Why your email accounts should not be hacked this year
Throughout the course of last year, while I was undertaking my graduate programme, I could count the numerous times my father forwarded me scripted “phishing” emails, that had been well crafted like it was been sent from the yahoo customer service team informing my dad that the email he had opened was going to be deactivated except he updated his information by clicking on the provided link which was of course false. Being a Nigerian, the drive to always be ahead of anyone made his instincts kick in so as not to trust such emails thus, sending it to me to verify the authenticity. I was surprised and happy that he was aware of harmful spamming and “phishing” emails that usually existed in everyday email conversation, or just maybe his organization was part of the few industries in Nigeria that provided online security awareness to their staffs which I am convinced should be part of any business culture in the 21st century that had any of its assets which includes people, technology or process connected to the internet. Being enthusiastic after informing my dad to ignore such emails knowing it lacked integrity and not coming from the real identity it claims, I went on to carry out my own analysis of the malicious activity this email was designed to deliver. It was designed to redirect a user’s click to a fake yahoo login page where an unsuspecting user enters their correct login information before been redirected to the authentic yahoo page. Here is what will happen if you do not realise the malicious activity here, a user has provided their real email usernames and password on a fake yahoo login site that is owned by a cybercriminal, now that cybercriminal has your email credentials and can carry out any activity they intend to with it. So why should your email account not be hacked this year, Two Factor Authentication.
The improvement of all email providers to increase email security to this is really creditable, and apparently most online Nigerian users still don’t know its existence yet its usefulness. Using a username and a password to login to any online email or website is one factor of authentication which is ‘what you know’. There are three factors of authentication namely ‘what you know’, ‘what you have’, ‘what you are’. Come in ‘Two Factor’ that is when you use any of two of the factors before accessing your email. The two factor authentication that has been created by probably all leading email providers notable Yahoo, Gmail, Hotmail etc. are ‘what you know – your password’, ‘what you have – your mobile device’, to make it simple we all know our usernames and passwords that is one if someone else gets to know it then they could access your email without your authorization. Like your ATM card if one knows your pin, but does not have your card he/she cannot withdraw from your account on the ATM except through more advanced and costly means like duplicating your ATM card, so the second factor ‘what you have’ for email accounts is when you provide your mobile device then a text containing a verification number is sent to you immediately for you to verify that the mobile number is yours and accessible by you. Enabling two factor authentication ensure that whenever you provide your username and password, another step is taking for you to provide the verification number that was sent to your mobile phone at that moment. So whoever tries to access your email just by knowing your username and password cannot login since they don’t have your mobile phone with them. The end goal here is nothing is 100% secured if given time, but a cybercriminal will be discouraged if they have to go through long and costly means just to access your email account.
So how can you implement this easily? You have that email address you used to register for social media account and other web applications, enable the two factor authentication on this account and if it is not available, create an email with a provider that gives this service and make sure your main email has its recovery email set to the account that has two factor authentication, so whenever a cybercriminal is trying to change your social media accounts password they cannot access the email you used to get registered, only if they have your mobile phone with them which is another long daunting process for them. For instructions on how to enable two factor authentication on your email providers, use the google search engine for so many easy steps/tutorials.