A few years ago, if we received unsolicited emails, considered SPAM, it was because we signed up for a large number of online platforms without worrying about the treatment they did with our data, that is, if they shared it with other companies to advertising purposes. Currently, thanks to the current legislation, part of that mechanics has changed, although not entirely. To SPAM, we also have to add emails that try to steal access to our accountswhether they are from the bank, email accounts, services, among others, and we have probably wondered where they got our mail from.
The sources from which hackers obtain our email are the most varied.
Web pages
There are many web pages that ignore the privacy of the users and want to obtain extra money and dedicate themselves to sell our data to third parties, companies that generally do not implement the necessary security measures that correctly prevent any hacker from accessing their database and making a copy of all user emails. Given this situation, we can do absolutely nothing on our part to avoid receiving emails from people who pretend to be our bank or other big technology companies to gain access to our accounts.
online trackers
Another source hackers use to obtain emails to send malicious emails is through the use of online trackers. There are many web pages that allow users to publicly display their email account, an email account that can be easily tracked using apps. Yes, we take into account that an email address is always associated with an @ (pattern used by these applications) we can prevent our account from being tracked by these friends of the outside. We just have to replace the @ with a – or with the words at, so that, if someone really wants to get in touch with us, they can decipher the mail easily.
from the dark web
Although it should not be common, throughout the year news related to hacks that certain platforms have suffered are published. In most cases, they only have access to stored data unencrypted (although it should not be so), that is, the data related to the account such as email, user name, date of birth, country of residence and others, but they do not have access, except in certain very specific cases , to the platform access passwords.
This data, which is usually made up of thousands or millions of records in the worst case, ends up in the black market through the Dark Web, where they are put up for sale to the highest bidder and, in most cases, end up in the hands of organized groups that begin to send fraudulent emails to deceive the user through emails called Phising, in the that have been passed through our bank or platform that we can use regularly with a link to a website with a design very similar to that of the original platform.
How to detect fraudulent emails
It is not necessary to be a systems engineer to detect when someone is trying to steal our data through this type of email. The first thing we should check is if the website to which it directs us is exactly the same one that we usually use, not aesthetically, but through URL, since, on occasions, they copy any minimum detail of the access portal, perfectly simulating being the platform original.
In addition, we must also check if the wording of the email contains spelling or grammatical errors, something quite common since they use a translator to translate the content of the email, since most of these emails are generated in English to later translate them into other languages. to expand the number of possible victims with the same effort.
