If you look at your phone, you will most likely have around 3–4 shopping or social media applications installed, maybe more. All of these different applications will most likely be linked to a single mail account or through another account such as your Facebook login. Which ever accounts these are, they will always be linked back to an email account as it’s a way of identifying you. All of this makes life simpler and also helps you to recover your password should you forget it. It happens to us all.
The “Forgot my password” might save you in times of need but it could also be your downfall. If you think about some of the shopping or social media sites that you use day to day, how many of these are linked to your email account?
I would guess most of them and why not? It makes life easier and you aren’t going to have 5–6 email accounts, are you? Obviously not and this is what hackers count on.
Most hackers will focus on email as it’s a great way to gain further access to all these wonderful sites. Why bother trying to crack several credentials and go through the hassle, when you can target one and reset the rest.
With some simple recon, a hacker can link several social media sites to your email, phone or usernames. How they do this, can be found here: https://ctrlaltdel.blog/2019/04/19/how-exposed-are-you-on-the-internet/
Once they have done this, they can work out how you function day to day and what email provider you are using. John.doe@gmail.com for instance is obviously Google Mail. The same can be said for Yahoo and Outlook. Once a hacker knows this, they can focus their attack.
If you don’t have MFA on your primary email account, then set it up right now. I’ve added some quick links below for the mentioned mail providers. There are more out there and the provider will have most likely have written a “how to”.
If you look at the image above, you will hopefully see my point. This user has a simple password which is his name and DOB. No MFA or 2FA has been setup for the account.
Simple hacking techniques would be able to either guess or brute force these credentials. It’s always best to start with a strong password: https://ctrlaltdel.blog/2019/06/20/creating-secure-passwords/
It doesn’t even need to be that though as for some, you can reset your email account password with security questions. Before we share so much online nowadays, the answers to these security questions can often be found on the users social media profiles, such as first pet, mother maiden name etc…. It just takes some digging.
Once in, the hacker can start to dive through this user’s emails or start to reset passwords for linked accounts. It would be easy to find as you could run searches on the inbox such as “receipt” or “update”.
Because most companies will just ask for you to confirm the email address before resetting the password, it makes it easier for the hacker.
Once they are in your email account, they can start to reset passwords, copy the link, delete the mail and you are none the wiser. If you don’t have your phone on you or secure profiles in place which will alert you of unusual activity on your account, you might not be aware of what is going on.
If these accounts are for social media sites or have saved payment information, the hacker could start to cause trouble or cost you money. They could also use you for Phishing attempts in order to spread malware or to gain further access.
Hopefully now you can see why it is important to setup things like 2FA/MFA, have secure passwords and security questions in order to better secure yourself online.
Just think, If they have your Google Account, they have access to your email, photos, contacts, notes, Google drive and potentially a way of resetting your passwords for other accounts.
Click the links below or follow the instructions on your mail provider and get secure!
Gmail 2FA: https://support.outreach.io/hc/en-us/articles/206126307-Set-Up-Gmail-Two-Step-Authentication
Microsoft 2FA: https://support.microsoft.com/en-gb/help/12408/microsoft-account-how-to-use-two-step-verification
MFA Authentication Applications:
Microsoft: https://www.microsoft.com/en-us/account/authenticator
Google: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB
amoran.io 
Leave a Reply