Brute Force Attacks on your E-mail Account

Protect your e-mail account from hacking attempts

email-lockA few weeks ago we published this article explaining what you can do to help prevent your WordPress Website from being hacked. The article outlines a number of WordPress Plugins and hosting security measures that we use to ensure that our customers’ websites remain free of malware.

But beware – your website isn’t the only password-protected service that can be subject to hacking. Hackers are always on the lookout for a way to break into e-mail accounts, and unfortunately e-mail hacking is something that we see happen from time to our own customers.

You’re minding your own business, going about your every day e-mailing, when suddenly you start receiving hundreds of “Failure Notice” e-mail messages from MAILER_DAEMON, indicating that an e-mail message you tried to send has failed.

It is possible that your e-mail address has simply been spoofed – but another possibility is that your e-mail security has been compromised, and you need to take action to stop the attack. If your e-mail service is through Iceberg, let us know and we can check the server logs to see which is most likely the case, and recommend a plan of action to you.

The big question: WHY? 

Krebs on Security posted an article last summer that explains the value of a typical e-mail account to a hacker.

spam_hacked

Many hackers will compromise an account to send out spam messages – either as a way to try to make money, or a way to distribute viruses and malware, which they can use to in turn break into more e-mail accounts.

But your e-mail account gives hackers access to much more than just a means to send messages. Your address book contains a list of contacts with real, working e-mail addresses: more people to add to their mailing list. E-mails from all of your online accounts: Facebook, UPS, Amazon, and your banks, are delivered to you. Your e-mail address is the login you use for Facebook, Google, YouTube – and if you use the same passwords across the web, your hacker now has the key to your personal information here.

Use strong passwords

email_password

We cannot stress enough the importance of using a strong password on your e-mail – and all – online accounts. Don’t use your mother’s maiden name. Don’t use your dog’s name. Don’t use sequential numbers, and don’t use the word “password”.

The most common passwords used in 2013 were: “123456”, “password”, “12345678”, and “qwerty”.

These passwords may be easy for you to remember – but they are also very easy for any person to guess, and even more easy for a password cracker to guess when trying 200 login attempts per minute on your account.

How does my password get stolen?

There are a number of ways your e-mail password could be compromised. Here are a few:

  • It was easy to guess: If you aren’t using a strong password, then it is very possibly for your friends or associates to be able to break into your account just by guessing. A hacker may also try to break into your e-mail account using a dozen or so very common passwords – and if you’re using a password like “password1” they are very likely to succeed!
  • Brute-force attacks: A (http://en.wikipedia.org/wiki/Brute-force_attack) brute-force attack happens when a hacker (usually using an automated script) tries to log into your e-mail account systematically entering all possible combinations of keyboard characters until the correct one is found. This type of attack can slow a server to a halt, given the sheer amount of traffic that is accessing the email login page. Fortunately, Iceberg Web Design’s hosting servers are constantly checking for this type of attack, and are able to respond quickly by blocking the IP address that the attack is coming from if a brute force attack is suspected.
  • Computer viruses: Some computer viruses and malware scripts have the ability to capture your password, or monitor your keyboard strokes to determine what username/password combinations you are using. We strongly recommend having an up-to-date virus scanning program on all computers you use, and running them on a regular basis.
  • Password crackers: If a hacker is able to get an encrypted version of your password, either through a virus or another security breach, they can run a password cracker script to nail down a match.

 

How do password crackers work?

Your username and an encrypted copy of your password is stolen from your computer – either directly by a hacker, or through a virus or malware script. The password cracker then runs a program in their computer against a dictionary, and uses some basic human behavior knowledge to continually create passwords until they find a match between the encrypted value they took from you, and the value they generated in their random password file.

So, imagine you used one of the most common passwords out there: your dog’s name with your birth date and a punctuation mark tacked on the end for “extra security”: Bailey79!

A password cracker is going to generate hundreds of millions – if not more – passwords. Since ‘Bailey’ is a fairly common pet name, and people are notorious for combining simple words with numbers and punctuation marks, the cracker will start generating passwords like this:

  • bailey
  • Bailey
  • bailey1
  • Bailey1
  • bailey1!
  • Bailey1!
  • etc…
  • bailey78!
  • Bailey78!

 

And for a cracker that can generate millions of passwords in a few seconds, it isn’t going to take long at all for them to find a match.

HACKED

What happens next?

Your password has been compromised. A real person – or a computer – now has access to your e-mail account. So what’s next?

If your e-mail has been hacked, then the hacker will likely start using your address to send out massive amounts of SPAM e-mails. One indication that this has happened could be a massive amount of MAILER DAEMON / returned undeliverable e-mails starting to fill up your mailbox. Since the hacker is sending out massive amounts of spam using your account, chances are they are going to be sending junk to messages that either reject the spam, or that don’t exist – and unfortunately you are the one who is going to receive all of the returned error messages.

Note: a large amount of returned e-mail messages could also be an indication of e-mail spoofing –  which is not an indication that your e-mail account has been hacked.

Hosting Server Security:

If we notice that your e-mail address has been compromised, we will temporarily suspend the outgoing mail service to immediately stop the problem. This is one of the security features of our e-mail hosting service. We closely monitor our server logs, and will contact you after we are certain that your account has been compromised.

Reset your password:

If we determine that your e-mail password has indeed been compromised, you will be asked to reset your e-mail password (in some cases, we may reset it for you if we believe that there is a risk to your identity from the hacking). We also recommend having every e-mail password at your domain reset as well, just as a security precaution.

Run a virus scan:

Since it is very possible that your password was compromised from a virus or malware, we suggest that you immediately run virus and malware scans on all computers in your office, and at home, that you have used to access your e-mail account from.

Monitor the mail server:

Once we have determined that the account is no longer compromised, we will re-enable your outgoing mail server. We will monitor the mail server logs closely for a while to ensure that the account does not become compromised again.

Questions? Drop us a line!

If you have any additional questions, please don’t hesitate to contact Iceberg Web Design! We take internet security very seriously, and are happy to answer any questions or concerns you have about your website hosting or e-mail service.

Related Posts

Are you ready for Business Growth?

Our responsive team will help your website convert more leads.
Contact us today!

Name(Required)
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Skip to content