Affiliate Disclosure: By buying the products we recommend, you help keep the lights on at MakeUseOf. Read more.
It may seem odd at first, but an email account is a goldmine for scammers. A hacker can do more than get their hands on your coveted chicken casserole recipe; it can cause damage to your identity and finances.
So, why do scammers want your email account, and what can you do if they crack your password?
What Can a Scammer Do With My Email Address?
Scammers typically get into an email address either via brute force or through a database leak. Once they’re in, they can perform several actions with the email account.
1. They Can Impersonate You to Your Friends
It’s common knowledge that you should never trust an email that isn’t from someone you trust. As such, the old trick of emails claiming you won $4 million in a lottery you never entered doesn’t trick people as easily anymore.
This advice is a double-edged sword, however. While it makes us more critical of emails sent from a stranger, it also makes us more trusting of emails sent by people we know and love.
Scammers use this weakness by hacking the accounts of victims, then contacting their friends or family. If the scammer is good at impersonating people, they can trick the victim’s contacts into believing it’s them.
From this point, the scammer can ask the victim to do whatever they please. They may claim that they’re in some financial trouble, asking the friends to wire some money to the hacker. They could send a link to a malicious program and claim it’s a video of the friend doing something embarrassing.
As such, it’s a good idea to exercise caution, even if it’s supposedly your good friend sending you an email. If in doubt, try to contact them over the phone to see if their request is legitimate.
2. They Can Crack the Passwords on Your Other Accounts
If you sign up to a website with sub-par security practices, they’ll send you an email confirming your username and password when you sign up to them. All this will be in plain view for anyone who gained access to your email.
Most websites don’t disclose the password in the sign-up email for this reason. These emails are, however, likely to mention your username in the sign-up email, which a hacker can use to gain access to that account.
For example, if you use the same password on your email account for everything else, the hacker already has the password they need to access your other accounts.
If you don’t, the hacker can still request a password reset from each site. The website sends a reset email to your account, which the hacker can then use to change it to their whim.
3. They Can Use It to Crack Email-Based Two-Factor Authentication (2FA)
Sometimes, a hacker will have the password to someone else’s account but will be stopped by an email-based 2FA system. Hackers can get through 2FA systems by getting hold of wherever the authentication codes are displayed. Should a hacker gain access to your email account, they can get through any email-based 2FA measures you have set up.
Some websites send you an email when they detect an unusual login pattern. This email will ask you if the login attempt was genuine, and will usually give you a button to confirm the login attempt. Hackers can subvert this security measure if they have your email address by allowing their login attempt when the email comes in.
4. They Can Collect Sensitive Information
If the hacker gets access to a work email account, it could be devastating for the company. Any sensitive financial details, company login information, or passwords to physical locks are all visible to the hacker. This information allows them to perform digital or physical theft on the business.
Personal accounts may also have sensitive information hiding within their inboxes. Any banking correspondence may give away details which a scammer can use to make purchases on your behalf.
5. They Can Steal Your Identity
If your account doesn’t contain sensitive business information, a hacker can instead settle for stealing your identity.
A hacker can harvest a lot of information from your emails. Invoices have your name and address in plain view, and the scammer can collect any photos you may have sent. If the hacker gets enough information, they can use the data to steal your identity and apply for services under your name.
Keep every source of personal information you have on the internet safe from prying eyes. It’s worth learning about the pieces of information used to steal your identity so you know what you can share, and what to hide.
6. They Can Learn When You’re Out
If a hacker finds transport tickets or booking details for a hotel in your email, they’ll know you’re out of the house during those days. Combine this with your address harvested from an invoice, and a scammer knows when and where to burgle your home.
It’s essential to keep your travel plans and locations secret, else you run the risk of attracting burglars to your property. There are many ways burglars can tell when you’re on vacation, so keep things quiet while you’re away. Don’t worry; you can always upload those beach snapshots and selfies when you get back home!
What to Do If a Scammer Has Your Email Address
If a scammer has your email account, you should try to change the password immediately. If the hacker hasn’t considered changing it, you’ll have some time to set a different, stronger password and lock the hacker out.
Unfortunately, hackers will sometimes change the password to lock you out. In this case, you’ll need to go through your email provider’s support page to unlock it again. They typically ask for past login information and may require proof of identity to give your account back.
Once you’ve changed your password to something stronger, try attaching a two-factor authentication (2FA) security measure to your account. Even if a hacker gets your password again, they need also to have the 2FA token on-hand, which is easier said than done.
If this interests you, be sure to learn how to secure your Gmail and Outlook accounts with 2FA.
Protecting Yourself From Scammers
You may not be worried about a hacker gaining access to your email account, but think about all the information a stranger can get by reading your mail. Compromised email accounts are potential goldmines for scammers, so it’s worth keeping yours secure with a robust password.