One key to many doors: How much value is in your Email address?

With the number of global email users projected to grow to 4.73 billion by 2026, email has become one of the most important platforms for communication in the digital age. For many people, an email address is their main digital identity. Kaspersky examines what fraudsters can do with a person’s email address and how to keep it safe.

“Much like your own name, an email address has an enormous amount of information attached to it. Both our professional and personal email addresses are among major assets of interest to a growing community of sophisticated cybercriminals worldwide,” says Brandon Muller, Technical Expert for the MEA region at Kaspersky.

Most online login forms, portals, e-tailers, and mobile apps require an email address. So, even though hackers need passwords to both an individual’s email and online accounts to access, an email address is an important starting point for them to implement different fraud scenarios.

Cybercriminals can target an individual with phishing emails containing malware attachments or malicious links to fraudulent website. They can also employ sophisticated social engineering techniques to gain personal details like a person’s bank account number, ID number, physical address, phone number or passwords, amongst others. 

Spoofing an email address is another risk. This involves creating a fake email address that looks like an individual’s address but has minor and tough-to-spot changes (like swapping a number with a letter or adding a dash). Hackers can then extort information from that person’s friends and family whilst pretending to be them. This approach is often missed by spam filters on email clients.

What’s more, by using a reverse email search tool, a cybercriminal can discover who owns that specific email address. This can provide them with an important starting point to get as much freely available personal data from a person as possible. With many people’s emails often containing their name and a memorable number, usually a date of birth, these two identifying factors are enough for many cybercriminals to begin gathering more lucrative personal data online which can be used to steal an identity or commit financial fraud. 

Protecting an email address

With the risks that exposure of one’s email address (or addresses) can pose to their personal and professional privacy and wellbeing, it’s important to know how to protect an e-mail address from unauthorised access.

• Strong passwords

“One of the best ways for a person to keep their email address safe is to use strong passwords. It is difficult to steal personal information with just an email address and no password. This makes a strong password of around 10 to 12 characters long, containing a mix of special characters, numbers, uppercase and lowercase letters, one of the best ways to keep an email address safe,” says Brandon Muller.

Memorizing passwords, especially to rarely used accounts, might be a challenge, and this is where a Password Manager can become an indispensable tool that works like a private, encrypted vault to unlock which you just need your main password. Such solution is synced up across devices and it helps auto-filling logins, card payment details, and personal data for forms on any website or app.

• Spam filters and blocking

It is important to ensure the email provider’s spam filter is always active. This reduces the likelihood of clicking on a malicious email or link. However, even with this in place, it is always good to remain vigilant in case such emails make it through the spam filter (which might be the case with spoofing for example) and block and report any suspicious emails to the service provider or the IT team, when it comes to business emails.

• Two-factor authentication

Two-factor authentication has become a business and consumer essential. Most trusted email clients offer this service as standard. This security measure requires a person to enter additional identifying information such as a secret answer to a question or an authentication code sent to that user’s mobile phone.

• Burner email account

It is also a good idea for a person to use a ‘burner’ email account when signing up to a website or app that looks suspicious. This is an email account with false or very little identifying information that can be scammed and hacked without fear of negative consequences.

• Stay vigilant

Educating oneself in cybersecurity best practices is not something that can be done once. People need to stay up to date with the latest training available from the business. Home users should also keep their software up to date and never click on anything suspicious.

“You don't know what you’ve got ‘till it’s gone – this phrase in most cases applies to e-mails as well. Whether for business or personal use, email has become the foundation of our digital lifestyles. People should remember how important it is to keep their email accounts safe while remaining vigilant against a constantly evolving cybercrime environment,” concludes Brandon Muller.