Originally Posted On: https://www.microtechboise.com/blog/the-anatomy-of-an-email-breach-what-really-happens
Beware. Email fraudsters are getting smarter and more aggressive. Nowadays, these cybercriminals can take over your email account and, by extent, your business. Your clients, your money, and trade secrets will all be at their mercy. Here is how it goes down.Have You Been In Any Of These Situations?
You try to log into your email account, but ‘wrong password’ is the message you get. Upon looking into it, you realize that your password was changed, but you can’t remember doing it. You know that something is up.
Or you access your email just fine, but upon opening your inbox, you notice that some new messages have been read, but you don’t remember opening those messages.
You go over to your sent folder, and you find out that someone has been busy with your email, and that someone is definitely not you.
The calls and emails start coming in. Clients, colleagues, and friends are asking what is happening. “I am getting strange messages from you. Please tell me you didn’t send that.”
You switch into panic mode. Someone is targeting you, but you are not sure who. You subconsciously create a suspect list, but before you can even act on it, you get a call from your bank or HR or the procurement department.
They tell you that the wire transfer transaction has been complete (worst case scenario).
Or an automated phone confirmation that “your payroll information has been successfully updated.”
But you didn’t authorize any of that! Now you are top over yourself with fear. Deep down, you know that this is hacking and not a staff room prank. Certainly, that colleague you love to hate wouldn’t have gone to such an extent! So what do you do now?Reality Check: You’ve Been Breached
Whatever you do next, realize that you have to do it fast. But remember, too, that you aren’t the first and you won’t be the last person to experience an email breach. Here are the numbers:
- Business email compromise scams resulted in $12 billion losses in 2018, according to the FBI
- 76% of businesses said they were a victim of a phishing attack in 2018
- Phishing accounts for 90% of data breaches
- The financial loss in a data breach is $3.86m, according to IBM
Back to your case, how did such an attack happen?
You may or may not have been an easy target. The cybercriminals these days have numerous approaches to compromising email accounts. Your case could fall into one of these:
You were caught in a phishing scam: Someone sent you a message purporting to be a client, a colleague, a boss, or a friend. Either directly or indirectly, they asked for your personal information. You gave it to them.
You clicked on a malicious ad: It may have been sent over email, or you stumbled on it online. The deal was too sweet to ignore. And you ended up filling a form and spilling the beans about your personal information.
You used a public WIFI, computer: You went to the coffee shop to work without considering that their network could be insecure. Or maybe you logged into your email on a public computer and forgot to sign out.
You have been reluctant to change your password: Like many computer users, you like everything ‘user friendly.’ That’s why you have been using the same password for a year, and it is as easy as 123, so you don’t forget it. But that also made it easier for the threat actors to guess hack it.You Have An Email Breach: What To Do Now?
- The first thing you need to do is change your password if that’s possible. Doing this locks the fraudsters out of your account and stops further damage. If you can’t do that, email or call support ASAP and inform them of the breach.
- Call your IT team: Or email them with a high priority ticket, stating all the details of the breach. Tell your bank, your boss, or your colleagues. You don’t want to lose money in those transactions you didn’t authorize. Inform these parties to ignore any such emails.
- While you’re at that, have IT find details of the breach: If it’s a network issue, it’s likely going to affect many other people in your organization. And if they only targeted your device, they might have installed a malware that is by now crawling into the network.
- Scan the computer for viruses and run patches: In fact, your IT people should scan the whole network and update all systems that may have been accessed or that share a common password.
- Find out what has been compromised: What passwords have been stolen? What client data has been accessed? Then, get a list of contacts affected. These are likely clients, and you need a PR approach to dealing with this.
Before telling them about the breach, you might consider consulting your legal team or your cyber liability insurance people first.Prevent A Future Breach
How do you prevent future email breaches?
- Create a strong password
- Update your passwords regularly
- Update your OS and apps
- Update your firewalls and anti-malware programs
- Work with IT to create a two-factor authentication system
Robust email security boils down to culture and controls. Have a culture of creating strong passwords and avoiding suspicious emails. Have strong and updated firewalls in place, along with two-factor authentication. But if you suffer a breach, use the above blueprint to minimize damage.
Learn more about how email breaches can happen and how to avoid them in our guide.