DUBAI: Having someone hack into your email account can mean more than the slight inconvenience of changing your password, or the embarrassment of someone knowing how many times you made an impulse purchase during the shopping season.

A seasoned hacker will be able to get access to an absolute treasure trove of personal, financial, and health information. Apart from being used to blackmail the victim, such information may be of value to third parties and can be sold and used for marketing, fraud or identity theft, says Ahmed Ghanem, director of Digital Transformation at Sahab Smart Solutions.

"Intellectual property can be sold and used to develop products and services similar to those of your business," he told Khaleej Times. "Business information can be sold to competitors. Data on IT security is a valuable target in itself because it lets unauthorised parties gain access to all the other types of information on the system."

Statistics compiled in 2020 reveal that emails are responsible for propagating 95% of malware. A new cyberattack is launched every 40 seconds and ransomware attacks are increasing at the rate of 400% on year. More than 25,000 different malicious applications are detected and blocked and over 30,000 websites are hacked every single day.

Email hacking, Ghanem says, can lead to data breach. Depending on the type of data involved, the consequences can include destruction or corruption of databases, leak of confidential information, theft of intellectual property and regulatory requirements to notify and possibly compensate those affected. The costs associated with such incidents can be very high and in some cases may threaten the very existence of a company. As a result, it is extremely important for individuals as well as businesses to identify the threats and reduce their exposure.

Warning signs to be aware of

Ghanem says that there are usually some warning signs when hackers are trying to compromise your accounts. Unusual or failed attempts to login or successful logins from an unfamiliar location will prompt notifications or emails alerting of attempts being made to access your account.

The clearest indication that you have been hacked is when you may not be able to access your account using your regular username and password, or if a suspicious purchase is charged to one of your bank accounts. People on your contact list may begin receiving spam emails or unusual requests from you. These are fairly obvious indications that your account has been compromised in some way.

"Regaining control of an account may not be straightforward and depends on whether you can still access it," Ghanem notes. "Get in touch with the company that owns your account immediately. Every firm will have their own policies, procedures, and recovery steps when it comes to compromised accounts. Do inform all your contacts that your email has been compromised. If it is of sufficient importance, you may have to inform the cybercrime department to deal with legal complications that may arise."

Steps to protect yourself and our accounts

Ghanem advises users to never check their bank accounts or make purchases with a credit card while using public WiFi. It is safer to do such transactions on a secure connection. Keeping your GPS, wireless connection and geo-tracking on all the time can be an invitation to hackers who can use certain features on your phone to get at your information, location or connection. Instead, turn these features on only when you need them.

"Choose your apps wisely," he adds. "Download apps only from reputed and trustworthy sources, and make sure you update your software and apps regularly and get rid of old apps you don't use. Always use a password, lock code or encryption for devices to ensure complete protection from any potential hack or access to personal data. Make sure your passwords are at least eight characters long, with a mix of upper and lower case, and include numbers or other characters."

He also cautions against ever using the auto-complete feature for passwords. "You can use the storage encryption feature on your phone to protect your private data, and set your screen to timeout after five minutes or less. If you are not sure about the source, don't click on any link or attachment. Make sure your data is secure if your mobile device is stolen or lost by setting up your device to lock itself after a pre-set number of failed log-in attempts."

Staying one step ahead of hackers

Ghanem says that hackers use social engineering attacks to manipulate people into giving up confidential information. This typically involves some form of psychological manipulation to fool unsuspecting users or employees into handing over confidential or sensitive data.

"Generally, social engineering involves email or other communication that invokes urgency, fear, or similar emotions in the victim, leading the individual to promptly reveal sensitive information, click a dubious link, or open a malicious file," he revealed.

"Social engineering tactics are popular because it is easier for cybercriminals to exploit an individual's natural inclination to trust than it is to discover ways of hacking into the software they use. As it involves a human element, preventing these attacks can be tricky for enterprises."

With hackers devising increasingly sophisticated methods for fooling employees and individuals into handing over valuable company data, enterprises must use due diligence in an effort to stay a step ahead of cyber criminals, he stressed. – Khaleej Times, Dubai, United Arab Emirates/Tribune News Service