Personal information is the number one asset for cybercriminals. Once collected and sold to the highest bidder on the dark web, your data can be used in many ways, from impersonation to identity theft and fraud.
One way for a threat actor to find your information is by going through the numerous data leaks that are increasingly plaguing the online world.
Yahoo, for example, suffered three major data breaches between 2013 and 2016 that affected around 3 billion users. The leaked data included names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth and hashed passwords.
The chance your email will be hacked or accessed by a cyber criminal is even more likely now, when data breaches occur daily. “So What!” you might think. “Why should I care and how can it affect me?”
Well, your email address and password are the Holy Grail for an attacker. Your credentials give them easy access to anything you’ve received or sent. They can even use your account to send malicious documents and hack your contact list. If you used the same email account and password to sign up on other platforms and services, they can gain access to all of them. Also, they can reset passwords for various online services you’re subscribed to if the recovery email addressed is the one that they hacked.
The most telltale signs of an email breach include:
- Your password has been changed – If your password has been changed but you don’t remember changing it, you might have a problem. One of the first signs that your email has been compromised is that you are locked out of your account and your password no longer works.
- Unusual account activity – in some cases, the attacker will not change the password immediately. It’s best to check your sent folder for items you do not recognize. Other suspicious account activity may include recovery phone numbers or emails that you don’t recognize, an alternate contact email address, apps with access to your account, unauthorized purchases from the Google Play/App store and 2-step verification is turned off.
- You are receiving unexpected emails – cybercriminals will peruse your Inbox and messages to gather information on your activity and financial accounts. They may sometimes create messages from your bank or credit card provider incorporating your personal data. If unexpected emails arrive in your Inbox, give your bank a call before responding. Attackers might also try to reset passwords for other accounts, so pay attention to unusual messages.
- Spam messages are sent to your contacts – If your contacts receive spam messages directly from your Inbox, this is a strong indicator of a compromised email address.
If your email address has been compromised, recovery is vital. Email service providers, including Gmail and Outlook outline straightforward steps to secure and recover a hacked account.
The Gmail platform can help with account recovery. Spotting suspicious activity and using security features such as 2-step verification can prevent attackers from taking over your account. Most importantly, users can even review what devices use the account and remove them from the list. Outlook users are offered similar options. If the platform detects an account takeover, it automatically restores any messages and contacts that may have been deleted by attackers.
Recovering or obtaining access to a compromised email address does not mean that you are safe from further attacks. Tightening your local device security can help protect you from phishing and malware attacks that may lead to your accounts being compromised.
After you install a security solution, it’s crucial to reset the passwords to all of your accounts, use unique and lengthy passwords, and enable two-factor authentication. It’s also recommended to immediately contact your bank or local authorities in the event of any fraudulent activity, and notify your friends and contact list using a different email address.
Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.