You are probably already aware that a hacker can do a lot of things when they get their hands on your details, credit card details, bank information and all that.

But you may not have realized what they can do with just your email address. Your email address contains a lot of information, enough information for someone to cause some serious damage.

Should you give out your email address to just anyone?

It’s impossible to keep your email address a total secret. After all, you use it for so many different services, whether it’s for social media accounts, online banking, online shopping, insurance companies… A lot of times we can’t sign up for anything anymore without an email address. These days, your email inbox contains a lot of information that can be used against you. Most people use only one email address for everything, meaning someone can find every service you’re using, and acquire more information through sending emails from your account.

You should be selective with who you give your email address to. One obvious reason is that you may get spammed with marketing emails, but also phishing emails.

Phishing Emails that Try to get your login information

A phishing email is a type of online scam that appears to be from a well-known source, like your internet provider, your bank, services like PayPal…

With a phishing email, looking like a trusted service provider you know and use, they will try to make you take action. It will look urgent, for example they will say your account was compromised and someone made a 20.000 dollar transaction. But they stopped it, and now you need to secure your account.

But by clicking that link to secure your account, you are giving them information. They will lead you to a fake website, where you will be asked to put in your current password and change it to a new one. However, this just gives them access to your login and old password, which they can then use to access your actual account. You will probably even be prompted with a next page, asking to confirm the code that was sent to your email or phone number.

Mind you, this hacker is simultaneously accessing your real account, and you are giving them the 2FA code they need to get complete access.

Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. 2FA gives businesses the ability to monitor and help safeguard their most vulnerable information and networks.

In the same way, they can try and get your password for other accounts or even for your actual email account.

Spoofing your email address

This doesn’t even have to mean that they hacked your email inbox. It’s quite easy these days to just make it look like an email has come from your account. A lot of online scams use this trick. By impersonating your email address, they try to scam other people who know you, who think they can trust the email. Spoof messages can also contain malware, spyware or requests for money, targeting the people you know personally or professionally.

Malware is a software that is specifically designed to disrupt, damage, or gain unauthorised access to a computer system.

Spyware is software that enters a user’s computer, gathers data from the device and user, and sends it to third parties without their consent. It’s a strand of malware designed to access and damage a device without the user’s consent.

At best, your reputation takes a hit, worst case scenario you actually get involved in crime that also hurts other people.

All your accounts could be at risk

Most logins consist of two components, a login and a password. Considering most logins are just your email address, they already have half the information. Using the phishing technique, they can get your passwords. They could possibly also guess your password or try to guess it using software.

If they do, you can lose access to all your accounts. The only thing they would have to do is go to any website or service, enter your email address and click the “I forgot my password” — option.

Remember, things like Google Drive for example are all linked to these accounts. Same with your Apple ID. It accesses a lot more than just your emails. If you have active location sharing on, they also know where to find you physically. It can grant them access to a lot more than just your online life.

Identity theft

Once they can gain access to your email address inbox or another account linked to your email address, they can learn enough information about you to even steal your identity. Using your bank or tax information, they can get loans, apply for new credit cards and even withdraw your money.

Just with your email address, they can also find your accounts on social media, on LinkedIn… They can find more and more information on you and possibly your network.

They can find your address, phone number, employment information and all sorts and extort that information to their benefit, or sell it online.

Doxxing is the act of publicly disclosing someone’s personal data (information) online, such as their real name, home addresses, workplace, emails, phone numbers, and even sensitive data like social security numbers, without their permission.

Their goal might actually be spear phishing. In which case, it’s not about you, but who they can access once they have hacked you. It gives anyone with bad intentions access to your social and/or professional network.

Spear-phishing is a type of phishing attack that targets specific individuals or organizations, typically through malicious emails. The goal of spear phishing is to steal sensitive information such as login credentials or infect the targets’ device with malware.

Your 2FA might be compromised

If they gain access to your email account and then block you from accessing it, you may lose access to your 2FA codes or recovery options, if you’ve set those up with your email address.

Things you can do to protect yourself:

1. First things first, the best thing you should do is set up one or more free email accounts, next to your main account. While using your main account for possibly your bank account login, you should use other email accounts for other services.
   
   • Any mailing list you want to sign up for, can go to a different email account 
     
   • Social media accounts can be another email account. 
     
   • Online retailers can be a third account.
     
     Every time you use a service you don’t fully trust, do not give them your main email account. Just to keep all your information safe. Because even if you do everything to not have your data stolen, it is also possible this data is stolen from one of these online services you are using or have used.
     
2. It may sound too obvious: use a strong password!
   
3. To block phishing emails, experts recommend downloading an anti-phishing browser extension or security apps that protect against phishing attacks. If you never receive the phishing email, you can’t open it or click on a bad link!
   
4. Hide (or mask) your email address. Most email providers offer the options to create aliases, meaning when you send an email, it shows a different email address. It’s still linked to your actual, main email address, but it can not be used to log in anywhere (unless of course you decide to use these aliases as logins).
   
5. 2FA or MFA. As discussed, they can sometimes easily get around Two-Factor Authentication, but MFA, or Multi-Factor Authentication, is a lot harder to get around. Multi-Factor authentication (MFA) is a multistep account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.
   
6. Open a browser in incognito mode and search for your own email address. You’ll be amazed what information comes up at times. Take the steps necessary and change the privacy settings on your online and social media accounts to hide the information visible. Make sure you don’t overshare personal information openly on the internet.
   
7. Create a new email address if you are receiving too much spam or think you may have been hacked.