Digital Shadows, a security research firm, conducted a research that uncovered 33,000 hacked email credentials of finance departments from different business entities. Out of these, 83% of the compromised email credentials are available with password information.
Compromising email accounts via phishing campaigns has become utterly common. According to Rick Holland from Digital Shadows, “With the right knowledge it is relatively easy for cybercriminals to find whole email boxes and accounting credentials – indeed we found criminals actively looking for them.”
As per a report from the US Federal Bureau of Investigation (FBI), losses incurred due to compromised email accounts between October 2013 and may 2018 evaluated to a whopping $12,536,948,299. Out of these compromised accounts, 41,058 victims were based out of US, while 2,565 were non-US.
In the period between December 2016 and May 2018, a 136% increase in losses due to compromised emails was witnessed all over the world.
One of the most staggering fact revealed by the research conducted by Digital Shadows is that more than 12 million unprotected e-mail archives are available on misconfigured servers.
It was also found that for hacking an enterprise’s email system, hackers don’t need special tools. There are email hacking service providers available in the market that can perform the job of hacking for you for as little as $150.
The research firm has advised organizations to configure their cloud accounts and internet-facing devices properly and make it mandatory that wire transfers should be performed manually to minimize the risk of loss. Additionally, Business Email Compromise (BEC) training should be provided to employees and compromised email credentials must be closely monitored.