The vectors of attack on a single account start with email, phone and 2FA vulnerability.

Although it’s been awhile since I’ve sat in the security side of an IT house, many of the dangers remain the same.

Going after phone systems. Going after emails are still a great target for malicious hackers because it’s the place where everything goes to get reset or to provide 2FA to gain access to things.

If I put on my black hat for a minute, emails are where you go to get your passwords changed. You hit forgot password, and then it sends you an email to reset your password. If I was able to break into your email account, and then figure out which systems had your email as the username, I’ve already won half the battle into getting into your data. The next step is stupid simple. I hit “forgot password” and the darn thing shoots me a forgot password email. Some ask for the old password, and some don’t. It’s an easy access vector that gains a lot of intrusive action quickly.

The next attack vector is the phone systems. If I get access to your mobile phone provider, I can bust in and quickly create a “backup” virtual or even old school physical SIM card and lock you out of your own phone account. From there the trouble is now I can intercept your text messages, and the problem with that is 2FA is now compromised. I can password reset, get the one time passcode via text and cause more ruckus across more platforms and get access to even more of your data.

A few of my colleagues have complained about being hacked lately. So figured I’d write this post to give them some action items on what to do when you’re hacked.

Immediately change your passwords if they haven’t gotten into those systems yet. Change your email and phone provider passwords first to lock the attacker out of the most vulnerable attack vectors.

Look at all of your bank and financial instruments to ensure that nothing is out of sorts. Then change those passwords next. You might also want to change your PIN numbers on your cards.

From there freeze your credit so they can’t open cards or lines of credit in your name.

The steps are endless as you’ve got to protect against electronic fraud, financial or credit fraud, further identity theft, etc. The list goes on and on, but this is a starting point that you can launch from.

I’m no longer in the game, but there are literally dozens of great resources you can connect with to run security tests, pen testing, and other methods to ensure the safety of your account, both personal and corporate.

I am however an avid networker, and would be pleased to put you in touch with trusted professionals who are good at what they do.

All you need to do is ask.

Stay safe out there in the digital world.

Thanks for reading,
Earl Flormata
The Evil Marketing Genius

Share this article
The link has been copied!