How does an email account get hacked ?

An email account can be hacked by attackers in several ways. Let’s talk about the most common methods :

1. You were victim of a phishing scam. You may have been deceived to click on a link which took you to a authentic looking fraudulent website and the website collected login information from you by trickery. It may even happened that you mistyped the URL of an authentic website and a similar looking fraudulent website opened where you provided your login credentials. In fact, there are several ways users can fall victim of phishing scams. You can find more information here : https://www.thesecuritybuddy.com/phishing/how-to-prevent-social-engineering-attacks/ and https://www.thesecuritybuddy.com/email-security/how-to-prevent-phishing/

2. You used a shared device and forgot to log out. The authentication cookies was stored in the device, which the attackers exploited. In fact, it is always recommended that you open browser in private or incognito mode when you are logging in an account from a device that is not yours.

3. You logged in your email account from a device that was infected by malware. There are several types of malware that can steal your password or your authentication cookies from the device. It can be a trojan, a rootkit or a keylogger. That is why it is always recommended to scan your device regularly with trusted anti-malware programs and update the anti-malware programs regularly.

4. You used a weak and easy to guess password. A password should be at least 12 characters long and should contain a combination of small letters, capital letters, numbers and special characters. Also, one should not reuse the same password for other accounts and one should not include any personal favorite word in the password. Also, please enable 2 FA if your email service provider gives that option. An email account that has 2 FA enabled is much more secure than an account that hasn’t.

5. You reused your password and the other account where you used the password got compromised by some attack or due to any recent data breaches. Attackers often share stolen data among themselves and whenever there are any data breaches, they try to reuse the data for even more attacks. So, never reuse your password for multiple accounts.

6. You used unsecured wireless network. Very often users fall victim of Evil Twin (What is Evil Twin ?) As a result, all the data that we transfer without using proper encryption get compromised. That is why it is always advisable to use VPN while accessing a public Wi-Fi.

7. Your system got infected by malware. As said earlier, attackers can infect a system with malware like keylogger, rootkit or trojan and harvest account passwords of victims. So, it is always advisable to use trusted anti-malware programs in a system and update them regularly. Also, please update your Operating System, browser and other commonly used software with recent patches. Always remember, more updated a software is, lesser are its known security vulnerabilities.

So, there can be multiple reasons why an email account or any online web account got hacked. As discussed in this thread https://www.thesecuritybuddy.com/discussion-room/topic/what-should-i-do-if-my-email-account-is-hacked/ follow some simple steps to mitigate the attack and take proper preventive measures to make sure it does not happen again.