NIS2, Are you on scope?
Belgium's new cybersecurity law will soon enter into force. Check it out now.
Account hacking happens when malicious people take over the control of an account or use it for malicious purposes such as stealing sensitive data, sending messages in someone else’s name and reach out to their network, or getting access to an organisation’s environment. This article gives the best practices to protect against such attacks and what to do in case it already happened.
Account hacking happens when an unauthorized individual gets access to an account and all the information it contains to pursue malicious intentions, like stealing sensitive data or reaching a wider network of people the victim is connected to. This scam can happen to any type of online account: email (personal and professional), social media, administrative sites, online platforms, corporate applications, chat services etc. Account hacking can have dire consequences: access to the victim’s money to steal it and identity theft to act on the victim’s behalf and gain profits.
There are several ways hackers can get into an account:
* Weak passwords;
* Phishing attacks where they convince the victim to share credentials; or
* Password-stealing viruses, that when installed on a device, steal the login credentials it can find.
An organisation’s collaborators are its first line of defence. Your collaborators need to be made aware on how to identify scams and fake message in order to adopt the right reflexes. There are several ways cybercriminals try to steal collaborators’ credentials in order to get access to an organisation’s resources. A very common way is to use a phishing email, through which cybercriminals try to convince their victim to share passwords or confidential information. It is thus important to have regular informative sessions to train the collaborators about not sharing too much on social media and not clicking on a link or opening a file without analysing where it comes from first.
• Is it unexpected?
• Is it urgent?
• Do you know the person who sent the e-mail?
• Do you find the request strange?
• Where does the link you need to click on lead to? (only hover on it with your mouse, do not click)
• Is there a QR code in the message?
• Are you being personally addressed?
• Does the message contain many linguistic errors?
• Is the message in your Spam / Junk folder?
• Is someone trying to make you curious?
• Are you asked to make a payment?
Accounts are an entrance door to an organisation’s whole environment. They thus need to be protected by using strong passwords that are different for each account. A strong password is one of at least 12 characters and has a combination of upper and lower cases, numbers and symbols. In combination with a strong password, Multi-Factor Authentication should also be enabled wherever possible. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.
Since it could only takes one vulnerability in a system, application or device for cybercriminals to compromise in order to cause damages and get access to information, installing updates as soon as they are available is crucial. It ensures a strong cyber defence and makes sure that the system version being used is still supported by the vendor.
There are several ways a device can be infected by a virus: opening an attachment, clicking on a link, plugging a USB drive or simply surfing through a website. A virus is a malicious software that aims at damaging resources, deleting files, slowing down performances or stealing confidential information. Once a virus is on the computer, it will take time, effort and financial means to remove it. This is why it is better to protect all devices allowed to connect to the organisation’s network with an antivirus software upfront.
In addition, a firewall should be used to monitor and filter the access requests to the corporate network based on predefined security rules. The firewall acts as a wall between the corporate network and an untrusted network (e.g., home network, Internet). It will allow the organisation to limit external access only to authorised people.
Avoid browsing through unsure or illicit websites such as platforms offering counterfeit goods or software, or illegal streaming services. Scams are more frequent on those types of websites as it is easier for cybercriminals to penetrate them.
In order to look like an organisation’s official website, cybercriminals will often provide an address that looks like the legitimate address of that organisation (for example myorganisation [.]be instead of my[.]organisation [.]be). Another option for them is to use a different top-level domain from the legitimate one (such as, .org instead of .com or .be). In addition, they can play with letters and numbers in order to make people think they are on the right website. For example, they might use a capital ‘i’ to replace the letter L or the number zero instead of the letter o.
When the exact legitimate website address of an organisation or of a web resource is unknown, a quick research on one of the most known search engines can help identify it without having to click on a suspicious link.
Public Wi-Fi or public computers are a handy solution as people can access professional resources, browse websites, or manage their social media almost everywhere. However, as the name indicates it, it is public and everyone can access it, including scammers and criminals. If it is wrongly configured, a public Wi-Fi or computer can be used to monitor the activities of people connected to it and steal their information. Always prefer your organisation professional WI-FI network and professional devices to access professional resources.
If the website allows it, all the log-ins made to an account can be viewed along with the devices used to connect to it. This list should be reviewed regularly to ensure only known devices and locations were used to connect to an account. As soon as an unknown device or location appears in the list, it should be immediately removed and the password should also be modified right away.
As soon as an account is not used anymore, it is better to delete it completely to make sure the information it contains cannot be accessed without the owner’s knowledge.
Some personal information are not needed for specific services. For example, providing a social security number to buy something is not necessary. A website asking for unusual information for the service provided can be an indicator of scam.
Always sign out of the accounts that are not currently used. This ensures that if someone gets access to the device, they cannot immediately enter all the accounts it contains.
Personal data is a very valuable information for cybercriminals. They can use it to impersonate people or to target an organisation’s colleagues, clients or providers. They can also use it to pursue criminal business under someone else’s identity, or to get access to bank accounts, mobile providers and much more. Personal data is one of the most important information a person has and should be treated accordingly.
1. Report the incident immediately to your IT responsible.
2. Warn your colleagues that they might be getting a message from someone impersonating you but that they should not trust it.
3. Change all the passwords that were given (if any) on all the accounts they are being used.
4. If you can’t access the accounts anymore, use the recovery options to gain access again and then change all your passwords.
5. Scan your device with an antivirus.
6. If the scam was about a bank account, immediately contact the finance responsible to inform them of the incident. If you notice that money has been stolen from your bank account, be sure to file a complaint with the police.
7. If you are the responsible of that bank account, call Card Stop on +32 78 170 170 and make sure to check your account statements. If you identify any suspicious activity, immediately call your bank so they can help you out.
8. Check your posts and orders and if you see any change made or order placed by someone else, save the evidence, delete the publications or cancel the orders and reach out to the concerned services to file a complaint.
Always report scams that happened via mail to your IT Responsible and to the relevant national authority (suspicious@safeonweb.be (EN); suspect@safeonweb.be (FR); verdacht@safeonweb.be (NL/DE)) and immediately delete it.
Paying criminals the ransom requested encourage them to execute another attack on your organisation and gain even more profit. You can find more information about ransomware in our article.
The aim of this content is to share and raise awareness of good cyber security practice.
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.