Someone registered an account with your email, were you hacked?

Dealing with illicit use of your email address

From the moment you registered your email, you will have others using your email address to register for accounts, whether you like it or not. This is how we can help curve this behavior.

Episode #10-25 released on February 2, 2020

Watch on Youtube
Download MP3 Audio
Download MP4 HD Video

Immediately after creating your first email address, you had to notify your friends and family of the new email address so that you can actually get something in your inbox to begin with. With time, your email inbox has filled in with bad jokes, spam, and, wait a minute, an email address validation email from a website you didn't register to, were you just hacked?

There are three ways of getting your email address. The first is by simply having forms where you enter your email address of your own free will. The second is by obtaining it through a database leak. The third, guessing it.

If someone guessed your email address or got it from a form you filled out, then you weren't hacked at all. If there was a database hack and you weren't notified, then the website is probably unaware of the hack otherwise you'd know that you were part of a hack and have already changed your password, hopefully.

If you are concerned about someone using your email address in an account registration capacity, there is nothing that can be done about that specifically, except for one, send everything to spam. You see, those registration validation links are required to confirm account validity on many web-sites, including my own. If you don't click on the links, they never get validated and those accounts never end up existing in the first place. You will get annoyed if this happens repeatedly, however, by not clicking the link you will not be subject to impersonation fraud either. And, you are doing the website owner a favor by not allowing automated registration to function either.

The issue in this case, is bots. The grand majority of high-speed automated registrations to websites are done with purpose-built code. Once the bot has successfully obtained a valid account, it will try to spam the website with messages containing links to nefarious places online, subjecting valid users on that website to viral infections and online scams. The only way to stop this is with the support of website owners, programmers, and online users. Like any other kind of method of hacking, if it no longer works, malicious groups will stop using it.

Now, are there bots that are able to register to a website and validate the email link?

The answer is yes, but they wouldn't be using your email address to begin with. Those kinds of automated attacks are much more complicated to defend against and require code that can adapt and learn. In my own case, I've had to even go as far as using manual content moderation which can flag bot traffic, allowing the code to learn after the initial registration has already occurred. In these cases, we have to look at many different sets of metrics including origin, domain name, email services used, etc. to determine the appropriate kind of response.

Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net

Community Comments

Share your thoughts, opinions and suggestions

Login or Register to post Your comment.