These days, most of us have two email addresses that we use frequently online: one for home, and one for work. Our professional email addresses will change every few years as we move from job to job – but you’re likely to use the same personal email address for years – maybe even a decade or more!
Both personal and work email addresses are our “home base” when we connect online. Your email address is a primary way to receive messages from people and businesses. An email address is also the one piece of contact information you most frequently share with services as you shop and bank. In fact, most of our online activity requires signing up for accounts and logging in, so your email address inevitably gets shared far and wide on the web.
What can hackers do with your email address?
Although your email address may seem rather ordinary, it’s actually a valuable piece of information. So why exactly do hackers want it?
First, your email is your primary identifier in the login process. If a hacker wanted to try breaking into one of your online accounts, knowing your email address is a solid first step. Obviously, they can’t log in without your password, but by knowing your email address, they could target you with phishing emails – malicious attachments that install malware on your machine. Alternatively, they could attempt to steal passwords on phony login pages, or even ask you directly in an email to disclose personal or financial information by impersonating someone reputable – including friends and family.
Second, any password reset requests will be sent to your inbox. If a hacker knows your email address and uses one of the above methods to log in to your email account, they could attempt to log in to other sites with the password reset option. Once they reset the password, they’ll have access to your accounts, and you won’t. They’ll likely reset the password to your email account, too, so that they can continue to take advantage of you while you're locked out.
Furthermore, given how often we use our email for online activity, your inbox is a treasure trove of personal information. In most cases, it even contains a list of all of your contacts. So, anyone who gained access to your email address would be able to tell a lot about the websites you use (including your financial accounts). It may give them information they need to steal money or uncover other personal information that can then be sold on the web. They can also mine your contacts list to send out phishing emails and/or malware to compromise even more accounts or defraud the people you know! Read about other signs that your email may have been hacked.
How to protect your email address
Good cybersecurity habits will go a long way towards protecting your email address from hackers. Here are some important tips to keep in mind:
Use a unique password. Never use the password for your email address on another website. Unique passwords ensure a data breach of another website is less likely to cause account takeovers.
Use a generated password. Make sure your password has uppercase, lowercase, numbers, and symbols. The more random and long it is, the less likely it is to be guessed or cracked by a hacker. A password manager can help you generate – and then store – a strong password.
Turn on MFA. Most email providers support multifactor authentication (MFA). MFA requires a second piece of information after you submit your password to log in. The second piece of information (or factor) may include a generated code, a swipe of your fingerprint, or a face scan. MFA makes it much harder for hackers to break in because they won’t have access to that second piece of information.
Turn on dark web monitoring. Data breaches are common occurrences, but we don’t always know when they happen or if we’ve been affected. Cybercriminals are regularly collecting and selling data on the dark web, but most of us don’t have the time or skill to see if our data is out there. Turning on dark web monitoring with a service like LastPass alerts you if your stolen credentials are on the dark web. Dark web alerts will help you understand where a breach occurred, what information was stolen, and what you should do next.
Create separate email addresses. You might consider a separate, “throwaway” email address that you use for online shopping. Not only will it keep your primary email address free of promotional clutter, it will reduce the impact of any data breaches. If your finances and other sensitive accounts are tied to your primary email address, it will be harder for hackers to figure out those other accounts with your throwaway email address.