Once a hacker has access to your email, they can access a lot more of your information. Here are some of the things they can do—and how to stay safe.
7 alarming things a hacker can do when they have your email address
7 alarming things a hacker can do when they have your email address
Send emails from your address
This is probably the most obvious thing hackers can do with your email address, and it’s a nuisance for sure. Once hackers have your email address, they can use it to target more than just you, sending out email blasts to anyone (maybe even everyone!) in your contact list. As Garry Brownrigg, CEO & Founder of QuickSilk, explains, “They can ‘spoof’ an email message with a forged sender address—they don’t even need your password for this.” The things they send can be anything from harmful malware to scams and requests for money; either way, you’d certainly rather they didn’t come from your address.
And though it’s mostly harmless (most savvy Internet users are able to catch on when they receive a scam email from a friend’s address), it could still be a problem in some cases. “If a criminal really wanted to hurt someone, they could use this as a way to catfish a romantic partner, hack the victim’s employer, get the person in trouble at work, or cause any number of problems in their personal or professional life by impersonating them online,” says Jason Glassberg, co-founder of Casaba Security and former cybersecurity executive at Ernst & Young and Lehman Brothers.
Send fishing emails
Since there isn’t a ton that hackers can do with just the email address, they’re not going to stop there. “When a hacker knows your email address, they have half of your confidential information—all they need now is the password,” warns Greg Kelley of Vestige Digital Investigations. They employ a few different methods to access it, the most common being the phishing email. This is an email, in the guise of being a legitimate email from a trusted source, designed to trick you into logging in. “They might create a legitimate-sounding email that appears to be sent from a service such as Amazon, eBay, Paypal, or any number of other popular services… Links in phishing emails will always direct the user to a purposefully built website that looks identical to the real service,” explains Ray Walsh, a digital privacy expert at ProPrivacy.com. “However, if people use the login on that fake website, the hacker instantly receives the credential and password for the real account.”
Another way they can do this, ironically, is by sending you an email saying that your account is compromised or has been accessed from a new device, so you need to change your password for security reasons. (You’ve almost definitely gotten one of those at one point or another!) When you change your password, then your account really is compromised and the hacker has your password. Once hackers have your password, the range of things they can do becomes much greater. Luckily, being able to recognize these signs you’re about to fall for a phishing email can keep you from falling victim.
Access your online accounts
Nowadays, our emails do double duty as our logins for scores of social media sites, in addition to Google Docs, online retailers, and so on and so forth. Internet users also have a very understandable tendency to use the same passwords for all of these accounts. And even if you don’t use the same password, the hacker can click the old “forgot password” button and use the resulting email—which comes to your email address, which they do have the password for—to change the password, and voilà. Your accounts are their accounts, and they have access to anything on them that you do.
Access personal information
These things hackers can do with your information seem to be something of a chain reaction. Once a hacker has access to your online accounts, just think about all of the information that can then be right at their fingertips. Allan Buxton, Director of Forensics at SecureForensics, sums it up: “At a minimum, a search on Facebook can get a public name and, unless privacy protections are in place, the names of friends and possibly pictures,” he says. “Throw that email address into LinkedIn, and they’ll know where you work, who your colleagues are, your responsibilities, plus everywhere you worked or went to school previously. That’s more than enough to start some…real-world stalking. That’s just two sites—we haven’t talked about political views, travel, or favorite places they might glean from Twitter, Foursquare, or Instagram.”
Things start to get really problematic if hackers are able to find your credit or debit card information—which, more likely than not, you’ve sent via email at one point or another. Your online bank accounts can also be a major target for hackers, especially if you use your email address as a login for those, too. And, needless to say, once a hacker has access to those, your money is in serious jeopardy. “This is one of the biggest risks you’ll face from an email hack,” Glassberg says. “Once [hackers] have the email, it’s easy to reset the bank account and begin issuing transactions.” In addition to potentially being devastating to your finances, this can also hurt your credit score, as BeenVerified‘s Chief Communications Officer Justin Lavelle explains: “Cybercriminals can use your credit card details, open bank accounts in your name, and take out loans. It will likely ruin your credit card’s rating and your credit report will take a hit.”
As if things weren’t scary enough, hackers can use your personal info to ruin, or threaten to ruin, your reputation. This is fairly rare, but it can happen, especially if a hacker finds something that the user wouldn’t want to be seen publicly. “[Hackers] can use this access to spy on you and review your most personal emails,” says Daniel Smith, head of security research at Radware. “This kind of information could easily be used to blackmail/extort the victim.” These red flags someone might be spying on your computer can help you stay ahead of a scary invasion of privacy like this.
Steel your identity
This is definitely a worst-case scenario, but “once the hacker has your personally identifiable information, they can steal your identity!” Brownrigg warns. With information like your social security number and credit card info, identity theft can sadly be well within reach for hackers. So if you start noticing these signs someone just stole your identity, consider that your email address may have been compromised.
Discover More Like This
BACK TO SLIDE
How you can stay safe from hackers
Hopefully, though, you won’t have to encounter any of these problems, and there are some measures you can take to keep your information safe. Avoid using your verbatim email address as a login for other sites, and make sure that your password is strong and difficult to guess—check out our guide here for creating a strong password. You should also change those passwords every couple of months or so for maximum security. Glassberg also recommends securing your email account with two-factor authentication. This “[requires] a one-time code to be entered alongside the password in order to gain access to the email account,” he told RD. “In most cases, the code will be texted to the person’s cell phone, but there are also 2FA apps you can use, like Google Authenticator.”
And, of course, just use your common sense. Don’t share information or type in your email password on public WiFi networks, and just be smart about the information you share over email.
What to do if you think you've been hacked
Starting to notice some strange online activity? There are a couple of ways you can try to get ahead of it before it gets too bad. If you hear about spam emails being sent from your address, change your password immediately. You should also tell your contacts so that they know to ignore anything coming from you. Finally, Lavelle offers some other suggestions: “Change your email settings to the highest privacy setting, scan your computer for malware and viruses, and be sure your browsers are updated,” he says. And you can also stay ahead of hackers by learning the cybersecurity secrets hackers don’t want you to know.
Make a copy of your Medicare card and block out the last four digits of your Social Security number so if you lose it or your wallet is stolen, no one can get your full Social Security number.
Seniors are often the target of phone scams. Don't respond to incoming phone calls requesting personal information. If a creditor or organization calls with a seemingly legitimate need for your personal information (account numbers, Social Security number, or credit card information), hang up and verify the phone number and legitimacy of the caller before returning the call.
Don't carry more personal documents than necessary with you when you leave the house. Leave Social Security numbers, checks, extra credit cards, Medicare cards, and financial statements in a locked security box at home or another secure location. If you're ever admitted into the hospital or other care facility, credit cards and personal documents should be locked up or put in the hands of someone you trust. Adopt a need-to-know approach to your Social Security number and mother's maiden name. If a business asks for this information, ask what it will do with the information, why the company needs it, how the company will protect it, and what will happen if you refuse to provide this information.
The federal government offers a guide to help you decide how long you need to keep various types of paperwork. Shred anything you don't need to keep, such as documents that contain account information, Social Security numbers, PINs, or sensitive information -- including credit card statements, other bills, credit card receipts, unused checks, canceled checks, and credit reports. Also shred or otherwise destroy expired credit cards and driver's licenses. And never leave receipts at bank machines, bank counters, trash receptacles, or gas pumps.
As tech-savvy seniors know, you should protect your computer and your Internet activity. Consult with a network professional to make sure your computer system is secure. Install antivirus software, anti-spyware, and firewall software to prevent cyber-programs that steal personal information. Use unique passwords for your computer and any online accounts and change them on a regular basis. A strong password includes a mix of numbers, symbols, and both upper- and lowercase letters. Don't use your birthday or pet's name, your phone number, or anything that could be easy to guess. Never send personal information via email, and never respond to emails asking you to verify your password, account number, Social Security number, or credit card numbers.
When you're out of town or out of the country, consider purchasing a portable router to create your own Wi-Fi hotspot so you can safely use your laptop, tablet, or smartphone while on the road. You'll need a local SIM data card, which is available at most electronic stores and at airport kiosks for travelers. This will help you avoid using public Wi-Fi spots. Also, before going on vacation, ask the post office to place a vacation hold on all mail.
Many seniors don't think about checking their credit since they're often not in the market to borrow money for a house or car. You should, however, request a free credit report via annualcreditreport.com on a regular basis. You can request your credit report from one of the three credit reporting agencies at a time (and therefore check your credit three times each year for free) or sign up for a credit monitoring service to make sure no suspicious activity occurs.
Whether you're a senior yourself or are concerned about an elderly loved one, maintaining vigilance over personal information can prevent identity theft, and regularly checking for activity in your credit file will make it easier to stop the damage faster if you do fall victim to this crime.