Other issues in this category (21)
Email: Protection against hijacking
Thursday, December 17, 2020
For cybercriminals, having access to your email account means that they can write email messages on your behalf (for example, to your contacts to try to get them to perform certain actions) and send out spam. Or they can demand that you pay a ransom so that you can regain access to your email account. After all, cybercriminals can use the information found in your email messages to blackmail you or your company.
How can you keep criminals from accessing your email account or completely hijacking it by changing passwords?
Let's say straight away that this problem will never be solved completely. Unfortunately, not everything depends on the user. There are vulnerabilities on your computer that still have no patches to close them. There is and will always be configuration errors in your mail services. But you can lower (and substantially!) the chance of someone seeing your correspondence or being able to use your mail account. How? In most cases, the list of techniques that criminals use is not very long. And for every malicious action taken, there is a correct reaction.
The Anti-virus Times recommends
If you are not using a corporate email but an external one, use well-known mail services. The probability that they have a vulnerability is rather small (and certainly lower than when using little-known ones).
When working with email messages from a PC or a mobile device, yours or a corporate device, you need an anti-virus. A trojan that has penetrated the system can help cybercriminals track the password that you enter when accessing your email account or steal the password storage (for example, from a browser where you forgot to set a password for accessing your list of passwords). An anti-virus protects against malware applications that can steal saved passwords, intercept them or make screenshots of your correspondence. Dr.Web Anti-virus can protect against both known malware and unknown malware that hasn't been analysed by the anti-virus laboratory. In the latter case, malware is detected by Preventive Protection.
Do not disable the Dr.Web SpIDer Guard component if you are using a web mail interface. Access to modern mail services is carried out via secure channels, and a file cannot be scanned until the attachment is downloaded on a PC (saved on the hard drive or launched). For example, if an archive containing a file is password-protected.
Use anti-spam technologies. Attackers can simply ask you to disclose your password. For example, via an email message that appears to be from a service administrator or a company: your password has been compromised; please report it to us so that it can be replaced.
Use Dr.Web Security Suite and Dr.Web Anti-virus for Android which can filter access to fraudulent resources — cybercriminals can use a phishing page on which they ask you to enter your password.
Use the capabilities of your operating system or special utilities to check the list of software on your computer and whether it contains software that you did not install. If you are using a mail client and not a web mail interface, cybercriminals can use a program to recover passwords used to access the mail client after penetrating the system. To do this, they just need to know what mail client the victim uses and be able to install it.
If the installed program seems suspicious to you, we recommend that you contact Doctor Web's technical support service or, if you have the opportunity, use the Dr.Web vxCube service by downloading the suspicious program into it to analyse its behaviour.
Install updates to make it harder for intruders to penetrate your computer and do things to get your data.
To eliminate the possibility of unauthorised installation, you should not work under an account that lets you install programs, including under an administrator account. This will make it more difficult for malware to penetrate your computer and for attackers to download dual-purpose utilities that can crack passwords, for example.
Anti brute-force protection must be configured on your company's mail server if you are using your corporate email.
To access your email, use strong passwords that don't match passwords used to access other services. In this case, a leak of service passwords will not give attackers access to your email.
When using your personal computer, create a special account with which you will work with corporate mail and company data.
Never divulge your corporate email passwords to anyone. If you temporarily provide someone with access to your email (for example, while on vacation), afterwards change your password—you can never be sure that no one will be able to access your password (for example, it could have been stored in a password manager).
When you finish working with the web mail interface, close the session by clicking on the Exit button or one that serves the same purpose. This will prevent cybercriminals from continuing the work on your behalf.
At the end of your work day, if you do not turn off your computer and aren’t planning to work with your email, close the session for the web mail interface and the mail client if you use it.
If possible, do not use different locally stored password managers— passwords stored this way can be stolen if cybercriminals get access to the password manager.
Criminals take active advantage of social engineering techniques; they write email messages so that they are similar to emails sent from real organisations and indicate contacts who are familiar to you as senders. Be careful when receiving email messages via a web mail interface. Never open suspicious emails and attachments.