Email and Spam

I recently read the nonfiction book Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door by Brian Krebs. This informative book discusses various cybercrimes but focuses on the Canadian Pharmaceutical emails that used to be very prevalent in the early 2000s.

In his book, Krebs traces these messages back to corrupt banks, poorly secured routers, and bureaucrats willing to be bribed. He eventually discovered and met with the two competing Russian nationals who were responsible for a significant percentage of spam sent over during that time. They had each made millions of dollars by manufacturing counterfeit pharmaceuticals and selling them online from fake pharmacies pretending to be in Canada. The book is a reminder that your digital assets are extremely valuable to criminals.

A hacked email account has several uses for a criminal. The one that usually comes to mind is privacy. The criminal can do more than read your emails, see who your friends are, and look at your photos.

If they have access to your account, criminals also use your email to send spam in your name and access your bank accounts. In the book, Krebs notes that none of the criminals used their own email accounts or equipment. Instead, they used an array of stolen email accounts, hijacked routers, and compromised computers to steal money from desperate people.

Hacked email accounts are used to harvest valuables like product license keys for software that you own. They also use these accounts to access file hosting and online backup sites such as Google Docs, Dropbox, and One Drive. Accounts from Amazon, Walmart, and other online retailers are also checked. If they gain access to these accounts, they might make purchases for themselves, or see when your purchases will arrive. The criminal can either arrange to steal the deliveries themselves or sell the information to other thieves.
Krebs notes on his website that a compromised iTunes account sells for about $8, and Facebook and Twitter accounts are about $2 each. Your email account can also be sold for a few dollars. Even old passwords have some value to other criminals because people often reuse them.

To protect your email, ITC actively watches for spam activity, updates software, and works to prevent and stop active attacks. We also have secure login portals for people who are traveling abroad, and we monitor public lists for accounts that have been compromised.
The most important thing you can do is use a complex password that is at least 12 characters long, although 14 is better. It must contain a combination of letters, numbers, and special characters. The more complicated the password is, the less likely a criminal will “guess” the password using automated software. While it is tempting to use that password on another website, this is a bad idea. If your password is somehow stolen from that site, they will have your password for every site you used it. One of the first things the criminal does is try to log into your email address.

If you haven’t changed your password recently, visit the ITC website and update it today. It’s your best defense!

-Michael Martinell, The Broadband Guy