What Can a Criminal Do With Your Email, (Even If You Change Your Password)?

hook and email phishing concept

Have you ever sent your social security number in an email? Maybe not. But could someone tell where you bank from your emails? Most likely. A lot of us don’t think twice about the identity trail we leave in emails. But your email is a goldmine of information. Here are some of the events that can, and often do, transpire after someone’s email is compromised.

1. Trick You Into Thinking You Changed Your Password

Chances are if someone got your credentials, you fell for a phishing scam. Don’t be ashamed. Phishing schemes are sophisticated tools used by well-funded criminal networks around the world. They know exactly what to say and how the email should look to get you to fall for it. They often use tactics to evoke emotion. Emotion bypasses your logical mind that would think something’s “phishy”. 

These emails may spoof a company that you get emails from all the time like Microsoft, Google, or Facebook. They may tell you your account has been compromised and that you should click a link in the email to change your password. Except the link goes to a spoof website that looks exactly as it should. Without thinking about it, you enter your current password. And worse yet, if you used the same password on multiple websites, they may now have access to your bank accounts, retirement, Amazon, and more.

Often criminals attack you when you least expect it. So they may create a phishing scam on a low-security website hoping you also used that password on high-security accounts.

2. Download Your Emails

You may have this picture of a criminal searching your emails one by one trying to find something they can use. But the truth is much more sinister. They can download all of it as soon as they get into your account. Then they have all of the time in the world.

So, even if you realize fairly quickly what has happened, they’ve got what they want.

3. Use Software to Find Information

You may think that private information is a needle in a haystack. What are the chances they would find it? Know that criminals use specialized software to scan your emails for keywords, companies, and types of documents that may have the information they can use to harm you or those around you.

4. Send Phishing Emails to Your Grandmother

This criminal now has your contacts so they can easily send emails (or other communications) to your grandmother or a person who may be less tech-savvy. These emails may say you’re in trouble and ask the vulnerable recipient to send money. They’re customized based upon the relationship between you and the other person. 

This criminal can “sound” just like you in an email because they have all of your emails.

5. Send Embarrassing Photos or Emails to Others

A criminal doesn’t have to personally know you to think it would be funny to send an email to your boss or a client that includes compromising images from your email or another account.

When Sony Pictures was hacked six years ago, the criminals made public embarrassing private comments that Sony Execs had made about A-list actors in their emails.

6. Send Phishing Emails to Your Co-workers Or Boss

They could also steal your boss’, co-workers’, or clients’ information by making it appear to come from you. Phishing is the gift that keeps on giving. 

7. Find Out Where You Keep Your Money

Chances are you get or receive emails from your bank, credit card companies, Paypal, Venmo, investment websites, and more. These narrow down the targets for the criminal. Most people would be devastated if someone wiped out their retirement. But what about two-step authentication? At least that protects you. Think again. Often criminals can piece together what they need through your email, social media, other websites to get past these roadblocks.

8. Ask an Associate to Change Payment Destination or Send Payment

Do you manage people who have access to the purse strings of a company? Or does a client owe you money? A criminal can hijack this process, getting someone to send a large sum of money to an untraceable series of accounts, often in multiple countries. Stopping or reversing a transaction like this is nearly impossible.

Something similar happened to  Barbara Corcoran’s team earlier this year to the tune of $400,000, not small change, even for the SharkTank investor. Someone pretending to be a co-worker forwarded an email that appeared to come from Barbara, stating that payment needed to be sent to X account immediately.

9. Use Social Engineering to Force Your Hand

Often these criminals use a technique called social engineering to get people to send money. Social engineering taps into the average person’s desire to please others, follow a boss’ instructions, and do other very human things. For example, in many companies, not following a direct order would be insubordination, so the criminal may use language that makes an employee fear not following instructions promptly.  

Alternatively, they may send a lower-level employee an email from an account that appears to be coming from someone in C-suite that the employee doesn’t directly know. This fake C-suite person asks the employee for help because the boss is unavailable. This employee wants to impress C-suite, so they comply. If you are in upper management, they can do this to your employees in your name. 

10. Work Their Way Up Through an Organization to Get What They Want

If the criminal still has access to your business account, they can send even send emails directly from “you”, making it seem even more authentic. That’s called Business Email Compromise. 

Using social engineering, a criminal could gain access to a C-suite account by pretending to be from the IT department, for example. Once a criminal has just one email account within a company, they can work their way up an organization. Eventually, they get to the email accounts of the decision-makers.

Your Email: A Goldmine for Criminals

Your email is a goldmine of information. And once a breach happens, that criminal already has everything they need to harm you or your contacts. It’s essential to understand the many ways criminals gain access. Educate employees about these scams. Stay vigilant as a person and company to prevent or reduce the damage of these attacks.

About Southeastern Technical

We help leaders discover how they can have stable, reliable information technology (IT), so their organizations can experience fewer IT problems and security threats.


Recent posts

solutions for real-world problems

We’ll send technology tips to help you resolve existing problems, information about underlying problems in your IT environment and how to solve them, and how to reduce digital security risk for your business.

Stay Connected