In today’s digital age, email accounts have become an integral part of our personal and professional lives. However, many of us are unaware of the vast amount of information stored within our email accounts and the potential cybersecurity risks associated with them. In this article, we are uncovering the value and vulnerabilities of email accounts; shedding light on the hidden dangers they pose. Additionally, we delve into their value in Open Source Intelligence (OSINT) investigations, providing insights into the significance of email accounts in today’s interconnected world. As a disclaimer, this discussion is for educational purposes only. We do not condone malicious use of what follows.
The Power of Email Accounts in Investigations
For investigators, threat hunters, and individuals involved in blue team or red team activities, email accounts are a treasure trove of information. Let’s explore some key aspects of email accounts that provide valuable insights:
- Technical Information: Email headers, domain-related details such as MX records and IP addresses, offer technical information that can assist in tracing the origin and authenticity of emails.
- Username Information: Email addresses often contain personal details including birthdays, hobbies, pet names, sports team affiliations, viewpoints on specific issues, and naming conventions. These details can aid in pentesting activities like testing authentication processes and security measures. For OSINT and threat hunting investigations it helps with identifying patterns and pivot points that may be of interest. For example, if the email address you’re looking at was [email protected], you might want to see what information exists on [email protected], jdoe00, jdoe01, jdoe02 and so on.
These are just a few examples of how email accounts can be valuable sources of OSINT.
Understanding the Cybersecurity Risks
Let’s shift gears and focus on the cybersecurity implications associated with email accounts. In the past we’ve discussed account takeovers, and since then, there have been updates regarding security measures. For instance, Meta (parent company of Facebook) now offers a verified service that provides additional support to users.
Email accounts contain a wealth of sensitive information, both in the inbox and various folders within the account. Here are some notable examples:
- Password Reset Links: Password reset links received via email can be exploited by malicious actors who gain unauthorized access to an account. They can use these links to take control of the account or extract confidential information.
- Two-Factor Authentication (2FA) Codes: Email accounts sometimes serve as the account holder’s platform for receiving 2FA codes. If an attacker gains access to an account, they can intercept these codes and bypass an individual’s additional security measures.
- Sensitive Information: Many individuals use email to communicate and exchange sensitive data, such as financial details, personally identifiable information(e.g. SSNs, IDs, etc), or confidential business documents. Unauthorized access to an email account exposes this sensitive information to potential misuse.
- Contact List: Email accounts typically store contact information, which can be exploited by attackers to conduct phishing campaigns against the people in your contact list or find other ways to compromise them with other social engineering techniques.
A Real-Life Example: Business Email Compromise
To illustrate the real-world consequences of email account compromises, let’s explore a scenario involving a business email compromise as recounted by a realtor:
- The Compromise: A malicious actor gains access to a legitimate email account, either through phishing or technical means.
- Targeting the Closing Process: In this example, the attacker focuses on upcoming closing dates. Once they identify a closing date, they send an email to the buyer from the compromised account, posing as a trusted party that’s part of the closing team, such as the real estate attorney, mortgage lender, or real estate agent.
- Manipulating Wiring Instructions: The fraudulent email contains altered wiring instructions, directing the unsuspecting buyer to transfer funds to a bank account controlled by the attacker.
- Getting Duped: The recipient, believing the email is legitimate due to its source, unwittingly wires the funds to the fraudulent account.
- The Consequences: If the buyer’s bank fails to conduct proper due diligence and execute the transaction, the buyer is out the money they wired. Depending on the buyer’s current station in life, that loss could be a financial burden on them.
If any of this resonates with you and you’re looking for proactive help for yourself or your business, or if you’re an attorney that needs help figuring things out for a case with stuff like this, contact us and let’s talk. Fill out the contact form below and while you’re here, sign up for our newsletter.