If not banking online or storing sensitive information on their computer, it’s easy for someone to overlook the immense value amassed in their virtual mailbox. As it turns out, there are a myriad of reasons hackers are interested in breaking into inboxes. These motives range from resources like account information and employment documents to personal data (both yours and that of all your contacts). Nearly every service someone signs up for online will require an email address, giving any person with access to this address full access to all affiliated accounts. The accounts a hacker may seize information from come in an variety of forms and may include:
- Social media — Facebook, Twitter, LinkedIn
- Online merchants — Amazon, Best Buy, Target, Macy’s
- Mobile providers — Verizon, AT&T, Sprint
- Internet-based services — Skype, Spotify, Netflix, Hulu
Hackers will often proceed to sell the stolen credentials in underground markets, where they can obtain approximately $8 for each set of iTunes credentials and approximately $6 for credentials from United.com or FedEx.com. Aside from looting account information and auctioning it off for a profit hackers love breaking into email accounts to exploit personal networks. Disguised by a personal email address they will imitate the address owner and send malicious messages to the address’ contact list — often pretending they’re traveling in need of money or telling a similar story crafted to result in money in their pockets (more information on popular scams here). The attacker may also impersonate the rightful owner of the address and blast their contact list with spear-phishing messages, junk mail infiltrated with malware or combine all the aforementioned tactics. If stolen account information and a jeopardized contact list aren’t enough to worry about, any information placed in a cloud-based file storage like Dropbox or Google Drive will also be accessible to the attacker. Furthermore, if the compromised address was ever used as the backup to retrieve the password for another, the attacker will have access to it and all of its contents as well. Although it seems that most inboxes are just crowded with invaluable, never-ending messages, in the eyes of an attacker they are typically glittering with possibility.