It's bad enough when your e-mail account is hacked; it can take time to get back into the account, and when you do, you may discover it's been used to send out all sorts of scurrilous content. But according to Paul Wood, senior analyst at MessageLabs Intelligence, a hidden threat may lurk after an individual's e-mail address has been hacked: He or she may now be vulnerable on a variety of sites that use that address to authenticate identity.
"Your e-mail address is unique to you and is often used by a number of other sites, especially social networking sites, to actually provide your log-in name," Wood said. End users often make their passwords the same on a variety of sites where they authenticate with the same e-mail address, he added.
"Even if you don't share the same password, if I now have the keys to your e-mail account, then I can go to any number of different social networking sites and just try the password reminder, and if you have an account on that site, it will then provide a link via your e-mail, which I now have access to, to change your password on that Web site, and then gain access," he said.
Once a cybercriminal has access to an individual's account on a number of sites, it makes personalized phishing scams easy.
"If you have access to a real account on a social networking site or other sites, as a bad guy, you can then send…
Please log in or subscribe to read this article