Tuesday, January 10, 2012

Your Hacked Email Account Can Come Back to Haunt You

Changing email addresses is a part of life – what was a cool email address in high school or college often becomes undesirable as an adult or professional email address.  People also change email providers over time, such as from Yahoo! to Gmail.  What people usually fail to do, however, is to delete or close old email addresses/accounts.  Why does this matter?  It matters because people regularly use weak passwords to protect their email accounts, rendering them easy to hack and enabling scammers to co-opt unused email accounts as part of “phishing schemes.”
Phishing schemes often occur in two forms.  The first is when scammers send out emails that appear to be official communications from banks, financial institutions or e-commerce websites such as Amazon or E-Bay, asking users to confirm some of their account information, such as social security number or password.  When people click on the link in the email they are taken to a spoofed website that looks just like the real logon page for Bank of America or Amazon.  Users then enter their personal information, which is collected or “phished” and forwarded to the scammer’s email account(s).  Another type of phishing scheme is when scammers hack an email address of someone you know and trust and use that account’s address book to send you and other people emails asking for financial assistance or other personal information.  The second type of attack occurred just recently when an Ohio politician’s email account was hacked and messages were sent to individuals in her address book asking them to wire her money in England, where she was allegedly stranded after being mugged.  Needless to say she was not stranged in England and luckily no one wired any money.
As part of both phishing schemes scammers use hacked email addresses to either entice victims or to hide their location and identity.  This is where legitimate but unused email accounts come into play.  By allowing your old email account to remain active and unmonitored, hackers and phishers can use it as part of their illegal activities.  When police or other authorities begin tracking down the scheme’s perpetrators, the innocent owner of the email account, whose information is on file, risks becoming embroiled in the investigation.  Indeed, help forums for many popular free email services reveal dozens of postings by users worrying that their account has been hacked and used for a phishing scams.  Just as people should not leave their passwords lying around, they should also not leave unused email addresses active and unmonitored.  Take a moment today and close unused email accounts.
If you suspect your email account has been hacked, the following resources are available:

For Hotmail users - http://explore.live.com/windows-live-hotmail-hacked-account-faq
For Gmail users - http://support.google.com/mail/bin/answer.py?hl=en&answer=50270

Questions or Comments? Contact Jared Cantor.