700+ Million Email Addresses Leaked and Why it Matters to You
How the million email addresses exposed on the Internet affect your online safety
Emails. Can’t live without them these days. It is probably one of the most used forms of communication, along with social accounts.
Despite the news you might read on the Internet, email is not dead. It’s the place where we keep our contacts, valuable information, read our newsletters, send/share pictures and other important documents. For most of us, email is tied to our online identities.
And yet, emails continue to be an easy target for cyber criminals.
Recently, hundreds of millions of email addresses and passwords have been leaked on the Internet. It is probably the biggest data dump ever, with more than 700 million of email addresses (plus passwords) being exposed online.
According to Troy Hunt, the researcher who made the breach public, said it is unlikely that each belongs to a real person, because the dump has lots of fake and duplicate addresses. Maybe the number of users affected is smaller, but this is still huge.
This shows us, once again, how vulnerable our inboxes are, and why attackers can easily plan a spam campaign for spreading malicious code and infect as many users as possible.
Why does this type of attacks still work?
- There are various online services and platforms out there that people are using daily and most of them lack important security measures, leading to potential cyber threats.
- People collect an amount of sensitive data on emails addresses, and hackers use their creativity to take advantage of this information and cause harm.
- Spam email remains a preferred attack vector for cyber criminals, because they can get easy access to email addresses shared easily by people. Attackers usually rely on botnets to do this work and send spam emails to targeted victims. Botnets are “networks of infected computers that communicate with each other in order to perform the same malicious actions, like launching spam campaigns or distributed denial-of-service attacks.”
- As long as users will keep clicking on everything they receive on emails, they will continue to be a vulnerable target. Thus, it will be a lot easier for cyber criminals to include infected attachments and links into spam emails. It takes one click on the malicious link and the victim is redirected to a site that downloads malware into the victim’s computer.
Read this useful malware removal guide to easily do the cleanup for your PC.
Here are the most frequent types of spam emails to stay away from:
- Online scams that advertise various products and services you can easily receive on emails and are tempted to click on. Read our article to find out the top online scams to stay away from. Here’s how a greeting card scam looks like:
2. Scams that try to trick users into paying an amount or money or providing confidential information. Avoid giving away your personal data on email to untrusted sources.
3. Phishing emails are related to the most sensitive information cyber criminals are trying to obtain from victims, such as: usernames, passwords, and credit card details.
4. Blank spam is another common email to stay away from. Users receive an empty email, usually without a subject line, from cyber criminals who are testing the validity of that email address, so they can easily target in a potential malware spam campaign.
5. Spoofing emails come in users’ inbox looking like a legitimate one with the message “verify your email” that will redirect the user’s traffic to an infected web page.
Source: Heimdal Security blog
These common email spams can easily turn to be a trigger for an upcoming cyber attack minutiously prepared by hackers. Find out more details on how a cyber attack works in our article.
What cybercriminals can do with/to your email account
Cybercriminals easily target users’ email accounts, so we recommend checking out these common cyber security attacks.
- Phishing is a cyber attack where usually a hacker sends a fake email containing a link or attachment aimed at tricking the users into clicking them. In most cases, the link might lead to a malware infection, or the attachment itself contains a malware. Here’s an example:
- Spear phishing is a more targeted cyber attack version of a phishing attack that involves a personalized phishing (and it’s extremely effective, because it’s very well planned) email sent to targeted users or companies. Since users are used to getting such emails, they won’t be suspicious, and will be more likely to click the link/attachment.
- Malware attacks are mostly delivered as malicious attachments via emails to a phishing emails or through downloads on spam websites. The infection happens when users open the attachment to see what’s the email is really about. See the photo below for the main types of malware:
How to secure your email account
Given the fact that our online landscape isn’t safe anymore, securing your email address should be a top priority. Here are some useful ways to do this:
- When signing in your account, it is highly recommended to use two-step verification method, as an extra layer of protection for your email address. To activate this security measure, all you need is to add your phone number to your email account.
- Use a password manager program to set strong and unique passwords. Remember to not use the same password for all your social accounts too, as it gets easier to be hacked and all your accounts will be vulnerable.
- Keep your software up to date all the time! We remind you that email is usually a first step in the malware infection chain. But people continue to click on links they receive on email and get infected. Having the system up to date and protected with multiple layers of security minimize the chances of being infected with malware.
- Don’t connect to free public Wi-Fi networks when trying to send an email or run the financial transaction.
- Be vigilant and learn to identify online scams which usually start with an email sent to a potential victim. Most scams are based on social engineering techniques used to trick and influence users’ behaviours, even the most experienced ones.
- For maximum protection, use an antivirus program or a proactive cybersecurity software solution.
- Mark spam or phishing emails as such, so your email provider can block that sender from spreading malicious content to other users.
- Refrain from opening emails from unknown senders or clicking on suspicious links.
- Be careful when submitting your email to services and websites. Ensure they use https, so you’ll know that your personal data is communicated safely to their servers.
Our recommendation: Don’t click on suspicious links. Don’t open those spam emails you get everyday. Don’t download the attachments and other files you get. You can become easily an easy victim for cyber criminals. Always use VirusTotal to detect and scan suspicious links.
Check out this list of useful online resources to help you stay safe online:
- The Complete Guide to Email Security
- Why Every Cyber Attack Works – A Full List
- The Ultimate Guide to Secure your Online Browsing Today
- Netiquette: Definition and 10 Basic Rules to Dramatically Improve your Safety
- How to Protect Your PC with Multiple Layers of Security
- Hacked Email: Why Cyber Criminals Want to Get into Your Inbox
- How Malware Creators Use Spam to Maximize Their Impact
This should be protected and this is dangerous at the same time People gather a lot of sensitive email address data, and hackers use their creativity to take advantage of this information and cause harm.
You can not share the email address because your email address is leaked. Glad to visit your blog. Thanks for this great post that you share to us.
I found that my email address is in the 43+M email addresses in the Trik Spam Botnet Leak. Is there anything to be done about this?
One of the forms of protection is – KEEP YOUR SOFTWARE UP TO DATE ALL THE TIME !!
In practice – what does this mean? Most, if not all, the software I use does not offer
updates or even a facility to do so.
Please elucidate at length. What types or categories of software should we be most concerned about?
Hello and thank you for your comment. Every piece of software has its vulnerabilities, whether it’s an operating system, apps we use in our daily work or the browser. Please have a look at this article showing the most vulnerable software in 2016: https://heimdalsecurity.com/blog/most-vulnerable-software-2016/. Also, I suggest reading what experts have to say about the importance of software patching: https://heimdalsecurity.com/blog/expert-roundup-software-patching/