Email Security Intelligence - Identity Theft & Email Security

Identity theft has been a problem for years and has only worsened as we have moved online. It is now a problem that hits millions of users and costs billions of dollars. As businesses collect more private data, typically for marketing purposes, more risk is created. Combined with the fact that hackers are getting more sophisticated and data breach more common, there is a high probability that your information will fall into the hands of third parties.

In the 2021 Annual Data Breach Report, the Identity Theft Resource Center (ITRC) reported that 1,862 data compromises occurred in 2021, breaking the previous record of 1,506 set in 2017. The Data Breach Analysis from the ITRC found that there were 14% more reported data compromises in the first quarter of 2022 compared to the first quarter of 2021. 

Most businesses and individuals have already experienced phishing emails, though they can be dismissed as spam and deleted before causing damage. This article will discuss the consequences of having your online identity stolen as well as methods for prevention to help keep your email safe.

How Your Identity Can Be Stolen Online

Identity theft is the process of a thief gathering your information and using it to either impersonate or defraud you. The amount of data can be small, such as your Social Security number, password, address, mother’s maiden name, account number, or PIN. This is all it takes for a thief to make credit card purchases, open bank accounts, take out loans, or commit crimes in your name.

Email theft is common and has severe and lasting consequences. Attackers put in great efforts to learn your online passwords, so they can delve into your personal information or deploy phishing emails to get you to disclose the passwords yourself. Once a hacker can break into your email account, they can access your associated accounts and lock you out while causing damage. Some common methods attackers use to break into your email include:

• Phishing: an attempt to manipulate you with a phony email that appears to come from a reputable organization or individual. The message is meant to alarm you by suggesting that your account was compromised or will be closed unless you respond and typically contains a link to a website. 
• Malware: opening malicious email attachments may secretly infect your device with harmful software that can enable a thief to collect your passwords or account numbers.
• Data breaches: identity thieves may break into insurance, hospital, government, and other databases to steal thousands of users’ personal information.

How To Prevent Your Account From Being Compromised

It isn’t often a short process to discover you’ve been a victim of identity theft and can take even longer to clear your name, so prevention is key. You can keep your account safe by:

Defend Sensitive Information

Don’t put sensitive information in an email, social media, or text messages as these may not be secure.

You should also look for signs that a web pagewebpage is secure and legitimate, check to ensure the web address starts with https (“s” stands for secure.) 

Be cautious about clicking links in a message or pop-up window. If you’re unsure if a message is genuine, respond with a different device or account.

Create Strong and Unique Passwords

Strong passwords consist of a mix of capital and lowercase letters, numbers, and symbols and should be at least 14 characters long. You should refrain from using the same password for multiple accounts because if it gets stolen, each account would be at risk.

Boost Your Computer’s Security

Reduce the risk of identity theft by keeping all software patched and updated with automatic updating. You should also install legitimate antivirus and antispyware software and never turn off your firewall.

Warning Signs You’ve Been Hacked and What To Do

Email is the preferred method of communication among businesses, so it is imperative that you’re aware of tell-tale signs your account has been compromised. If you still have access to your email account you should take steps if you notice: 

• Your inbox is full of Mailer-Daemon rejection notices.
• Your contacts are getting mail from you that you did not send.
• There are outgoing messages in your Sent, Drafts or Outbox folder that you didn’t send or create.
• Your Address Book contacts have been erased or there are contacts that you did not add.
• Emails you try to send are suddenly getting refused and returned to you.
• You keep getting bumped offline when you’re signed into your account.
• You are not getting new mail, or your new mail is going straight into your Saved IMs folder.

There are several ways you can minimize the risk of having your email hacked due to the likelihood of being exposed to a phishing scam. Should you fall victim to an attack, it’s important you regain access as attackers can spread their campaigns quickly. Best practices once you have recaptured your account include:

• Change your password.
• Report the incident to the email site.
• Alert your email contacts who may have received a fraudulent email.
• Scan your computer with an updated antivirusanti-virus program.
• Review your personal email settings.
• Update passwords or security questions for other sites.
• Check your email folders.
• Monitor your financial accounts for suspicious activity. 
• Most importantly, implement a multi-layered email security system capable of detecting and blocking future security threats in real-time.

The Bottom Line

Absolute safety against these kinds of attacks cannot be guaranteed, however common sense, vigilance, and limiting the data available to third parties can help protect yourself against identity theft. Following best practices will keep both your organization and individual users out of harm’s way, or if you do become a victim, there are steps you can take to reduce your losses and recover from the attack as quickly as possible.