1. Hacking of the E-mail account:-
The email account of the victim is hacked by using various tools to capture the password of the account. This can be achieved by:-
• Sending phishing emails purportedly from genuine email accounts of the email service (but actually fake). The email
contains links that prompt you to visit a page for updating your password and other credentials on the pretext of some system update,
data loss, technology upgrade, regulatory compliance, etc. The links direct you to a fake page where, once you enter your login ID and password, the same get stealthily stolen by the fraudsters.
• Sending you unsolicited/spam mails containing attachments that have malwares embedded in them. Once such emails
are opened and attachments activated the malware gets discreetly downloaded and installed on your device. The malware could be a
keylogger that captures and sends all the keyboard taps to the fraudsters, which includes your account passwords.
The other possible malwares could be ones that capture screenshot or read and transmit saved passwords.
• Email accounts having 2-factor authentication can also be got hacked when users share their OTP with fraudsters after getting tricked by social engineering tools.
2. Once an email account has been hacked the criminal can misuse the account for the following purposes:-
• Sending SOS mails to all your contacts asking for money citing some emergency such as passport, wallet etc. getting stolen in a foreign country, etc.
• Sending offensive messages to your friends and relatives or asking for some ransom for not sending such offensive messages.
• Sending mails to your clients and customers asking for payment of dues/remittances in a different bank account, thus swindling with your money.
• Using the unauthorized access to your email to gain access to your other online accounts, such as other email accounts, net-banking accounts, social media accounts, etc.
1. Use two-factor authentication. Two-factor identification requires you to enter a code
sent to you in a text message or another service to access your account after you enter your user name and
password. This makes it more difficult for a hacker to access your information, even if they are able to crack your password.
2. Do not open SPAM mails or e-mails sent from unknown senders. Do not click on any link sent on such mails.
3. Be cautions while opening links sent in unsolicited e-mails even if they are sent from someone in your contact-list. Such known contacts’ email account may have been compromised and thereafter used to sent malicious codes to unsuspecting contacts
4. Do not click on attractive and tempting links sent over a WhatsApp message or routine SMS. They may lead you to malicious pages and cause malware intrusion on your system/device. Hackers use social engineering to trick you in clicking the links. Don’t fall for it.
5. Keep your e-mail password long and difficult. Password should have at least 8 characters and there should be at least one upper-case, one lower-case, one numeral and one special character in your password.
6. Don’t store your passwords in your device (phone/tablet. etc). Anyone getting access (physical or remote) to your device will easily get to know your passwords.
7. Don’t disclose your password to anyone and keep changing it at regular intervals (2-4 months).
8. Always have a lock screen on your smartphone, tablet, laptop, etc protected by a PIN or password. Do not keep your device open and unattended even for a minute, esp. in public places and your workplace.