The Dangerous Attraction of Original Gangsters

email security original gangsterUsers need to be mindful of the ways in which hackers can take over their accounts, according to Brian Krebs. Krebs says his experience as the owner of an “OG” Gmail address made him realize how many people don’t realize that backup email addresses can be used to gain access to their primary email accounts.

Short usernames on popular platforms are known as OG (original gangster) accounts, and they’re usually scooped up by the platform’s early adopters. These accounts are coveted by certain online communities, and they’re often targeted by hackers and traded on underground forums.

Krebs says he registered for a Gmail account sixteen years ago and was able to get a short, simple email address that hadn’t yet been used. (He wisely doesn’t reveal what the email address is.) The account receives a lot of spam and account takeover requests, but Krebs says he isn’t surprised by this.

What he didn’t expect, however, was how many people would use his email address as their backup email when they created online accounts, apparently failing to understand that someone actually owned that email and could now reset their password.

“This particular email address has accounts that I never asked for at H&R Block, Turbotax, TaxAct, iTunes, LastPass, Dashlane, MyPCBackup, and Credit Karma, to name just a few,” Krebs writes. “I’ve lost count of the number of active bank, ISP and web hosting accounts I can tap into. I’m perpetually amazed by how many other Gmail users and people on similarly-sized webmail providers have opted to pick my account as a backup address if they should ever lose access to their inbox. Almost certainly, these users just lazily picked my account name at random when asked for a backup email — apparently without fully realizing the potential ramifications of doing so. At last check, my account is listed as the backup for more than three dozen Yahoo, Microsoft and other Gmail accounts and their associated file-sharing services.”

Krebs concludes that keeping security in mind when you set up an account is worth the extra effort.

“Losing access to your inbox can open you up to a cascading nightmare of other problems,” Krebs says. “Having a backup email address tied to your inbox is a good idea, but obviously only if you also control that backup address. More importantly, make sure you’re availing yourself of the most secure form of multi-factor authentication offered by the provider.”

New-school security awareness training can teach your employees how to keep their online accounts secure.

KrebsOnSecurity has the story.

Find out which of your users' emails are exposed before the bad guys do.

Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4's Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

EECPro-1Here's how it works:

  • The first stage does deep web searches to find any publicly available organizational data
  • The second stage finds any users that have had their account information exposed in any of several thousand breaches
  • You will get a summary report PDF as well as a link to the full detailed report
  • Results in minutes!

Get Your Free Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Email Security

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews