7 alarming things a hacker can do when they have your email address
Once a hacker has access to your email, they can access a lot of your information. Here are some of the things they can do – and how to stay safe.
Send emails from your address
This is probably the most obvious thing hackers can do with your email address, and it’s a nuisance for sure. Once hackers have your email address, they can use it to target more than just you, sending out email blasts to anyone (maybe even everyone!) in your contact list. As Garry Brownrigg, CEO & Founder of QuickSilk, explains, “They can ‘spoof’ an email message with a forged sender address – they don’t even need your password for this.” The things they send can be anything from harmful malware to scams and requests for money; either way, you’d certainly rather they didn’t come from your address.
And although it’s mostly harmless (most savvy internet users are able to catch on when they receive a scam email from a friend’s address), it could still be a problem in some cases. “If a criminal really wanted to hurt someone, they could use this as a way to hook a romantic partner, hack the victim’s employer, get the person in trouble at work, or cause any number of problems in their personal or professional life by impersonating them online,” says Jason Glassberg, co-founder of Casaba Security and former cybersecurity executive at Ernst & Young and Lehman Brothers.
Send phishing emails
Since there isn’t a lot that hackers can do with just the email address, they’re not going to stop there. “When a hacker knows your email address, they have half of your confidential information – all they need now is the password,” warns Greg Kelley of Vestige Digital Investigations. They employ a few different methods to access it, the most common being the phishing email. This is an email, in the guise of being a legitimate email from a trusted source, designed to trick you into logging in. “They might create a legitimate-sounding email that appears to be sent from a service such as Amazon, eBay, Paypal or any number of other popular services… Links in phishing emails will always direct the user to a purposefully built website that looks identical to the real service,” explains Ray Walsh, a digital privacy expert at ProPrivacy.com. “However, if people use the login on that fake website, the hacker instantly receives the credential and password for the real account.”
Another way they can do this, ironically, is by sending you an email saying that your account is compromised or has been accessed from a new device, so you need to change your password for security reasons. (You’ve almost definitely had one of those at one point or another!) When you change your password, then your account really is compromised and the hacker has your password. Once hackers have your password, the range of things they can do becomes much greater.