You may not pay that much attention to your email account. You set it up, use it, and basically forget about it until it's too late, and one day yours is hacked, wreaking havoc on your account and your life. Most people have no idea how valuable a hacked email account is and how much damage a criminal can do with yours.
Why is an Email Account Valuable?
Whenever you set up an account online, whether it's to purchase a subscription for Netflix or buy something at a retail store like Amazon, you are asked to enter your email address. Therefore, your email address is associated with all your accounts, and that may include bank logins, credit card accounts, work clients or vendors, video chat registrations, retail stores, and social media accounts.
If hackers get ahold of your email address, they can then purchase data stores (databases and lists) of stolen credentials scored in data breaches and match up your email address with your login passwords. Suddenly, a total stranger has access to your stuff and can even request a password reset and change your logins so that you are locked out.
Many people reuse passwords on multiple websites, leaving themselves very vulnerable to credential stuffing. That's when a hacker tries your stolen login credentials for one account on others and may get lucky and can take control.
As mentioned by KrebsOnSecurity, here are some figures for how much-stolen accounts are worth on the dark web: "iTunes accounts for $8, and Fedex.com, Continental.com and United.com accounts for USD $6. Groupon.com accounts fetch $5, while $4 buys hacked credentials at registrar and hosting provider Godaddy.com, as well as wireless providers Att.com, Sprint.com, Verizonwireless.com, and Tmobile.com. Active accounts at Facebook and Twitter retail for just $2.50 apiece."
What Else Can a Hacker Do If They Hack Your Email?
If hackers get ahold of your email account, they cannot only use it to send spam on your behalf (even offensive messages), but they can also grab your contact lists and spam all your family and friends with junk email. Because the email comes from a legitimate source (your account), hackers can pretend to be you and claim to be in trouble in desperate need of money, asking them to wire transfer funds right away without you ever knowing a thing.
If you save emails that contain software keys or licenses, once a hacker gets into your inbox, they can see these, steal them and take over your other accounts. Say you have accounts on Google Drive or Dropbox; those could instantly be compromised as well.
Any other private or secret information sent to you through email is now in the hands of thieves. They may even try to hold your inbox for ransom. It's not unheard of for hackers to resort to extortion in addition to other crimes. They can sometimes gain access to additional resources, including your photos, GPS location, and call records.
The most alarming aspect of an email hack is that there may be enough information stored in your webmail account for them to take over your bank accounts and drain them as well.
How Do Hackers Get Control of Your Email Account?
Hackers have a variety of ways they get into someone's account. If the service that hosts the email account is vulnerable, they may get in through a weak link there and take over many accounts (like what happened with GoDaddy recently).
They can also take over your email account if your computer gets infected with a virus or malware.
Regardless of how they take control of your email account, they can mess with your employment, vendors, clients, family, friends and create a lot of chaos in your life before you get control of it all. The best way to avoid all that is to take precautions to protect what is yours now before thieves get their hands on it.
How to Protect Your Email Account
First, you should be very selective when choosing an email hosting company account. The email that comes bundled with a web hosting account is typically not that secure and may be vulnerable to hacking.
The next thing you should do is turn on multi-factor (or at least two-factor) authentication for all your services (especially email) and your devices when it is offered. Services like Gmail, Hotmail, Live.com, and Yahoo all provide this extra level of security. Review all your accounts (social media, cloud storage like Dropbox and others) to turn on these additional protections.
- Never reuse the same passwords on multiple accounts.
- Keep all your devices updated with the latest security patches.
- Install antivirus/anti-malware software and run deep scans often.
- Be on the lookout for any suspicious emails or phishing attempts that could infect your computer.