What is the value of your email account?
If a malicious intruder gained unrestricted access to it, what data would they find? What would they be able to do with it?
I bet you don’t fully realize the importance of the data you have invested in your email account. Truth be told, if I hacked into your email, many of your friends and relatives, personal accounts and data, and confidential resources would be at risk.
Let’s take a closer look…
1. I could reset your passwords for many online services you use.
When you sign up for any online service, they typically ask you to provide an email address. In most cases, the individual who has access to that email address can easily request a password change request via a password-reset email.
Even if your email isn’t tied to online banking and merchants, it’s likely connected to other accounts you care deeply about.
2. I could blast spam and malicious content to everyone you know.
I could harvest all the email addresses of your contacts, who I could then inundate with malware, phishing attacks, and spam emails. And many of them will open these emails because they think they’re coming from YOU.
Those same poor contacts of yours may even receive an email from YOU claiming that YOU were robbed and stranded in some foreign country, and that you need them to quickly wire money to some account.
3. I could access all your cute photos and important files that you store in the cloud.
Do you use cloud storage services like Google Drive or Dropbox to store your pictures, home movies and other files? Refer back to #1 – the key to gaining access to those files also lies in your email inbox.
4. I could use or sell all the license keys to software you’ve purchase online.
If you’ve purchased software online, it’s likely that the license keys to this software is stored somewhere in your inbox. Now it’s mine – to use or sell to someone else.
5. I could pretend to be YOU and call your bank.
With access to your email account, I also have access to quite a bit of information about you. Surely your full name and phone number are in here somewhere. And maybe even your address and social security number.
If you have corresponded with your bank via email, chances are decent that I will have enough information to make an impersonation attempt to siphon funds and play some malicious games with your money.
And so on and so forth…
The five points above simply graze the surface.
The bottom line is that if I hacked into your email account, I could:
- Attempt to impersonate you.
- Access your private records (employment, retail purchases, photos, etc.)
- Harvest your personal files and contacts.
- Reset passwords and gain access your other online accounts.
- Contact and harass people you care about.
- Mess with your financial livelihood.
What can you do about this?
Until recently, many of the largest web service providers offered no security beyond a simple username and password combination. Increasingly, however, many of the prominent players have started enabling multi-factor authentication to help users like you from having their accounts hacked by someone like me.
Gmail, Yahoo Mail and many of the other major online email services now offer multi-factor authentication that you can (and should) use to further secure your account. Google Drive, Dropbox, Twitter and Facebook also offer more advanced account security options beyond merely asking users to use complex passwords.
Of course, all of this additional security is worthless if you neglect to implement it. So do yourself a favor and DO SO.
Photo by: Christophe Verdier