Once again I feel the need to write another article warning about hacking and identity fraud as I have visited several customers over the last few months whose emails have been hacked. In some of these cases the email hijackers created “forwarding policies” from the customers’ email addresses. But what does this mean and why is it dangerous?
Well, in one instance, a lady received a fake email from BT asking her to login to her BT email account to retrieve her statement. By clicking on the link within the email and then entering her email address and password on the fake BT email page (which looked incredibly convincing by the way), she'd unwittingly given the hacker all they needed to get into her real email account. Once in the BT account, the hacker altered the lady’s email settings so that all of her emails were automatically forwarded to the hacker’s email address.
In another instance a customer called me because he had not been receiving emails for several weeks. It turned out that his BT email account had also been compromised and once inside his email account, the hacker had set up an auto-forward which was sending all his emails to an email address he had never heard of. We only got to the bottom of this because the hacker hadn’t ticked the box to keep a copy of the emails in the in-box; hence he was not receiving any emails.
The reason that this email forwarding scam is so dangerous is because the hackers will receive everything you receive, including bank statements, personal messages, log-in information for other websites and accounts and much more. How long would it take, I wonder, for a hacker to build up enough information from your emails to create a new identity based on you? Not long at all is most certainly the right answer.
My advice therefore to all email users is to check all your email settings, in particular ensuring that the box to forward email on is not ticked. I would also recommend being careful when clicking on a weblink within an email. Personally speaking, if I am asked to log into any of my accounts – be it email, banking, Apple, Google, Paypal or anything - I do it directly through their website and not through an emailed weblink.
I would also like to take this opportunity to stress once again the importance of strong passwords for all your accounts. The longer the password the better and the more characters there are in your password, the longer it will take for a hacker to break it, making it less likely they will continue trying. Do use a mixture of numbers, lowercase and uppercase letters and special characters as it increases the complexity of your password and increases its strength.