Your email archive is full of information that’s valuable to you—and to cybercriminals.
The combination of plentiful email storage and relaxed password practices enable criminals to do their worst. Many Web-based email systems now offer multiple gigabytes of storage for free. For example, Google gives you 15GB to share across Gmail, Google Drive, and other Google services. With all that free storage, you may be using your email account as a kind of searchable archive of important data. And you probably don’t delete messages that you might have erased in the past. With gigabytes of storage, why bother? You may need those messages for reference later.
At the same time, many people don’t use two-step authorization on their email accounts (more about that in a minute) or take other precautions to protect their accounts. The result: Criminals might gain access your email account, which can be highly valuable to them in many ways.
What Cybercriminals Can Do With Access to Your Email
• Scam you. By reading your email, thieves can learn a lot about you. For example, are you in the process of buying a home? Criminals with access to your email will know, based on messages between you and your realtor. Not long ago, in fact, real estate and title agencies were warned of a new fraud scheme in which email thieves targeted consumers in the process of buying a home.
• Scam your friends, family, and coworkers. The email addresses in the messages within your inbox are gold to cybercriminals, who can target those addresses with spam and phishing attacks.
• Steal your money. Based on email messages from your financial institutions, criminals learn where you bank, and that information can help them access your banking accounts.
• Steal your identity. Criminals with access to your email account may be able to also access your cloud-storage services, such as Dropbox or OneDrive. Once they do, they may find valuable information in those files that can help them steal your identity, access bank accounts, and more.
• Sell your usernames and passwords. Once thieves know your login credentials to various accounts, they can sell the credentials on the ‘black’ market. Apple iTunes usernames and passwords, for instance, can get thieves $8 or more apiece.
What You Can Do About It
There are plenty of steps you can take to protect your email account from cybercriminals.
• Whenever possible, use two-factor authentication (also known as ‘multi-factor authentication’ or ‘two-step verification’) on your email account. In a typical two-factor authentication process, you’re sent a passcode via text message to log into your email from a computer or device you haven’t used before to log in. Other online services, such as Dropbox, offer two-factor authentication as well. For more information, check out our guide, “How to Turn on Two-factor Authentication for Your Email Accounts.”
• Always use a password for your email account that differs from your other passwords and from any other email accounts.
• Give false answers to the security questions some online services ask. For example, when you sign up for online banking, the bank may ask you to answer three or four security questions, such as “What is the name of the city where you were born?” If you log into your account from a computer the bank doesn’t recognize, you may be asked to answer your security questions. Diligent cybercriminals might know the answers to your security questions based on information you’ve shared elsewhere, such as Facebook. So if you grew up in, say, Madison, Wisconsin, you might want to offer Asheville, North Carolina, as the answer to your bank’s security question about your birthplace. Just be sure to write down your answers somewhere that’s secure.
• If you must use your email address as your user ID to sign into a website, create a new, separate email address with fake details and a unique, random password for this purpose.
Be Cautious and Practical
As always, keep your computer’s antivirus and Internet security software up to date. Consider using a password protection tool/service such as 1Password or LastPass. And never click a link in an email, unless you know the sender and you’ve asked for the link. Taking these precautions will help keep thieves out of your email account—and, by extension, out of your bank accounts and digital ‘life.’