Email Account Takeover (EAT), sometimes called Account Takeover (ATO) Fraud, Account Compromise or Email Hijacking, is the practice of criminals gaining a user’s login credentials in order to access their email account. Once in, the criminal can monitor activity, intercept emails, and divert or create fraudulent financial transactions to themselves. They can also use EAT to gather sensitive confidential client information which can be used to blackmail the business for a ransom.
How do the criminals get access?
The criminal may gain the login credentials through a number of methods. They may purchase them on the dark web, collect them through a phishing or vishing scam, or run an automatic algorithm that fires ‘guesses’ of hundreds of common passwords per second until the right one is found.
What happens next?
Once in, and with a bit of patience, a criminal will search around for potential, forwarding some or every email to themselves until they find financial and/or confidential information. Some criminals just send everything to comb through, while others take a more targeted approach selecting certain email addresses and conversations that seem higher value. This could be over a period of many months without you even realising.
When they’ve gathered enough information, they can either pretend to be the account holder in order to complete the scam or use it to contribute to a wider scam to gain money from either (or both) user and clients.
What can I do to prevent my email account becoming compromised?
- Set a strong unique password
- Switch on MFA
- Look for suspicious activity in your access logs via your email administrator
- Check the forwarding rules within your account/s to see if there are any unexpected ones
- Make sure your system is configured correctly for maximum defence – ask your administrator to enable audit logs, set up alerts, limit user access, and any other things that will improve your security.