A few years ago, if we received unsolicited emails, considered SPAM, it was because we signed up for a large number of online platforms without worrying about the treatment they did with our data, that is, if they shared it with other companies to advertising purposes. Currently, thanks to the current legislation, part of that mechanics has changed, although not entirely. To SPAM, we also have to add emails that try to steal access to our accounts , whether they are from the bank, email accounts, services, among others, and we have probably wondered where they got our email from.
The sources from which hackers obtain our email are the most varied.
Web pages
There are many web pages that ignore the privacy of users and want to obtain extra money and are dedicated to selling our data to third-party companies , companies that generally do not implement the necessary security measures that correctly prevent any hacker from access your database and make a copy of all user emails. Given this situation, we can do absolutely nothing on our part to avoid receiving emails from people who pretend to be our bank or other big technology companies to gain access to our accounts.
online trackers
Another source hackers use to obtain emails to send malicious emails is through the use of online trackers. There are many web pages that allow users to publicly display their email account, an email account that can be easily tracked using applications . Yes, we take into account that an email address is always associated with an @ (pattern used by these applications) we can prevent our account from being tracked by these friends of the outside. We just have to replace the @ with a – or with the words at sign, so that, if someone really wants to get in touch with us, they can easily decipher the mail.
from the dark web
Although it should not be common, throughout the year news related to hacks that certain platforms have suffered are published. In most cases, they only have access to the data that is stored unencrypted (although it should not be), that is, the data related to the account such as email, user name, date of birth, country of residence and others, but they do not have access, except in certain very specific cases, to the access passwords to the platform.
This data, which is usually made up of thousands or millions of records in the worst case, ends up on the black market through the Dark Web, where it is put up for sale to the highest bidder and, in most cases, they end up in the hands of organized groups that begin to send fraudulent emails to deceive the user through emails called Phishing, in which they go through our bank or platform that we can use regularly with a link to a website with a very similar design to the from the original platform.
How to detect fraudulent emails
It is not necessary to be a systems engineer to detect when someone is trying to steal our data through this type of email. The first thing we should check is if the website to which it directs us is exactly the same one that we usually use, not aesthetically, but through URL, since, on occasions, they copy any minimum detail of the access portal, perfectly simulating being the platform original.
In addition, we must also check if the wording of the email contains spelling or grammatical errors, something quite common since they use a translator to translate the content of the email, since most of these emails are generated in English to later translate them into other languages. to expand the number of possible victims with the same effort.