How safe is your email account from hackers? Many Canadians have a false sense of security around their email use. They may not have noticed anything amiss in their email account in a long time. But, unbeknownst to them, their email may have been exposed in a corporate data breach. Or their email address, possibly combined with other personal information, may be changing hands on the dark web for years before cyber-criminals attempt to enter their account.
Why do scammers hack email accounts?
Your email account is a treasure trove of personal and financial information. Once inside it, criminals can easily determine where you bank, what credit cards you hold, where you live and what kind of emails you typically receive. They might even be able to intercept multi-factor authentication (MFA or 2FA) messages.
Anyone in Canada can be a target—you don’t need a six-figure bank account to catch a scammer’s attention. In fact, they deliberately cast a wide net.
“The jackpot is when they get someone with substantial assets, but anyone can be a target for scammers,” says Octavia Howell, vice-president and chief information security officer for Equifax Canada, which provides credit scores and reports based on the consumer data creditors and other businesses report to it.
Instead, criminals seek information on as many accounts as possible—including those of your friends, colleagues and other contacts. One scam in Canada involves creating fake co-worker email addresses (based on targets’ contacts and email threads) and asking for banking information for, say, an expense reimbursement or a paycheque. It seems an innocent enough email a colleague might send, but it spells trouble when it’s fraud.
Today’s computing power enables scammers to attack millions of accounts at a time, to cross-reference information and to try out thousands of password combinations. For a scam to pay off, Howell notes, “…they only have to be correct once.”
sponsored
Equifax Complete Protection
Equifax Complete Protection is a credit and cybersecurity protection service designed to help Canadians spot the signs of identity fraud faster.
- Provides daily credit monitoring and alerts
- Scans for your personal data on the dark web
- Social media monitoring by industry leader ZeroFox
Subscription price: $34.95 per month
Here are some tips for how to recognize phishing scams and more from Octavia Howell
Fortunately, there are ways to substantially reduce the risk of fraud with proper email hygiene. Here are some simple practices Howell recommends:
- Change your email passwords often, at least once every few months. If you learn that a company, non-profit or government department you deal with has been hacked, change your email password as soon as possible.
- Never click on a suspicious email. Use your email server’s tools to report and delete the message. When in doubt, check the return address to see if it matches that of the organization or person it purports to come from. But be aware that cyber-criminals increasingly use cloning tools that can make the address look like that of someone you know. Check the email address for the slightest thing that seems off, like an extra letter or a period or hyphen where one shouldn’t be.
- Download a website blocker onto your computer and phone so that if you accidentally click on a suspicious link you’ve come across previously, you are automatically blocked from clicking through.
- Get to know your digital footprint. Every now and then, Google yourself to see what baseline information is exposed. If your email address is out there, remove or change it.
- Consider subscribing to a fraud protection service to protect you and your family by identifying any suspicious behaviour early.
- Do not put your email address on social media. “Some websites ask you if you want your email to be public,” Howell says. “That gives someone the ability to know exactly where your personal information is.” In fact, avoid offering up any personal details, down to the name of your pet, on social media. These tidbits can be used to crack passwords, craft phishing emails you’re likely to respond to, and perpetrate fraud in other ways.
- Don’t use your email address as a username on other sites. Many companies still use email as a default username—change it to something else, if possible.
Scammers are using AI
A lot has been made lately of how artificial intelligence (AI) can improve corporate productivity. Well, cyber-criminals are starting to use it, too. And too well, actually.