How Email is Hacked and Compromised

Email hacking typically occurs through phishing scams, where attackers trick users into revealing sensitive information or clicking on malicious links. Here are some common methods:

• Phishing Scams: Attackers send emails that appear to be from legitimate sources, such as banks or IT support departments, asking for login details or other personal information.
• Spear Phishing: Tailored attacks targeting specific individuals within an organisation with highly personalised emails.
• Spoofing: Emails are sent from a forged address, making them look like they come from someone the recipient trusts.

Microsoft 2FA (Two-Factor Authentication) and Its Vulnerabilities

Microsoft’s 2FA is designed to add an extra layer of security. However, it can be circumvented in several ways:

• SMS Phishing: Attackers trick users into revealing their second-factor authentication code by posing as support staff.
• App-Based Authenticator Apps: If these are compromised, the attacker can gain access even with 2FA enabled.

Consequences of a Compromised Email Account

For most email systems, having a compromised account is concerning but not necessarily tragic. However, for Office 365 (O365) users:

• Access to Company Directory: Hackers can access the entire company directory.
• OneDrive and Shared Onedrive: They gain access to all stored documents and files.
• Shared Mailboxes: Control over shared communications channels.
• Past Emails: Access to every email sent or received.

Safer with a Different Email Provider

Enterprise email providers like GEN offer enhanced security features:

• Monitors Unusual Connections: GEN reports unusual login attempts, providing an early warning system.
• Reduced Attack Surface: Smaller risk of prolonged compromise due to robust monitoring and reporting mechanisms.

Leverage of Compromised Email

Once hacked, emails can be used for various malicious purposes:

• Information Extraction: Gather more sensitive data from compromised accounts.
• Internal Phishing: Use the compromised email to launch further attacks within the organisation.
• Financial Fraud: Redirect payments or intercept orders by impersonating trusted colleagues.

Immediate Action After Compromise

If you suspect your account has been hacked, take the following steps:

1. Contact Your Email Provider:

• For Microsoft or Google accounts: They might be unhelpful. Other providers can offer more support.

1. Change All Passwords:

• Generate new, strong passwords for affected accounts and any related services.

1. Report to Action Fraud:

• While they may not take immediate action, their statistics are valuable.

Post-Incident Considerations

After a compromise:

• Assess Exposure: Review the extent of the breach, including sensitive data and communications.
• Future Prevention: Strengthen security practices such as enabling 2FA on all services, using complex passwords, and educating staff about phishing.

By following these guidelines, you can mitigate the risks associated with email hacking and better protect your organisation's valuable information.