PGP and how it works
So, you think your e-mail account have no use for hackers? You are not a rock-star and have nothing interesting in your mails. And that’s why you have done nothing to protect it. Like most of people who think so – you are wrong. Yes, may be you have nothing interesting in you inbox, but hackers could easily make profit by hijacking you e-mail. How? There are several methods.
1. Fastest and easiest – sell your address to spammers. Spammers always seek proved e-mail to send their “buy viagra” messages.
2. If you linked your e-mail to Facebook, or other social services and received login and password from them – that’s good profit for hackers. Spammers pay well for social accounts. Most of social networks account hijacks are made after e-mail hacking.
3. You had your banking or PayPal account linked to e-mail? Now you are really in trouble. Let’s hope your bank invested in two-factor authentication, or you can loss all money.
4. Hijacking e-mail for a ransom is also popular crime. Hope you have not use your e-mail for something questionable.
5. Hacking by request. Competitors, family members, neighbors, or just enemies could be interested in your e-mail negotiations. “E-mail hacking” is among the most popular requests in Google. Proposal of such services is big and prices are low.
So, virtually any e-mail could bring some cash for hacker.
In most cases, however, you personally is not the target. Usually the whole e-mail service is targeted. Mass hacking is the most profitable. So hackers constantly trying to break popular e-mail services with the goal to break as much account as possible.
Despite the fact that Internet is not young, strict authenticating of users is still an actual problem. Strong authentication is the most high demanded feature of critical services like financial or legal.
While biometry is the most popular media theme cryptography certificate authentication are the most widely used solution. There are many implementations of this type of two factor auth – digital certificate could be stored on flash drive, or smart card, or special dongle. But, anyway, certificates that are connected to PCs are vulnerable in principle. One-time passwords, on the other hand are more secure. But, to support OTP solutions, unfortunately developers must took some significant efforts, while certificate authentication are supported usually “out-of-the-box” by commercial software. So, only reach banking organizations with strong development teams support OTP tokens.
PGP and how it works
Protected e-mail, PGP and two-factor authentication
Mailbox – the main element of Internet and the base of modern workflow. Every service now needs e-mail as a major element of registration. In all registration forms e-mail comes first and is mandatory.
So, with your e-mail you get access to all social networking and financial services. That’s why your e-mail is a sweet catch for all type of hackers. Hacking your e-mail they will get access for all your accounts.
More than that, losing social contacts could make troubles, but losing banking account could be deadly. Spamming from your account can lead for loosing some virtual friends, but identity theft could lead to loosing all savings.
So, if you think about Internet security, you need to think about e-mail protection at first.
Fortunately you could take some simple steps to significantly increase protection:
1. Select well protected server. Not all services (especially free services) are well protected. Carefully read references and opinions about e-mail service provider. Take special look at SPAM and anti-virus protection.
2. Select complex password. Research shows that still nearly half of passwords are very simple and most popular are “password”, “123456”, “qwerty” etc. It is obvious that this password could be easily guessed by hackers even without special hacking software.
Quality passwords now should be no less than 10 symbols with digits, capital letters and special symbols. There are many good random password generator. Try one. Do not store passwords in files with the name “password”, do not store password on smartphone, this id insecure. If you can not remember passwords use one of password protection programs that encrypts output.
3. Always select unusual secret question. You mother name – is insecure question. “Hamburger” for “Your favorite dish” is insecure answer. Because this are questions and answers that are easily guessed. And could be found easily by social engineering. So, always select question and answer only and exclusively you know.
4. Connect your e-mail access with phone number. If possible turn off SMS notifications on e-mail access. In case of hijacking it will help you to return your e-mail fast.
5. Select trustworthy secondary e-mail on different e-mail service. It also must be protected the same way as your main address. Never use non-existent address as secondary or you will never get your e-mail back if hacking happened.
6. Fishing. Be prepared for it. If somebody send you e-mail with ask for password and login – never answer. Administrators never send such e-mails. All such e-mail are written by fraudsters. Be careful with links in e-mail, they could lead to fishing sites.
Fishing sites could in most cases easily found by reading address of incoming mail and links in mail body. Addresses like firstname.lastname@example.org are in most cases fraudulent, and link somemai1.ru leads to fishing site. The best way to deal with it – simply ignore links from unknown addresses.
With this simple rules, you could secure your e-mail and accounts.
But the best protection is using services two-factor authentication. Like with SMS, or OTP tokens. Two-factor authentication will help you in 95% cases.