How Secure is Your Email?
Written by: Dustin Pellegrini | Fri, 02 Oct 2015 16:10:09 +0000
Although your email account may have built-in security features, if bits of your personal information are visible online or your privacy practices are not as strong as they should be, your account and data could be vulnerable to cybercriminals.
If an outsider were to gain access to your email account, he or she could use the information stored within it to abuse your identity. Fraudsters could impersonate you to send phishing emails to your contacts or reset the passwords of your other accounts. Thieves can compromise your email accounts easier than you might think, using sensitive personal information that is freely available online.
Here's how to evaluate your online risk and improve the security of your email account.
Although your email account probably requires a username and password—perhaps it even offers two-factor authentication, which adds another layer of confirmation that you are who you say you are—you may want to consider how your online behavior could weaken this security.
Rick Simonds, COO of Sage Data Security, an information security consulting service, says people who use weak email passwords or reuse their passwords for other accounts can be vulnerable.
"If a crook gains access to that account, they can log in and then try the same password for online shopping sites," he says.
If you reuse your email password out of convenience, this will only make it easier for fraudsters to compromise your shopping and online banking accounts.
Your online identity
To break into your email account, a thief needs your user name and password. Your user name can be simple to find through a Google search or a quick look at your website or social media profiles.
A skilled fraudster could easily deduce a password that's weak, like "123456" or "password." If your email provider allows password resets, a cybercriminal could attempt to bypass it via security questions or by sending a new password to another account.
Security questions are often easy to guess and correct answers can be found online—for instance, your mother's maiden name, which might be found via social media.
These steps could be carried out with a few Internet searches or a targeted phishing attack where a cybercriminal sends you a message and pretends to be a reputable employee to obtain your personal information.
"Many of the crooks we are seeing are actively using social media," Simonds says. "Once you friend them, they can see more of your profile, they can directly message you, and they can find out more information about you."
Once a cybercriminal uses this information to gain access to your email account, they may be able to steal and abuse any information stored within it, open new accounts using your credentials, or launch attacks on your online contacts.
Run a test
Consumers should know how much of their personal information is available online in order to help protect themselves from these risks. A good way to do that is to test how simple it is to find your data online.
Here's how it works: Go online and search for your name, email, and other personal details. Read through your social media profiles to see what data is listed publicly. If you don't need to include data like your home address, delete it. The less personal information that's spread around online, the less chance there is for it to be abused.
You can also use a dedicated email account just for online shopping and other similar activities. This way you can better tell whether you are being messaged by a friend or a phisher. Simonds urges using two-factor authentication whenever it is offered.
"It is one of the best things you can do to secure your account," he says.
What is identity theft? How do criminals use your personal information against you? Find out here.