In the constantly changing online world of new apps, devices and services, it can be quite easy to forget about the pivotal role played by your email account in securing your digital environment.
Whether it is your Twitter, Facebook, Netflix or online shopping account, your email account will generally play a central role in securing access to these web services. If a cybercriminal gains access to your email inbox, many of your other online accounts may potentially be at risk simply by using the password reset functionality of these web services.
The password reset procedure usually involves sending an email to your email account—if a cybercriminal chooses a time when you are asleep, they could potentially reset your other online account passwords without your knowledge. You may not realise this has happened until the next time you try to use those accounts.
And when you discover your account passwords have been reset, you may also discover that the email address associated with an online account has been changed. You will no longer be able to use your own email account to regain access to that account. Often there is a lengthy and difficult procedure required for you to regain access to that hijacked account—where you’ll have to prove to the account provider that you are the correct account holder.
It is easy to forget the role that email serves in your daily life. Banking statements, bills, receipts, communications between family, friends and work are routinely sent via email. Accessing this information provides cybercriminals with numerous opportunities to exploit your identity. They can for example:
- send emails posing as you to your friends and family claiming a serious injury or that you’re trapped overseas and in desperate need of a money transfer—these can appear very realistic as the cybercriminal may include personal details about your movements gained by accessing your previous email communications
- use your email account to send emails to your business contacts containing fake invoices payable to their bank accounts
- launch ‘spearphishing’ attacks against your friends, family and work colleagues seeking to obtain information that will only be provided to a trusted party.
For many people, however, the most disturbing consequence of having your email account taken over by an unknown third party is the violation of your privacy when your personal communications are made available. We consider that securing your email account is just as important as securing access to any of your other online accounts—including your banking accounts.
So, what can be done to protect your email accounts?
- Always set a strong password on your email account and ensure you don’t use the same password elsewhere.
- If your email provider offers two-factor authentication, we recommend you use it.
- If you use your email account on a public computer, make sure you logout of your account when you finish your session.
- Find out about malware and how to defend yourself by following the tips in our malware video: