As we come to the end of the second week of Cyber Security Awareness month, we’re going to take a look at our emails. We know technology is advancing and it’s now an essential part of living in Australia. If you don’t have it, you’re at a significant disadvantage. But have you stopped to really think about how much we rely on it? When was the last time you posted some old school snail mail? Generally speaking, unless you’re from an older generation, your birthday and Christmas cards are sent via email or social media. You don’t send a letter with an envelope and stamp to your pen pal, you send them an email. However, with the dependence we place on our emails to communicate, it’s now become one of the favourite ways for hackers to get to you.
As we mentioned in one of our recent blogs, Cyber Warfare and its Impact on Australia, there are multiple reasons why hackers target you. With your email, the same thought process applies. So, how do you know if your email has been hacked?
The biggest red flag is always going to be this. If you know you haven’t just forgotten your password or had your cheeky 3-year-old fiddling with your settings, there’s a good chance that if you can’t log in, you’ve been hacked.
Sometimes hackers will get into your emails but won’t change the password. Why? Because then you’ll take measures to stop them from getting in again. In this case, hackers may sit dormant for months, looking through your incoming and outgoing emails waiting for the opportunity to strike. Particularly if you’re a business owner waiting for clients to pay their account, you need to be on the lookout for emails you never sent. We’ve had several clients just this year tell us about incidents where hackers were sending out emails asking for payments to be made to a different bank account under the guise of being an employee.
If you’re not regularly checking your sent box, this can be a tricky one to catch. However, as we discussed in last week’s blog, Have You Been Hacked?, things such as spelling and grammar can be an indication that the email didn’t come from you. So, make sure your clients and colleagues know what to look out for, so that they can let you know if it looks like you’ve been hacked.
If you receive a password reset email, first make sure it wasn’t just your spouse or 10-year-old trying to get into your account! Then make sure you reset your password. Receiving one of these means that a hacker has been attempting to breach your security settings, but so far has failed. But that’s no reason to sit back and think, “that’s okay, they haven’t gotten in yet, so I’ll be fine”. It’s this type of thinking that will get you into trouble.
When you send an email, your service provider will keep a log of IP addresses that have accessed your account. This info will tell you the device, browser type and physical location of the person who’s accessed your account. If you’re not sure how to find your IP address log, here are a few common ones:
And so, we come back to the big question: what do you do now? You know what to check for, but how do you protect yourself? The simple answer is to be proactive! Set up multifactor authentication on all the platforms you use, ensure you’re not reusing the same password over and over again and it’s one that’s hard to guess (yep, that’s right mum your dog’s name is NOT a suitable password!), and keep up to date with the latest news.
And if you want to take it to the next step, take up a course like our Cyber Security Analyst program that will give you all the knowledge necessary to step into a cyber security role, or simply give you enough knowledge on how to keep your kids safe on the internet.