Presented By

Topic:

Email Hacking Preventions

 Presentation Layout

a) What is Hacking?
b) Email Hacking Methods.
c) Preventions of Email Hacking.
 a). What is Hacking?

The word “hacker” was used to

describe a great programmer.
• Someone, able to build complex
logics.
• Someone, exploiting weakness of a
system to gain unauthorized
access.
• A person who doing hacking as known
as “Hacker”.
 b). Email Hacking Methods
1. Phishing Attack
2. Key Logging
3. Brute Forcing
4. Social Engineering
 1. Phishing Attack
Phishing attack will direct the user to visit a website
they are asked to login with your email which is look like the
where
legitimate website but in reality it is fake.
Phishing scams could be:
• Emails inviting you to join a Social Group, asking you to
Login using your Username and Password.
• Email saying that Your Bank Account is locked and
Sign in to Your Account to Unlock it.
• Emails containing some Information of your Interest and
asking you to Login to Your Account.
• Any Email carrying a Link to Click and asking you
to Login.
 2. Key Logger
• With key logger hacking email is more
easy and simple than phishing.
• It is a simple .exe executable file.
• When someone click it, the key logger
auto download.
• And you’ll , on your computer, you
start it, and put in the IP of destination,
and every hour you will receive keys
pressed on his computer.
 3. Brute Forcing
• Trying a random approach by attempting different passwords and hoping that
one works.
• Some logic can be applied by trying passwords related to the person’s
name, job title, hobbies, or other similar items.

• Brute force randomly generates passwords and their associated

hashes.
• Tools which perform the Brute force attack are:
1. Aircrack-ng
2. John the Ripper
3. Rainbow Crack
4. Ophcrack
5. Hashcat
c) Preventions of Email Hacking
Prevention Against Phishing
• Read all the Email Carefully and
Check if the Sender is Original.
• Watch the Link Carefully before
Clicking.
• Always check the URL in the Browser
before Signing IN to your Account.
• Always Login to Your Accounts after
opening the Trusted Websites, not by
Clicking in any other Website or Email.
Prevention Against Key Logger
1. Encrypt Keystrokes i.e
KeyScrambler, Zemana
AntiLogger etc
2. Use AntiVirus i.e Panda
Cloud AntiVirus, Kaspersky
AntiVirus etc
3. Use Firewall i.e ZoneAlarm
Free Firewall, Comodo Free
Firewall etc
4. Use Password Manager i.e
LastPass etc
5. Update Your Software
Prevention Against Brute Force
• Minimum length of at
least seven characters
• Must include both upper and
lower case characters

• Must include numeric

characters
• Must include punctuation
Conclusion:
• Always configure a Secondary Email Address for the recovery purpose.

• Properly configure the Security Question and

Answer in the Email Account.
• Do Not Open Emails from strangers.
• Do Not Use any other’s computer to check your
Email.
• Take Care of the Phishing Links.

• Do not reveal your Passwords to your Friends or Mates.

Consequences of Email Hacking
20 WAYS TO KEEP YOUR
INTERNET IDENTITY SAFE FROM
HACKERS
1. NEVER CLICK ON A LINK YOU DID NOT EXPECT TO RECEIVE 

• The golden rule. The main way criminals infect PCs with malware is by luring users to click on a link or open an
attachment. Sometimes phishing emails contain obvious spelling mistakes and poor grammar and are easy to spot.
However, targeted attacks and well-executed mass mailings can be almost indistinguishable [from genuine emails].
Social media has helped criminals profile individuals, allowing them to be much more easily targeted, he adds. They
can see what you're interested in or what you [post] about and send you crafted messages, inviting you to click on
something. Don't.
2. USE DIFFERENT PASSWORDS ON DIFFERENT SITES 

• With individuals typically having anything up to 100 online accounts, the tendency has
become to share one or two passwords across accounts or use very simple ones, such as
loved ones' names, first pets or favourite sports teams. Indeed, research by Ofcom last
month revealed that over half of UK adults (55%) use the same passwords for most, if not
all, websites they visit, while one in four (26%) use birthdays or names as passwords. Any
word found in the dictionary is easily crackable. Instead, says Sian John, online security
consultant at Symantec, have one memorable phrase or a line from a favourite song or
poem. For example: "The Observer is a Sunday newspaper" becomes "toiasn". Add numerals
and a special character thus: "T0!asn". Now for every site you log on to, add the first and last
letter of that site to the start and end of the phrase, so the password for Amazon would be
"AT0!asnn". At first glance, unguessable. But for you, still memorable."
3. NEVER REUSE YOUR MAIN EMAIL PASSWORD 

• A hacker who has cracked your main email password has the keys to your [virtual] kingdom. Passwords from the
other sites you visit can be reset via your main email account. A criminal can trawl through your emails and find a
treasure trove of personal data: from banking to passport details, including your date of birth, all of which enables ID
fraud. Identity theft is estimated to cost the UK almost £2bn a year.
4. USE ANTI-VIRUS SOFTWARE 

• German security institute AV-Test found that in 2010 there were 49m new strains of malware, meaning that anti-
virus software manufacturers are engaged in constant game of "whack-a-mole". Sometimes their reaction times are
slow – US security firm Imperva tested 40 anti-virus packages and found that the initial detection rate of a new virus
was only 5%. Much like flu viruses and vaccine design, it takes the software designers a while to catch up with the
hackers. Last year AV-Test published the results of a 22-month study of 27 different anti-virus suites and top-scoring
packages were Bitdefender, Kaspersky and F-Secure. Meanwhile, security expert Brian Krebs published the results of
a study of 42 packages which showed on average a 25% detection rate of malware – so they are not the entire
answer, just a useful part of it.
5. IF IN DOUBT, BLOCK

• Just say no to social media invitations (such as Facebook-friend or LinkedIn connection requests) from people you
don't know. It's the cyber equivalent of inviting the twitchy guy who looks at you at the bus stop into your home.
6. THINK BEFORE YOU TWEET AND HOW YOU SHARE INFORMATION

• Again, the principal risk is ID fraud. Trawling for personal details is the modern day equivalent of "dumpster-diving", in
which strong-stomached thieves would trawl through bins searching for personal documents, says Symantec's John.
"Many of the same people who have learned to shred documents like bank statements will happily post the same
information on social media. Once that information is out there, you don't necessarily have control of how other
people use it." She suggests a basic rule: "If you aren't willing to stand at Hyde Park Corner and say it, don't put it on
social media."
7. IF YOU HAVE A "WIPE YOUR PHONE" FEATURE, YOU SHOULD SET IT UP

• Features such as Find My iPhone, Android Lost or BlackBerry Protect allow you to remotely to erase all your personal
data, should your device be lost or stolen. "Absolutely, set it up," advises Derek Halliday of mobile security specialist
Lookout. "In the case where your phone is gone for good, having a wipe feature can protect your information from
falling into the wrong hands. Even if you didn't have the foresight to sign up, many wipe your phone features can be
implemented after the fact."
8. ONLY SHOP ONLINE ON SECURE SITES 

• Before entering your card details, always ensure that the locked padlock or unbroken key symbol is showing in your
browser, cautions industry advisory body Financial Fraud Action UK. Additionally the beginning of the online retailer's
internet address will change from "http" to "https" to indicate a connection is secure. Be wary of sites that change
back to http once you've logged on.
9. DON'T ASSUME BANKS WILL PAY YOU BACK

• Banks must refund a customer if he or she has been the victim of fraud, unless they can
prove that the customer has acted "fraudulently" or been "grossly negligent". Yet as with any
case of fraud, the matter is always determined on an individual basis. "Anecdotally, a
customer who has been a victim of a phishing scam by unwittingly providing a fraudster with
their account details and passwords only to be later defrauded could be refunded," explains
Michelle Whiteman, spokesperson for the Payments Council, an industry body. "However,
were they to fall victim to the same fraud in the future, after their bank had educated them
about how to stay safe, it is possible a subsequent refund won't be so straightforward. Under
payment services regulations, the onus is on the payment-service provider to prove that the
customer was negligent, not vice versa. Credit card protection is provided under the
Consumer Credit Act and offers similar protection."
10. IGNORE POP-UPS 

• Pop-ups can contain malicious software which can trick a user into verifying something. "[But if and when you do], a
download will be performed in the background, which will install malware," says Sidaway. "This is known as a drive-by
download. Always ignore pop-ups offering things like site surveys on e-commerce sites, as they are sometimes
where the malcode is."
11. BE WARY OF PUBLIC WI-FI 

• Most Wi-Fi hotspots do not encrypt information and once a piece of data leaves your device headed for a web
destination, it is "in the clear" as it transfers through the air on the wireless network, says Symantec's Sian John. "That
means any 'packet sniffer' [a program which can intercept data] or malicious individual who is sitting in a public
destination with a piece of software that searches for data being transferred on a Wi-Fi network can intercept your
unencrypted data. If you choose to bank online on public Wi-Fi, that's very sensitive data you are transferring. We
advise either using encryption [software], or only using public Wi-Fi for data which you're happy to be public – and
that shouldn't include social network passwords."
12. RUN MORE THAN ONE EMAIL ACCOUNT

• Thinking about having one for your bank and other financial accounts, another for shopping and one for social
networks. If one account is hacked, you won't find everything compromised. And it helps you spot phishing emails,
because if an email appears in your shopping account purporting to come from your bank, for example, you'll
immediately know it's a fake.
13. MACS ARE AS VULNERABLE AS PCS

• Err on the side of caution when asked if you want to store your credit card details for future use. Mass data security
breaches (where credit card details are stolen en masse) aren't common, but why take the risk? The extra 90 seconds
it takes to key in your details each time is a small price to pay.
14. DON'T STORE YOUR CARD DETAILS ON WEBSITES 

• Err on the side of caution when asked if you want to store your credit card details for future use. Mass data security
breaches (where credit card details are stolen en masse) aren't common, but why take the risk? The extra 90 seconds
it takes to key in your details each time is a small price to pay.
15. ADD A DNS SERVICE TO PROTECT OTHER DEVICES 

• A DNS or domain name system service converts a web address (a series of letters) into a machine-readable IP
address (a series of numbers). You're probably using your ISP's DNS service by default, but you can opt to subscribe
to a service such as OpenDNS or Norton ConnectSafe, which redirect you if you attempt to access a malicious site,
says Sian John. "This is helpful for providing some security (and parental control) across all the devices in your home
including tablets, TVs and games consoles that do not support security software. But they shouldn't be relied upon as
the only line of defence, as they can easily be bypassed."
16. ENABLE TWO-STEP VERIFICATION 

• If your email or cloud service offers it – Gmail, Dropbox, Apple and Facebook do – take the trouble to set this up. In
addition to entering your password, you are also asked to enter a verification code sent via SMS to your phone. In the
case of Gmail you only have to enter a fresh code every 30 days or when you log on from a different computer or
device. So a hacker might crack your password, but without the unique and temporary verification code should not
be able to access your account.
17. LOCK YOUR PHONE AND TABLET DEVICES 

• Keep it locked, just as you would your front door. Keying in a password or code 40-plus times a day might seem like a
hassle but, says Lookout's Derek Halliday, "It's your first line of defence." Next-generation devices, however, are set to
employ fingerprint scanning technology as additional security.
18. BE CAREFUL ON AUCTION SITES 

• On these sites in particular, says Symantec's Sian John, exercise vigilance. "Check the seller feedback and if a deal
looks too good then it may well be," she says. "Keep your online payment accounts secure by regularly changing your
passwords, checking the bank account to which it is linked and consider having a separate bank account or credit card
for use on them, to limit any potential fraud still further."
19. LOCK DOWN YOUR FACEBOOK ACCOUNT

• Remove your home address, phone number, date of birth and any other information that could used to fake your
identity. Similarly you might want to delete or edit your "likes" and "groups" – the more hackers know about you, the
more convincing a phishing email they can spam you with. Facebook apps often share your data, so delete any you
don't use or don't remember installing. Finally, use the "view as" tool to check what the public or even a particular
individual can see on your profile, continue to "edit" and adjust to taste. If this all sounds rather tedious, you just
might prefer to permanently delete your account.
20. REMEMBER YOU'RE HUMAN AFTER ALL

• While much of the above are technical solutions to prevent you being hacked and scammed, hacking done well is
really the skill of tricking human beings, not computers, by preying on their gullibility, taking advantage of our trust,
greed or altruistic impulses. Human error is still the most likely reason why you'll get hacked.
HOW DOES HACKING AFFECT EVERYONE AT AL-HASANAT?

• While much of the above are technical solutions to prevent you being hacked and scammed, hacking done well is
really the skill of tricking human beings, not computers, by preying on their gullibility, taking advantage of our trust,
greed or altruistic impulses. Human error is still the most likely reason why you'll get hacked.
 HOW DOES EMAIL
HACKING APPLY TO
YOU AS A COMPANY?
 HOW DOES EMAIL HACKING AFFECT YOU AS A CORPORATION?

1. All staff need to understand that ANYONE and EVERYONE is vulnerable to hack attacks.

2. If one person is hacked it can affect everyone in the company and cost us money (which can easily run

into hundreds of thousands or even millions of dollars).

3. Email hacking can also cost us prospective business and reputation

4. Email hacking can lead to the loss of sensitive information that competitors can use to hurt our

business

5. Email hacking can lead to loss of personal information including banking details

6. Additionally, it is important to understand that it is not easy to detect hacking when it happens, which

makes preventing it even more important.

 HOW TO STAY SAFE AND AVOID HACKS
- For All Staff -

1. Only use your work computer for WORK - which means

a. Don’t use your work computer to play online games or take surveys or download movies, music or

apps

b. If you need to download apps, go to the specific manufacturer website to download the app or

use the Microsoft Store on your PC

c. As much as possible, don’t use your work computer for social media purpose Facebook,

Instagram, Pinterest, Snapchat, Twitter, etc.

d. Don’t visit dangerous websites or click on pop up ads.

 HOW TO KEEP YOUR EMAIL SAFE
- For All Staff -

1. Use a strong password

a. This IS NOT a strong password: “SeanAlHasanat” or “MariamPC”

b. This IS a strong password: “!IL1ketok33pmyemailsaf3&” or “RedMe@tisDbestkind!”

i. A strong password combines phrases(not words), numbers, and symbols

c. Do not use dictionary words or dictionary words + numbers for passwords. Do not also use your

name or birthday as password

i. There are computer programs that can run permutations for all dictionary words + numbers

within seconds

d. Change your password every month. Where possible, use 2-step verification
 HOW TO KEEP YOUR EMAIL SAFE
- For All Staff -

1. Use a strong password

a. This IS NOT a strong password: “SeanAlHasanat” or “MariamPC”

b. This IS a strong password: “!IL1ketok33pmyemailsaf3&” or “RedMe@tisDbestkind!”

i. A strong password combines phrases(not words), numbers, and symbols

c. Do not use dictionary words or dictionary words + numbers for passwords. Do not also use your

name or birthday as password

i. There are computer programs that can run permutations for all dictionary words + numbers

within seconds

d. Change your password every month. Where possible, use 2-step verification
 HOW TO KEEP YOUR EMAIL SAFE
- For All Staff -

1. Use a strong password

a. This IS NOT a strong password: “SeanAlHasanat” or “MariamPC”

b. This IS a strong password: “!IL1ketok33pmyemailsaf3&” or “RedMe@tisDbestkind!”

i. A strong password combines phrases(not words), numbers, and symbols

c. Do not use dictionary words or dictionary words + numbers for passwords. Do not also use your

name or birthday as password

i. There are computer programs that can run permutations for all dictionary words + numbers

within seconds

d. Change your password every month. Where possible, use 2-step verification
 HOW TO KEEP YOUR EMAIL SAFE
- For All Staff -

1. Do NOT open (if possible) or click on links in email that you’re not expecting.

a. If you receive a spam email, delete it without clicking any link in it and or mark it as SPAM

b. If you receive an email that says you should verify your account (when you did not initiate the

verification process), ignore the email and delete it

c. Be careful when visiting a site that starts with http:// instead of https:// . http sites are not secured

i. Do not enter your email address, bank accounts details, phone number, or any personal

information on such sites

d. Again - do not download unsafe software that have uncontrolled access to your system

i. This includes antiviruses, PC cleaners, or any app that claims to do something that is not

important to you.
 HOW TO KEEP YOUR EMAIL SAFE
- For All Staff -

1. When travelling, avoid Public Wifis

a. Public Wifis are famously insecured and hackers often sit around in restaurants, airports, bus

stations, hotel lounges etc. trying to phish for personal information from unsuspecting victims

b. If you must use a public wifi, do not use it to send sensitive files or enter personal information.

Hackers can intercept whatever you send using unsecured wifi

c. Be aware “Incognito mode” in browsers does not mean everything you’re doing is not visible,

because it is. So, be safe.

 HOW TO KEEP YOUR EMAIL SAFE
- For All Staff -

1. When travelling, avoid Public Wifis

a. Public Wifis are famously insecured and hackers often sit around in restaurants, airports, bus

stations, hotel lounges etc. trying to phish for personal information from unsuspecting victims

b. If you must use a public wifi, do not use it to send sensitive files or enter personal information.

Hackers can intercept whatever you send using unsecured wifi

c. Be aware “Incognito mode” in browsers does not mean everything you’re doing is not visible,

because it is. So, be safe.

 HOW TO KEEP YOUR SENSITIVE INFORMATION SAFE
- For Finance Team -

1. Only use authorized devices and emails to send sensitive information.

2. READ EVERY EMAIL CAREFULLY BEFORE YOU REPLY WITH SENSITIVE INFORMATION

a. If you’re not sure about the authenticity of an email, including REQUESTS FOR PAYMENTS,

INVOICES, OR SHIPPING INFORMATION, check with the sender. Also verify the email address

b. Call the sender, or message them on another platform different from email - such as Viber or

Telegram to confirm.

c. If you’re not sure about the authenticity of specific invoices, ask the sender about a specific

information that only that person would know.

3. MORE IMPORTANTLY, BE ALERT AT ALL TIMES WHEN DEALING WITH SENSITIVE INFORMATION
 HOW TO KEEP YOUR SENSITIVE INFORMATION SAFE
- For Finance Team -

1. ALWAYS CHECK THE EMAIL ADDRESS OF THE SENDER OF ANY EMAIL YOU RECEIVE

a. Sometimes, only one letter will be different from the original email or phone number

b. Sometimes, the email address will even be the same (if the sender has been hacked and they

don’t know).

2. THE RULE OF THUMB IS:

a. If UNSURE about anything, think of safety first. Don’t assume everything will be fine. NEVER

ASSUME.

3. BEFORE MAKING ANY PAYMENTS, ALWAYS CONFIRM WITH 1-2 PEOPLE TO BE SAFE.
 HOW TO KEEP YOUR SENSITIVE INFORMATION SAFE
- For Project Managers -

1. DO NOT CLICK ON LINKS FROM EMAILS YOU’RE NOT EXPECTING

a. When you receive a reply from someone you sent an email, check to confirm that the email

address is the same as expected

b. If any incoming email has unsafe links that asks you to VERIFY SOMETHING, delete it, and mark

it as SPAM - assuming you’re not expecting this email

c. When you send emails to a prospective customers, only provide general information. Do not

provide any information that cannot be found on the company website. When possible, restrict all

conversations to email

i. This will help with storage purpose and for security.

 HOW TO KEEP YOUR SENSITIVE INFORMATION SAFE
- For Account and Shipping Managers -

1. ALWAYS VERIFY EVERY PRO FORMA INVOICE, COMMERCIAL INVOICE, SHIPPING

INFORMATION, BILL OF LOADING etc. with the sender.

2. If unsure of an invoice, confirm before taking any further action.

3. Follow the same rules for All Staff and Finance Managers
 STEP BY STEP
PROTOCOL FOR LIMITING
DAMAGES WHEN YOU
HAVE BEEN HACKED
 WHAT SHOULD YOU DO IF YOUR EMAIL HAS BEEN HACKED?

1. Report as quickly as possible

2. Change your email password

3. Disconnect your PC from the internet

4. Sign out of your email from your phone

5. Run Malwarebytes on your computer

6. Wait for further instructions

7. Message all important associates and contacts through another platform (Viber, Phone call, Telegram

etc.) to inform them that you have been hacked and to disregard all EMAILS from your account until

you contact them again.

WHAT SHOULD YOU DO IF YOU THINK YOUR COMPUTER HAS BEEN
INFECTED WITH A VIRUS?

1. Disconnect the computer from the internet

2. Run Malwarebytes

3. Delete all the programs you downloaded or installed recently

4. Delete all files for the programs

5. Restore your PC to a previous time when it was safe

6. Report

7. All these steps should be taken simultaneously.

8. If you don’t know how to complete any of these steps, talk to someone
 WHAT SHOULD YOU DO IF YOU LOSE YOUR WORK PC OR PHONE?

1. Your PC must have a password - This is compulsory. The password hint should not make it easy to

guess your password. It is difficult to access your PC without the admin password

2. Change the password to your email

3. Change the password all the accounts registered on the PC

4. Report the loss of your PC

5. All these steps must be taken simultaneously

6. If you lose your phone, repeat steps 1-5

 WHAT SHOULD YOU DO IF YOU LOSE COMPANY ATM OR CREDIT
CARD?

1. Report to any appropriate authority immediately

2. The ATM card will be deactivated and reported lost

 WHAT SHOULD YOU REMEMBER FROM THIS PRESENTATION?

1. Anyone and Everyone can be hacked

2. If unsure about anything, confirm before you take any further action

3. Always use strong passwords and change them every month

4. Never use the same password twice

5. If you think you have been hacked or your device is virus infected, take the appropriate steps and also

report immediately

6. Don’t use your WORK PC for other purposes

7. Be safety conscious - do not visit dangerous websites, click dangerous links, download unsafe

applications, or install softwares you don’t need

THANK YOU
AND
BE SAFE