Why a criminal might want to hack into your email

[humble3d]

Why a criminal might want to hack into your email

In the wake of two large breaches at Yahoo that compromised a billion accounts, including users' email addresses and passwords, experts say email accounts are a major target for criminals.

"When an attacker compromises your email account, his possibilities are limitless," said Omri Iluz, the co-founder and CEO of PerimeterX, a cybersecurity company.

WikiLeaks aside, it's not necessarily the content of your emails that cyberattackers care about. More likely they're using your account to make money.

Since many accounts use email addresses as the log-in or to reset passwords, email accounts are highly connected to your online identity, including banking and shopping accounts.

"[A hacker] can go and log into any account that you have by simply clicking on the 'forgot my password' [button] and getting a new password to your email. He can create new accounts by using your email and faking your identity," Iluz said.

Once cybercriminals get into email accounts, they move quickly and often go unnoticed.

"Within an hour, they drain your bank account. They ship items from your stores. They try to infect your friends [on social media]," said Iluz.

Another option for cybercriminals is to sell access to hacked email accounts on the black market.

"Email accounts go on the underground marketplaces for 10 to 20 times more than credit card [accounts]," Iluz said.

PerimeterX specializes in preventing attacks from malicious bots. Bots are an application programmed to do a task, such as sift through files, much faster than a human can.

They can be used maliciously, such as to crack passwords, known as a brute force attack.

"Brute force is the most popular attack [against email accounts] right now," Iluz said.

To get your email password, cybercriminals have bots guess passwords. Sometime they use lists of usernames and passwords stolen in other breaches and sold on the black market, such as those from breaches like that of Yahoo.

"Consider this ammunition," said Iluz.

"It can take hours, it can take days, but eventually [a hacker] will be successful.

He will be able to enter and take over thousands of accounts."

One reason hackers are so successful is that many users reuse passwords.

"Users use on average only 6 passwords throughout their entire online identity," said Iluz.

To protect yourself, you should use different passwords for different accounts and change them frequently.

"If you reuse your password and it was leaked, you have to change your password everywhere you use it," said Iluz.

You also need to watch out for fake emails.

Cybercriminals may send out phishing emails pretending to be Yahoo or other recently breached websites.

Hackers may also send emails from hacked email as if they were the owner accounts trying to get personal information.

 

http://finance.yahoo.com/news/why-criminal-might-want-hack-175643243.html

 

[straycat19]

Why I might want a criminal to hack my email

 

If it is easy to hack it might be that way on purpose.

 

Accessing the account from an unknown IP might trigger the background installation of malware.

 

Accessing any email in the account might trigger the background installation of malware.

 

Accessing the email account automatically downloads documents and other identifying information from the criminals computer.

 

A persistent link is created with the criminals computer so that he can be tracked and monitored.

 

I enjoy f*cking with stupid people.

 

My handcuffs are lonesome and want some company.

 

 

 

[Pequi]

On domingo, 18 de dezembro de 2016 at 3:25 AM, straycat19 said:

Accessing the account from an unknown IP might trigger the background installation of malware.

 

Accessing any email in the account might trigger the background installation of malware.

 

Accessing the email account automatically downloads documents and other identifying information from the criminals computer.

 

Only if he uses something like Chrome to access your web account. Hackers don't use backdoored browsers (unless they are script kiddies).

They use curl or wget or ftp and download your whole mail folder. And then examine it offline.

[Pequi]

On sábado, 17 de dezembro de 2016 at 4:31 AM, humble3d said:

You also need to watch out for fake emails.
Cybercriminals may send out phishing emails pretending to be Yahoo or other recently breached websites.

 

There's been a flood of emails from Yahoo telling me do adopt "extra two factor identification" (cell phone and fingerprints) for my "safety".

It even says that if I hand over the data, I will be free from "remembering complicated passwords".

 

I think Yahoo should come out and warn people that it would NEVER demand two factor identification (because that would be double the chances of someone hacking in) and that the emails are fake. The headers are from a MAIN YAHOO ADMIN account, but the links in the mail redirect to countries in eastern Europe. Anyone that falls for it will hand over their password AND a hash of their fingerprints AND cell phone number.

 

Maybe the Yahoo CEOs are playing the market ... and expecting Yahoo shares to tumble when a further 100.000 accounts are hacked. (they'll never have 1 billion accounts again ...)