Police in Australia have arrested a 23-year-old woman in Melbourne, Australia, in connection with an email hack that resulted in a huge amount of virtual currency being stolen.
The story starts in January 2018, when a 56-year-old man discovered that he had been locked out of his email account. His password had been changed and his account’s security settings updated to enable a mystery cellphone to be used as a means of secondary authentication.
After two days the man was able to regain control of his email account, and after checking its activity found that his cryptocurrency wallet had been emptied.
The man, who has not been identified, contacted local police saying that 100,000 units of the Ripple cryptocurrency (also known as XRP). In total, the cryptocurrency that was stolen from the man’s electronic wallet and transferred to an account in China is believed to have been worth AUD $450,000 at the time, or approximately US $320,000.
Further investigation determined that the virtual currency sent to the Chinese exchange was later converted into Bitcoin.
Yesterday, as the Sydney Morning Herald reports, Australian authorities arrested the unnamed 23-year-old woman at her home in Epping, Melbourne, and charged her with the theft.
During the raid, police seized computers, hard drives, and mobile phones for digital forensic examination.
According to investigators, the woman is believed to have broken into the email account and used information contained within it to ultimately access the victim’s digital wallet.
The woman has been granted conditional bail, and is due to appear in court on 19th November.
New South Wales Police Detective Superintendent Arthur Katsogiannis warned that email users need to be careful about how they protect their inbox, and to consider the sensitive information that could even reside in ‘Sent’ and ‘Deleted messages’ folders:
“An email account is more valuable than people realize—scammers are increasingly targeting emails as they link the individual to financial accounts and other personal information. There is often valuable information saved in sent items or the trash, and scammers will look for anything that will assist in taking over your identity or accessing your finances. This is the modern equivalent of digging through a household rubbish bin or stealing mail.”
It’s certainly something worth remembering. Your email address is perhaps the crux of your entire internet identity. Just about every service you access has some type of link to your email address, and inside your inbox there will be sensitive information which can be a goldmine for an online thief. Furthermore, it is usually your email address that will be contacted by services if you (or a criminal) requests a password reset to an online account.
Most major online services, including email accounts, provide additional levels of security which can make it much harder for a hacker to gain access.
Enabling two-factor authentication (2FA) for instance, means that even if an online criminal manages to steal a password through, for instance, a phishing attack it will be much harder for them to log into an account and will, in many cases, make a thief look for a softer target.
Some online services even allow the use of physical keys if you do not want to use a smartphone app for authentication.
If I had $320,000 worth of cryptocurrency stored in a digital wallet, I would certainly want to know that there were strong security measures in place to make it as hard as possible for unauthorised parties to access it.
Furthermore, it makes good sense for every internet user to choose strong, hard-to-crack passwords and never reuse the same password on different sites. Password managers are probably the best way for most people to generate complex passwords and store them securely.