How scammers take over email

New research from the University of California has found scammers are increasingly trying to take over email accounts and can spend up to a week in the account once they have access.

The research, conducted in conjunction with online security experts Barracuda, revealed that there is a specialised economy emerging around email account takeovers.

In email account takeovers, attackers use legitimate accounts they have recently compromised to send phishing emails to an array of recipients. These phishing emails come from legitimate accounts, so they are more effective at fooling email protection systems and unsuspecting users.

Over the past year, the researchers studied the end-to-end lifecycle of a compromised account. They examined 159 compromised accounts and investigated how the takeover took place, how long the attackers had access to the compromised account and how the attackers were able to use and extract information from these accounts.

The report found that more than one-third of the hijacked accounts had attackers using the account for more than one week.

In 31 per cent of the account takeovers, one set of attackers were focused on compromising the accounts and then sold access to another set of cybercriminals who were focused on monetising the hijacked accounts.

“Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods of time so they can maximise the ways they can exploit the account, whether that means selling the credentials or using the access themselves,” said Don MacLennan from Barracuda.

Across the incidents studied, researchers found that the majority of phishing attacks relied on two deceptive narratives:

  • messages that falsely alert the user of a problem with their email account
  • messages that provide a link to a fake ‘shared’ document.


In both cases, the attacker provides a link for the victim to click on, which often leads to a phishing website designed to look like a legitimate login page but that ultimately steals the victim’s username and password.

One of the best methods for defending against email takeover is placing strong two-factor authentication on your email account, according to Barracuda.

Have you ever been the victim of a phishing attack? Have you had your email account taken over by a scammer?

If you enjoy our content, don’t keep it to yourself. Share our free eNews with your friends and encourage them to sign up.

Related articles:

Written by Ben Hocking

Ben Hocking is a skilled writer and editor with interests and expertise in politics, government, Centrelink, finance, health, retirement income, superannuation, Wordle and sports.

Leave a Reply

Retiree incomes to be slashed

COVID heaps pressure on estate planning