• By: Jason Jordaan | Principal Forensic Analyst DFIRLABS (Pty) Ltd | @DFS_JasonJ | [email protected]
The world has changed considerably over the years, and the Internet has played a significant role in that. The Internet brought us two services which almost all of us reading this use on a daily basis, emails and the world wide web.
We all have at least one email account, and most of us more than one. The email accounts that we use all have an associated password. The sad reality is that most of us use the same password (or a variation of it) for just about everything, so I am certain that many of you who have multiple email accounts use the same password for some of those accounts. In addition to our use of emails we also all make use of the world wide web, that part of the Internet filled with a myriad of websites of which I am certain most of us visit several in any single day. How many of those websites, especially social media websites and online shopping websites, require us as users to register accounts on them. For many of these, the user name used is often one of your email accounts. Each one of these accounts also requires a password. Now the question I need to ask is: How many of these website accounts that you use have the same passwords that you use for the email accounts that you used as user accounts for those websites?
Now the reason for me asking is we have been investigating hundreds of fraud cases over the last few months where two parties are engaged in a financial transaction with discussions between both parties taking place via email. At some point in the communications, one of the parties is provided with a bank account or changed bank account for payment, and the other party pays. Unfortunately, cybercriminals have compromised at least one of the email accounts used, allowing them to divert legitimate email traffic between the parties and insert themselves into the transaction, allowing them to provide the bank details to receive payment, and once the payments are made they fade away into cyberspace. The fraud succeeds because the cybercriminals are able to access one of the email accounts and are able to read, divert and send emails from that account.
How do they do it? Well, it is quite simple. They simply gain access to user accounts and passwords from hacked websites, that are available for sale on the Dark Web. When those user names are email addresses, and the passwords for them are the same as those used for the actual email account, then the cybercriminals have easy access to your email account. These are not sophisticated complex crimes, but very simple ones made easier by our bad habits.
The bottom line is that you should never reuse your passwords from different accounts. When it comes to your email accounts, always use a unique password that you never use for any other account, and where available, always turn on multifactor authentication.
Until next issue, be vigilant and stay safe.