What Can Someone Do With Your Email Address? Plenty
Most users do not look at their email addresses as private. They include their email addresses when filling in forms both online and in person and give their email addresses freely to almost anyone who asks. Therein lies the problem. If you are concerned about protecting your financial information, credit card accounts and other private data, you must be equally concerned about protecting your email. To make matters more complicated, there are so many activities and platforms in our daily lives that require entering our email addresses that it is challenging to keep them completely secret.
Email Address Scams: Gaining Access to Other Online Accounts
Once hackers have your email address, they can send social engineering scam emails to you that are designed to trick users into impulsively clicking on malicious links and other actions that can be used to gain access to additional private information on other platforms. They will use urgency, fear or authority to convince users to click, open or download. This action can download viruses (like spyware or keylogging software) to your phone or computer.
IT experts contend that almost 98% of hackers use social engineering as part of their arsenal. Social Engineering is defined as: “In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.”
Here is what someone can do with your email address and what you can do to protect it:
- Send Phony Emails – Cybercriminals use phishing emails to trick users into believing they are from a trusted source and sharing more private data. They may pose as a bank, government agency or sweepstakes group.
- Pretend To Be You – One of the most pervasive scams targeting companies is BECs or Business Email Compromises. By stealing your business email address, hackers can contact your employer, pretending to be you, and trick them into sharing even more of your sensitive private data, such as an account login or password to a funds transfer or payroll account. Unfortunately, many users do not scrutinize email headers carefully and will miss the signs of a bogus email address.
- Steal Your Identity – Cyberthieves skillful enough to steal your email and password can learn enough about you through your account, public company information and social media to eventually steal your identity. Once your identity is stolen, it may be used for committing financial fraud, pinning any financial or legal exposure on you.
- Steal Additional Personal Data – By combing through your emails, hackers can find credit card information, bank account numbers and other private data to expand their attack. Once the scam gets that far, your identity and financial security are in peril. If your accounts are breached, you should immediately call your bank, credit card companies and any vendors who might be compromised. Next, call your IT provider to clear malicious files and secure your accounts.
- Email Your Contacts – Once hackers gain access to your email account, they can send emails to any of your contacts requesting money, encouraging them to purchase something and continuing the original con with your contacts. Imagine all your contacts investing in something that does not exist or sending money to an imposter. The legal, financial and reputational implications for you and your contacts could be devastating.
How To Protect Your Email Address from Cyberattacks
Fortunately, applying cyber security best practices when handling your email accounts can help avoid many email scams. Here are some simple tips for how to protect your email address:
- Use Long, Unique Passwords – The days of using 2222, birthdays or street numbers are long gone. Difficult-to-guess passwords are easy first-line defenses against data breaches. Also, it is imperative not to use the same password for any accounts. Cybercriminals now use automated software to attempt access to hundreds of accounts at once. If you reuse the same password, you are handing cyber thieves easy access to everything, including identity theft. Cyber security experts recommend using a password manager. It will generate and store hundreds of strong unique passwords for you. You only need to remember one password to access it from any of your devices. Generated passwords are nearly impossible to guess, providing a vital layer of cyber defense.
- Use Multifactor Authentication (MFA) – By employing two or more methods of authenticating your identity, you can make it much more difficult for hackers to breach your accounts. Typical multifactor authentication includes generated codes sent through emails or SMS text messages, facial recognition, optical recognition and fingerprint scans. If you are trying to log into your bank account on your desktop, a code will be sent to your phone, or similar. You then enter the code on your desktop to access the account. If someone besides you attempts to enter the account, you will know. This takes a few extra seconds, but provides powerful account access protection.
- Create Different Email Accounts for Different Purposes – Using separate email addresses for banking and shopping can immediately mitigate the “reach” of a compromised email account.
Recovering from a cyberattack can take months or years and requires a tremendous amount of time, effort, and money. In contrast, spending a little time up-front protecting your email addresses and online accounts is much simpler. Take some time to update passwords, add another email address for shopping and marketing emails and learn to recognize phishing emails. Ask your IT technician to recommend a reputable password manager and show you how to use it. They can also assess your computers and phone security settings and check for viruses. Email security is part of regular IT maintenance and security. Arming yourself with cybersecurity knowledge and strategies will give you a powerful defense against cybercrime.