dealing with a scam. If this happens, call that person or reach out in some real-world way where you can connect with them to ask if they really need help or if perhaps an account of theirs has been breached. The more we communicate about these kinds of attacks and protect one another, the less likely we are to fall victim to them.

What to do if you think your email has been hacked

This is a topic we have covered before, which included three steps:

  1. Checking for email forwarding rules
  2. Changing the password
  3. Test sending emails

You can read more about why these steps are necessary, and how to accomplish them, in our original post. There are also other things you can do to protect yourself and others in this situation.

Check sent messages - check to see what messages are in your Sent items folder and if any of them were not emails you created. You may find emails you did not send which will help you be more aware of what your contacts have received. This will help you narrow down the list of people to contact. For example, if you see that three of your contacts were sent requests for $500, and others were sent simple emails not yet asking for anything, you know which three people to contact first.

Always try to contact people in some way other than the original email account that has been compromised. Still, it can be a good idea to send an email to all of your contacts from that email account with a simple "Do not open emails from me", or something similar, until you can follow up with them more directly to apprise them of what is going on. Remember, the more we protect each other, the less successful these attacks will be.

Check deleted items - there may or may not be anything in your deleted items, but it is possible someone could be deleting all of your incoming email so you do not see them. If they fail to secondarily delete them from deleted items, you will be able to see them there. This is important because you may have received an email from a contact asking if you sent them an email and/or any other number of things could be happening without you knowing it because someone else is intercepting your emails first.

Additionally, someone who has gained access to your email could set up a rule to move items directly to the Deleted items folder so you never see them while they know to check for them there. This is why checking for any email rules is a critical step.

Checking for email rules should be one of your first steps. This is what email rules looks like in Outlook.

Create a backup email account - this is extremely helpful in situations where emails are compromised as it gives you another way to securely contact those people in your contact list who may now be at risk. It also never hurts to have an email account that you know is safe to use, which leads me to the next item.

Never reuse your email password - and I mean never! Reusing your email password is one of the riskiest things you can do because it is often used to recover other accounts. You can read more about why reusing an email password is so risky as an entire blog was dedicated to explaining the risks.

Enable multi-factor - wherever possible as this will make it more challenging to gain access to your account. Every step you take to increase the difficulty in gaining access to your accounts discourages someone who is trying to gain access to them, hopefully enough for them to move on.

Email is used for so many aspects of our lives that having them breached is a huge threat. We use email accounts to log into websites, place orders, communicate with others, and much more. Sometimes we email ourselves attachments and photos so we can access them later or be able to get to them in an emergency. These are only a few reasons why unauthorized access to our email presents such great risk. If you think your email has been breached, follow the steps above to protect yourselves and others.

As always, the more effort we put into protecting ourselves and everyone we know, the harder it will be for others to access our private data!