One of the most common cyber threats we encounter at LNW starts outside our organization, when the email account of a client is hacked or otherwise comprised. We take this threat very seriously because a compromised email account is a risk to both client privacy and finances.
What typically happens if an attacker gains access to your email account? They may be able to access past communications regarding your finances (content, tone, frequency) and they may also be able to reset your password(s) on other accounts using the “forgot password” feature. The hacker can then pose as you and send us requests to transfer funds or reveal sensitive financial information.
LNW has long had robust safeguards in place to prevent these types of attacks from succeeding, including Standing Letters of Authorization (SLOAs) and verbal confirmations for fund transfers. On your end, there are important steps you can take to proactively protect your information and reduce your risk. Below I outline key things you can do to prevent, detect and respond to email threats.
PREVENT
- Set strong, unique passwords. This makes it significantly harder for attackers to guess or crack your email credentials. Keep in mind that current guidance suggests that the length of your password is more important than its complexity (different types of characters). We recommend using passwords that are at least 14 characters long. The password can be a phrase unique to you or something only you would know.
- Use different passwords for different sites, especially for sensitive accounts like the email you use most often. If one password is compromised in a breach, using it across multiple platforms makes all those accounts vulnerable through a technique called password replay.
- Enable two-factor authentication (2FA) to add another layer of defense. With 2FA, a stolen password alone isn’t enough for an attacker to access your email. Most major providers support 2FA, and if you haven’t enabled it yet, now is the time.
DETECT
Being able to spot malicious emails and knowing the signs of a compromised email account can help you act before serious damage is done.
- Beware of opening any email you were not expecting or from an unfamiliar source. “Phishing” emails often masquerade as legitimate messages from familiar sources (airlines, shipping services, real estate agencies, etc.), all trying to entice you to log in or open attachments. If you take the bait, attackers can gain direct access to your credentials. Each time you receive an email you were not expecting—especially one asking you to log in—exercise caution. Carefully review the email address it was sent from, look for obvious misspellings. Also suspicious is an email with an urgent request (call to action) asking you to click a link or button.
- Review your inbox rules periodically. Attackers often set up hidden mailbox rules to forward emails to external accounts or hide communications they don’t want you to see. Reviewing your inbox rules periodically can help you spot any unauthorized changes.
- Look for bounce-back messages or other responses for emails you did not send. This may indicate that an attacker is using your account to distribute phishing emails. Similarly, if friends or colleagues report strange messages from you, or you see unfamiliar responses in your inbox, it’s worth investigating.
- Check your account’s login history. Most platforms allow you to view recent login attempts, including the device type and geographic location. If you see logins from unfamiliar places or times, take action. Also, be wary of unexpected 2FA notifications. These can be a sign that someone is trying to use your credentials and is hoping you’ll approve the login request without thinking.
RESPOND
If you suspect your account has been compromised, act immediately.
- Start by changing your password to something strong and completely new. Then, enable two-factor authentication if it was not already in place. Most email platforms also allow you to force log out of all active sessions—do this to ensure no unauthorized users remain logged in.
- Once you’ve secured your account, take time to review what the attacker might have done. Check your sent messages and inbox rules for anything unusual. If you identify suspicious activity, contact any individuals who may have been targeted by the attacker, and let them know your account was compromised. It’s also crucial to notify your advisor at LNW, as well as any other financial institutions you work with. This helps us apply heightened security measures to your future communications.
- Finally, update the passwords on all your sensitive accounts and confirm that 2FA is enabled on each one. Keep a close eye on your email login history and be extra vigilant for new 2FA prompts that you didn’t initiate. These could indicate continued attempts to access your account using old credentials or information gathered during the original breach.
Keeping in Touch
A hacked email account is a serious threat, but with the right steps, it can be managed and mitigated. At LNW, we’re committed to helping you and your family thrive financially as well as personally, and that includes doing all that we can to support your privacy and digital security.
