chevron-down Created with Sketch Beta.
March 01, 2018 GPSolo

Has Your E-mail Been Hacked?

By Sherri Davidoff


Your e-mail account is under attack. Criminals from around the world hack into e-mail accounts routinely. If your account password is stolen through a virus infection or a data breach, it will likely be sold on the dark web to criminal groups who will then use it to break into your accounts.

Why Do Cybercriminals Want to Break into Your E-mail Account?

E-mail accounts are gold mines for sensitive data, and they can also be used to commit other crimes. In July 2016 the cybercriminal “Peace” advertised 200 million Yahoo accounts on the dark web in exchange for three bitcoins (approximately $1,860.46 at the time). After a massive investigation and multiple breach announcements, Yahoo finally announced in 2017 that “all Yahoo user accounts were affected”—3 billion in all. Many other popular services, including LinkedIn and Adobe, have revealed password data breaches.

With access to your e-mail account, criminals can:

  • Reset passwords. Criminals can hijack your accounts on sites such as Amazon, PayPal, your online banking website, and more. These accounts are effectively purchasing tools; criminals can easily use them to buy goods or services, or even transfer cash.
  • Commit wire transfer fraud. Criminals search e-mail accounts for requests for wire transfers, such as those that result from real estate closings, insurance payouts, or vendor payments. Then, they intercept messages and send fraudulent requests (sometimes from a different account) designed to initiate wire transfer to accounts that they control.
  • Hack your colleagues, clients, friends, and family. Criminals can use your account to send an e-mail to any of your contacts, which may in turn infect their computers.
  • Steal confidential information. This information can be used or resold. E-mail contains a treasure trove of data, ranging from copies of tax returns to trade secrets to health information, and more. For lawyers, this data can include sensitive e-mails exchanged with clients.

How Can You Tell If Your E-Mail Account Has Been Hacked?

It’s tricky because cybercriminals often cover their tracks. Here are a few red flags:

  • You notice e-mail filtering or forwarding rules that you didn’t set up.
  • Friends or colleagues report receiving an e-mail from you that you didn’t send.
  • Your cloud e-mail provider alerts you to a suspicious login.

Most cloud e-mail providers have a way for you to check your recent logins. For example, Google provides access to your sign-in history (tinyurl.com/ydy3fs7k), which includes dates and times that your account was used. Often, activity history is only stored for a limited amount of time, such as 30 days. Check your account activity history regularly to make sure that no one has logged into your account besides you.

How Can You Defend Your E-Mail Account from Criminals?

An ounce of prevention is worth a pound of cure. The very best thing you can do to prevent criminals from breaking into your e-mail account is to use strong authentication.

Authentication is a method for verifying a person’s identity. For example, I might tell my computer that I am “sdavidoff,” and I prove my identity by typing in a password. There are three different ways that you can verify that you are who you say you are:

  • Something you know (for example, a password).
  • Something you have (for example, a key).
  • Something you are (for example, a fingerprint).

Two-factor authentication means that you verify a person’s identity using two methods combined. Many popular e-mail services support two-factor authentication. For Gmail, Office 365, and many others, it’s easy—and free. When you use two-factor authentication with these services, you use your mobile phone as a second factor to verify your identity. This means that criminals can’t break into your account using just a stolen password.

For video tutorials that show you how to set up two-factor authentication, visit lmgsecurity.com/passwords.

What Should You Do If Your E-Mail Account Has Been Hacked?

  • First, change your password immediately. Set up two-factor authentication if you can.
  • Preserve the account activity history. This may help an investigator identify the source and scope of the attack.
  • If you have cyber-insurance that includes data breach response coverage, consider notifying your insurer.
  • Call a trained cybersecurity specialist if there is a chance you may have sensitive data, particularly client data, in your e-mail.
  • Evaluate the risk that a data breach occurred. A data breach is a legal term that is defined differently under state and federal laws. It is always best to consult with an attorney who specializes in data breach response to determine whether your e-mail account hack is legally a breach.
  • If you have any client data in your e-mail account, you may need to notify clients for ethical if not legal reasons.

Cybercriminals are after your e-mail account. You can prevent them from breaking in and stealing your sensitive data by using simple tools such as two-factor authentication. Set it up today, and sleep better knowing that your e-mail is protected.

Sherri Davidoff

Sherri Davidoff (LMGsecurity.com) is the CEO of LMG Security, which provides cybersecurity testing and audit services, digital forensics, and training. She has 16 years of experience as a cybersecurity professional. She is the coauthor of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012) and is a panelist for the ABA’s on-demand CLE program Your Law Firm Has Been Breached: Now What? She is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN) and holds her degree in computer science and electrical engineering from MIT.