Mailbox Security Tips
You’ve heard of phishing, but what is whaling? A whaling attack is a targeted attempt to steal sensitive information from a company. This may be done by hacking a mailbox and then skimming financial or other sensitive information for malicious reasons.
You may become aware of this when you notice an influx of bounce-back messages to your Inbox, for mail that you did not send. This can be remedied by resetting the password of the affected email address.
Phishing or whaling, however, can have more disastrous consequences, and compromised mailboxes can stay undetected for a long time.
A typical scenario
A mailbox is cracked due to the use of a weak password. A mail forwarder or message filters are then added to the mailbox to copy or divert mail to an external illegitimate address. An incoming invoice may then be fraudulently copied and updated with the hacker’s banking details. As this invoice was expected, the payment is made without raising any flags.
Simple ways to protect yourself from cybercrime:
Keep your passwords safe
Passwords should not be saved in plain text on your computer. Unprotected passwords can be tracked down by hackers, so consider using a password protection app like 1Password, which allows you to store all your vital information in a central, encrypted space.
Beware of phishing emails that entice you to enter your mailbox login details.
Create strong passwords
It’s best to ensure that passwords contain a minimum of 14 characters, with at least one uppercase letter and one number for added resilience. Password apps, such as those mentioned above, provide strong passwords which don’t have to be memorised.
While it may be more convenient to use the same password across numerous services, this can put you at serious risk. Hackers will try the email and password combination from leaked databases on other services. Services like HaveIBeenPawnd allow you to check if your data has been involved in any security breaches. If you find your details on these services, you should change your passwords immediately.
See: How to change your mail password
Maintain a watchful eye
If you don’t already have anti-virus and anti-malware software installed on your computer, it’s vital that you rectify this, and run regular scans to check for any vulnerabilities.
If you’re using a public wifi hotspot or computer, make sure it’s reputable, and avoid logging into your online banking or sending any sensitive information if you don’t know the network.
Check your mailbox for forwarders
A popular modus operandi for hackers is to install forwarders on email accounts, which allows them to intercept messages you receive, and conduct fraudulent actions where possible. To ensure that you’ve not been targeted, check your account regularly for forwarders and mail filtering rules. Find out how: Mailbox security checks
All xneelo-hosted domains have access to a free Let’s Encrypt SSL certificate, which can be used to secure both your email and your website.