Email is a primary source for communication for individuals and businesses, which makes it a hotspot for cybercriminals looking to steal sensitive information for malicious purposes. It's increasingly important to stay alert and safeguard your email to prevent email compromise. 

If a cybercriminal gains access to your account, they can steal sensitive information and use it to impersonate you in order to access your bank accounts, apply for credit cards or conduct illegal activities in your name. They may also tap into your contact list and send phishing scams to your friends to widen their net of theft.


How does email compromise work?

1. Cybercriminals send fake emails to your inbox that contain links or attachments. If you click on the link or download the attachment and provide your login credentials, the criminal can capture your information and gain access to your email account.

2. Cybercriminals rely on the fact that many people use the same password for multiple accounts. They purchase stolen data breach records and attempt to login, hoping your email password is the same as one compromised. They may also use software that generates a large number of combination of usernames and passwords looking for a match. Using a weak or commonly used password makes your account vulnerable.

3. Cybercriminals use public Wi-Fi networks to eavesdrop or create fake networks in order to collect login credentials or intercept messages without you knowing it.

4. Let's not forget the tried-and-true social engineering approach - impersonation. They pose as your banker, utility company or other well-known company to try and convince you to share your credentials information.


Protect yourself from threats and safeguard your email with these cyber security strategies:

  • Be careful what information you share online or on social media. By openly sharing things like pet names, schools you attended, links to family members and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
  • Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
  • Carefully examine the email address, URL and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
  • Be careful what you download. Never open an email attachment from someone you don't know, and be wary of email attachments forwarded to you.
  • Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
  • Verify payment and purchase requests in person if possible or by calling the person to make sure it is legitimate. You should verify any change in account number or payment procedures with the person making the request.
  • Be especially wary if the requestor is pressing you to act quickly.

This article is intended for educational purposes only. The information provided does not constitute professional or legal advice. For personalized recommendations, consult your financial advisor or a qualified legal representative.