It’s happened to most people. All of your friends and colleagues receive an email from you, offering the latest benefits of a Viagra competitor and explaining that you will finally be able to satisfy your woman in the bedroom. With a sigh, you tell them you’ve been hacked and change your password. Maybe you go a step further and stop using the email address all together and keep your life moving.
The problem is that most people don’t realize that the person who hacked your email may not have done it just to hawk pills to make you and your friends better in the love department. Hackers can access all of the sensitive data that you have ever sent from your email. If they figure out the password to your email, chances are they know your passwords to other companies. 55% of net users use the same password for most if not all websites, and 92% use the same password for email as they do for social media. Our emails often have the least amount of security, making them the easiest to hack.
Think of what documents you’ve sent and received from your email. If you’re like most, the list includes your driver’s license, social security card, tax returns, proof of income, a couple of pictures you don’t want the world to see and a few Donald Trump jokes.
Now take a brief moment to think of the institutions that you receive email from and what these emails contain. Most of us get emailed statements from our banks, retirement accounts, credit card companies, etc.
They don’t have to learn how to hack these financial institutions in order to get access to your money, they simply have to wait. Monitoring your email is now their job in order to see where you have assets, then go to those sites and hit the button that says “I forgot my password”. How do these financial institutions, that we hope possess extremely secure sites, encryptions & firewalls, go about getting you a new password? They email it to you. D’oh!
This is precisely why every business management firm I’ve ever been to has mentioned that their clients’ emails got hacked and then they received a request to wire money to firm X, friend Y, and relative Z. In the case of high net-worth individuals, hackers will patiently wait months while reading every email to see who the person interacts with regularly, how they write, their mannerisms, travel schedule, etc. This way, they know the most effective to strike for the maximum amount of damage.
One example I encountered was someone that was traveling to China to buy art. As they were on the airplane on the way home, a thief sent an email to their business manager to a have funds wired immediately to a firm named something like “Jim’s Chinese Art House”. It matched up with the buying trends & stated purpose of the trip and would have been completed, if not for the fact that the business manager had a strict policy of not sending out wires without verbal confirmation and was unable to reach the client (because they were in the air). Shortly thereafter they received another email stating that they really needed the wire sent ASAP – but held firm. When the client landed they called back and said that they didn’t have any idea of what the manager was talking about. Best practices for business managers and wealth advisers is to always make sure to require a verbal confirmation before disbursing funds, even if it’s for a presented purpose. Also, insist that your high net-worth and high-profile clients implement 2-step verification on their email accounts.
Has your email address been compromised? Click here to check.
Want to add another layer of security to your email profile? Find out more about 2-Step Verification.
You can also strengthen the security of your profiles with password manager software like LastPass. Read more here.
Getting hacked by thieves online is an inevitability. Protect yourself from identity theft by blocking your credit entirely with Credit Block. Contact our office today to learn more.