The furor over former Secretary of State Colin Powell’s hacked email account highlights the dangers associated with communicating sensitive information electronically. In Powell’s case, his personal musings about presidential candidate Donald Trump and others were made public, causing embarrassment but no security breach. The fact is that hacked email can cause more than embarrassment. Email is a reliable and effective way to deliver advanced, targeted attacks, and you don’t have to be in politics to be vulnerable.
Some 2.6 billion emails are exchanged every day, and cyber criminals are very sophisticated about hiding malicious links and attachments in emails that appear to be from friends or colleagues (or if your email has been hacked, might really be from you). Such links or attachments evade spam filters, antivirus software and traditional email security measures. Don’t ever click on a link or download an attachment unless you are expecting it, and if you have any doubts call the sender first.
Experts say 91 percent of cyber crimes begin with a single email. Someone really intent on getting into your email may study your Facebook, LinkedIn and other social networking accounts to gain intelligence about your, then craft an email on a topic of interest that appears to be from a trusted friend. Don’t assume your IT department is protecting you so you don’t have to worry; even the high-security Oak Ridge National Laboratory in Tennessee has been the target of a successful “spear-phishing” attack.
That single downloaded attachment from an innocent-looking email can create a backdoor into your network, providing a foothold to map a way to a company’s most valuable systems. Long story short, you can’t be too careful.