It matters whether hackers have your email address and password;
Yes. Even if you change this password.
We know that it makes no sense to try to win the hacker. If a hacker detects the type of password you've created, it's even easier to find out. Most users use the same format of passwords and hackers know it better than anyone. They also know that they can also enter other websites with your credentials. And remember that hackers do not sit to manually type all of your data, scheduling has made the testing of email with common passwords and formats very easy. The more data you can collect for you, the easier it is to create your online identity. If a hacker manages to get into a corporate email account, then watch - your business or your employer can become the target of very specific frauds that can cost a lot of time, money and customers!
So, what is this "Spraying"?
"Password spray" is the process by which the attacker uses the same common passwords with multiple user names. This type of attack against an organization is usually used since a hacker has successfully acquired a list of valid users by the user. The attacker knows that people use common passwords, so the attack "tries" fewer logins to more users than to lock the account. This is a way of detecting users who have weak passwords targeting them with the strongest. This is a widely used attack as it is an inexpensive attack and is more difficult to detect than the more violent approaches that use multiple passwords in a single username.
Why is it important?
Email is the target of the hacker. We all agree that our contact information lives in many email accounts and I think most of us have received some crazy email from someone we know. That's where it starts ...
Let's say your contact information is in my Office 365 account Outlook. Yesterday, my account was violated and used to send hundreds of email to all my contacts. My Office 365 security stopped and I changed my password immediately but my contacts list was violated and could easily be in the attacker's hands to be used in the next Spray Password attack!
How to protect yourself from email hacking
- Use strong codes. Longest passwords are more powerful, so you target 12 characters instead of 6-8. Also use a password management application
- Never use corporate password on other websites or apps. Websites are hacked daily and if they access the network, your business is in danger.
- Enable 2 Factor Authentication for Office 365. Look for instructions on how to do it through google or see Microsoft's instructions here.