Why would hackers block email reception to a compromised account? Isn’t that counter-productive?

Today I found out that my main email address has been taken over by malicious actors. After several tests this morning, I can now confirm that the email address is currently impersonated and controlled by someone at Dreamhost, or a third party at the knowledge of employees at Dreamhost. It is possible that their entire hosting service is compromised.

A week ago, I had issues with a blog at Dreamhost and suspected the issue is with WordPress. After running some tests, while the WordPress theory remained inconclusive, I began detecting suspicious activity at Dreamhost. One thing lead to another and I discovered that someone else is using the compromised email address. I was no longer receiving any emails at this address, unless they stemmed from Google. I had no choice but to immediately delete this email account and begin observing Dreamhost.

Although the email address no longer exists, it appears to be cloned and I know for a fact that it is still being used online. I cannot give any more details on the matter because I haven\’t identified the exact perpetrator(s) yet and I want to investigate a little deeper before sending out full reports to local and federal police as well as international authorities.

Why do hackers block email reception to a hacked account?

The only reason I can think of is to open social media accounts for malicious purposes. Since I don\’t do anything on social media, it is tempting for malicious actors to impersonate me and open accounts through my email addresses. The only thing that dissuades them is the confirmation emails.

As soon as I receive a confirmation email from a social media site, I block the account by (1) confirming my email; (2) immediately logging into the social media account in question: (3) changing the password to a random forgettable word I never use elsewhere; (4) unsubscribing from all notifications; (5) logging out forever. It has happened to me a few dozen times already since 2016. The first three times it was at Instagram and it helped me develop this free, simple, and efficient protocol. Each new issue helps us to update and enhance the previous fixes. Hackers take it as a challenge and upgrade their methods too, so the current issue is an upgraded attack.

When you know that when I receive a confirmation email I will block the account, you wouldn\’t want me to find out, so you would make sure I don\’t receive those confirmation emails, it is not enough to intercept them, you need to make sure they come directly to you and not to my inbox. So you do what you have to do. And I begin quantifying damages. Not like I have any other choice than to close a fixture of an email address.

In the meantime, I am using an interim email hosted with a different provider rossita@videotron.ca