How cybercriminals can exploit your email

Regarding your password

Most passwords are easy to crack

Yes, to access an email account you need a password. However, people in general have very low password security. If you think cybercriminals guess passwords manually please guess again. It is all automated. Given the hardware power at hand, cracking tools can dish out anything from 100 billion guesses per second or more – cracking most passwords instantly.

A password is not a prequisite to exploit a email

In many cases the cybercriminals don’t even need to crack the password, they simply run a script which try the 5000 most common passwords in general (yes people are that predictable) which roughly gives them access to 20% of all accounts on any given platform. But, as you will see in the first example below: getting access to your email account is not necessarily needed for someone with malicious intent.

Exploits

Sending phishing emails

(no password needed)

To send phishing emails the cybercriminals do not even need to access your email account, they simply send you an email hoping that you will swallow the bait. A common phishing method is trying to manipulate the recipient to e.g. give up sensitive information like passwords, bank credentials etc. by masquerading as a trusted sender like a bank, institution, or someone you know. In other cases, the phishing email try to manipulate the recipient to click documents or links that infects the computer or smart phone with malware which can give them control of the device in different ways.

Scamming your contacts with you as the sender

(password needed)

In case cybercriminals get access to your email they might decide to send out phishing emails to your contacts with you as the sender. This way your unfortune might spread to people you know and love. The cybercriminals success rate with scams like this of course depends on a lot of factors. E.g. the risk that any of your contacts will swallow the bait will of course be higher if the scam is sophisticated and written in your native language, supposed to if it it’s written in really bad English saying things that seems out of character. Either way, it is never fun having your name on something that may cause people you know to get scammed on money or have malware installed.

Access other accounts

(password needed)

If cybercriminals figure out your password and get control over your email, they could get access to other services you use as well. If you have the bad habit of using the same password everywhere, they only need to figure out your username on the other services, which in a great many cases is no less than your email address. Even if this is not the case, they could use your email to reset passwords on other accounts, pick a password of their choosing and get control of those accounts as well, locking you out in the process.

Steal your identity

(password needed)

If someone gets access to your email-account chances are they will be able to gather a lot of personal information about you. With an invoice alone they will get your address, full name, phone number etc. Once they have gathered enough information, they can e.g. apply for services in your name via invoice, take credits and loans etc.