Hacked! Protecting Personally Identifiable Information When Your Email Is Under Attack

Most people discover that their email account has been hacked well after the fact.  While it’s embarrassing to field calls, text messages and emails from well-intentioned friends expressing concern that you are stranded in Nigeria and in desperate need of $500, embarrassment is only the tip of the iceberg. Hackers can change your passwords so you can no longer access your accounts or retrieve your messages, and they can delete your contacts and correspondence.

Once you become aware that your email account has been hacked, the protocols around damage control are straightforward and critically important.

It starts with changing your passwords and working with the mailbox provider to recapture your account. It’s also important to review your settings and run an antivirus program to make sure that your equipment isn’t infected.  And of course you need to warn your contacts that your account has been compromised and that they should be on the lookout for suspicious emails sent from your account. In addition to obviously suspicious ploys, they might also receive phishing emails that don’t come directly from your account but look convincing because they mention your name and their name together on things like phony Evite invitations or other seemingly innocuous web-based services.

However, often email hacking goes undetected because there’s no obvious indication that it’s happening, and this is where the worst damage occurs.

Most people envision “email hacking” as a scheme to hijack a person’s email account to defraud their friends and family.  However, from a hacker’s point of view, the real treasure trove likely lies inside the victim’s inbox. This is because people have a tendency to send and receive financial documents and other personally identifiable information to others via email and then they archive the messages in a file on their system. And by the time email users become aware that their accounts have been compromised, it’s too late.

Once hackers have their hands on your account numbers, address, phone number, and other sensitive pieces of information, they can fleece you faster than you can blink.  This is why it’s imperative to immediately change the user ID and password on all accounts that could have been identified through sifting through archived emails.

While identity theft and fraud can create huge hassles for folks who have fallen victim to an email hacker, it’s equally damaging for financial services providers who are ultimately on the hook for the losses – and, to mitigate this risk – secure document delivery capabilities are essential.

From a financial services provider’s point of view, the best way to foil a hacker is to proactively prevent the information from ever being vulnerable to exfiltration in the first place. The secure document delivery solutions that provide the best protection offer two key features.

First, it’s important to be able to segregate the attachment from the body of the email and require a password for access.  Of course, no personally identifiable information should be included in the actual email message.  Second, it’s vitally important to build in access expiration, meaning that if an email containing personally identifiable information is sitting in a user’s archive folder, a hacker can’t access the attachment because the sender controls how long a document remains accessible.

By implementing these two key capabilities with respect to secure document delivery, financial service providers can both proactively protect their customers and mitigate losses associated with email hacking.

Tagged with: , , , , , , , , ,
Posted in Data Security, Personally Identifiable Information

Leave a Reply