How even the most vigilant people's email accounts get hacked

Estimated Reading Time: 4-5 minutes

In a world where cyber threats are becoming more sophisticated by the day, even the most vigilant people can find themselves falling prey to email hacking. Attackers are now capable of mimicking trusted contacts so convincingly that even experienced users might not spot the deception until it’s too late. The result? Compromised accounts, stolen data, and significant risks to your organisation’s security.

In this blog, we explore how even the most cautious individuals can become victims of these cunning tactics. We’ll also share practical steps you can take to stay one step ahead and protect both yourself and your business from these increasingly sophisticated attacks.

Don't become a victim, this is how even the most vigilant people's email accounts get hacked

1. You receive an email from someone you know

2. You check the "from" address, it is correct, it has their usual signature, every check you do passes

3. But... That person's email account has already been hacked and it is the hacker sending you an email using their account

4. The hacker will have studied emails between the two of you, so the language used will be consistent with other emails

5. The email could be dressed up in many different ways, here are a few I’ve seen

1. “Joe Blogs shared a document with you”, it might look like a Microsoft 365 OneDrive/SharePoint sharing link or Dropbox, or some other file sharing service

2. “Invoice from Joe Blogs for XXXX”, it might look like the type of email you get from Xero, Sage or Quickbooks.

6. If you click the link you are taken to a fake login page on a phishing website

7. If you enter your login credentials you are shown a document, invoice, or whatever it purported to be in the email so you don’t think twice

8. Multi factor authentication won’t protect you, phishing websites have improved and will prompt you for your multifactor authentication code, which they then immediately use to access your account.

How do you protect yourself and your organisation?

Staying safe from these types of attacks requires constant vigilance and a proactive approach. Even small mistakes can lead to significant consequences, so it's essential to be prepared. Below are key steps you and your organisation can take to stay ahead of hackers and protect your sensitive information from falling into the wrong hands.

1. Stay vigilant with every email, even from trusted contacts and colleagues

2. If you're asked to click a link, or copy a website address into a browser and it prompts for your username and password, STOP AND THINK

1. Close the browser

2. Visit the website independently and login if required.

3. Click the link in the email

4. If you are asked to login again STOP and call your IT support provider to check

3. If you've entered your username and password and then think it might've been dodgy, report it to your IT support provider immediately. If you report it quickly they’ll be able to minimise any damage. The longer you leave it, the worse it could be

4. If you're asked to change bank details, pay an invoice, purchase gift cards, etc STOP AND THINK

1. They will often try and put you under pressure, an urgent deadline, potential lost business etc

2. Consult your policies about what to do in this scenario, if you aren't sure then speak to your manager on the phone

You won't be fired for sticking to company policy or procedures, but you could be fired if you don't!

FAQ's

How can I tell if an email is a phishing attempt?

Phishing emails often mimic trusted contacts and brands, but there are subtle signs to look for. Check for spelling or grammar mistakes, suspicious URLs, or unusual requests. Always be cautious if you're prompted to provide sensitive information like passwords.

What should I do if I’ve accidentally clicked on a phishing link?

Immediately close the browser and disconnect from the internet if possible. Do not enter any credentials. Contact your IT support team right away to report the incident - they can guide you on the next steps to minimize potential damage.

Can multi-factor authentication (MFA) fully protect me from phishing attacks?

While MFA adds an extra layer of security, it’s not foolproof. Some phishing websites are designed to capture both your login credentials and MFA codes in real time. Always double-check the legitimacy of a login page before entering any information.

How can I verify if an email from a colleague or a trusted contact is legitimate?

If you have any doubts, don’t click any links or download attachments. Contact the person directly via a separate communication channel, such as a phone call, to confirm they sent the email.

What steps can my organisation take to reduce phishing risks?

Implement company-wide training to help employees recognize phishing attempts, enforce strict policies around email and payment verification, and work closely with your IT support team to stay updated on the latest cyber threats.

If I’ve already shared my password on a phishing website, what should I do?

Change your password immediately and inform your IT department. They can help ensure that no further damage is done and may assist with a security review of your account.

How Telanova Can Help Your Berkshire Business

At Telanova, we specialise in providing comprehensive IT support to businesses across Berkshire, helping you stay secure in an increasingly complex digital landscape. From safeguarding your email systems to implementing robust cybersecurity measures, we tailor our solutions to meet the unique needs of your business. Whether you're based in Bracknell, Ascot, Wokingham, or the surrounding areas, our expert team is ready to help protect your business from email threats and beyond.

Contact us today on 01344 567 990 to discuss how we can help you strengthen your IT security and ensure your business operates smoothly without disruption.