Email addresses are like opinions—nearly everyone has one. It is the most public piece of personal information you have besides your name. But what you may not know about your email address could hurt you.
Your email may not seem like personally identifiable information at first blush, and for good reason. It is a requirement of everyday life. Asked for a list of sensitive personal information, I feel pretty certain that most people wouldn’t think of their email address right away. It’s not like a Social Security number, or even your date of birth. However, to an identity thief, your email address is one of the pathways into your financial life.
More and more regulators and legislators are codifying email addresses as sensitive personal information and adding it to the definition of PII in laws and regulations for this reason. In the wrong hands, an email address can be a big problem.
1. It’s the Command Center for Your Online Life
If a thief gets control of your email account, you are vulnerable to attack elsewhere. Many passwords reset via email, so even if you use a separate, long and strong password on, for instance, your bank account, a thief with access to your email can reset it. Many sites offer the choice between password reset via email or a mobile phone. Choose the latter for greater security.
2. It’s an Easy Way to Speak Directly to You
Email is the vehicle of choice for phishers and spearphishers. That’s why so much effort on the part of fraudsters has gone into designing email messages that look like the real thing. Gone are the days of bad graphics, bad grammar and spelling that would put a 5-year-old to shame. Cyber scammers use email because it works. Offering a deal that is too good to be true; scaring the daylights out of the email recipient about an existing account, or a new account or suspicious activity; threatening big penalties for unpaid tax bills — the triggers are too many to list.
Providing personal information via email or entering sensitive personal information on a website designed to look like a financial or government institution can be a sort of Pavlovian response for many people. If you fall for the trap, you will become an unwitting co-conspirator in the theft of your own identity.
3. It Contains Other Sensitive Information
Your email address often contains your name; your name and a number that means something to you or others who know you; or your name in combination with the name of the company where you work. Even if it doesn’t contain your name, it may include the year you were born, the college you attended or your favorite band. All of that information becomes tiny breadcrumbs that can be used by scammers to piece together passwords, answer security questions or even just help the thieves appear like they know who you are so they can get you to send cash or give up even more sensitive information.
4. It Often Doubles as a User ID
Take a moment to think about the number of websites that either prompt you to use your email address in the user ID box or even pre-populate the user ID box with your email address. The theory is that consumers don’t want to be bothered to come up with different user ID for their email, financial services and social networking sites. Using an email address makes it really simple by keeping things uniform and easy.
But what’s convenient for you is just as convenient for scammers. Hackers and identity thieves can also get into your accounts faster if you use an email address as your user ID, and it’s the first thing they try. Consider the fact that it places them 50% down the road toward gaining access to your financial life.
5. Scammers Can Use It As ‘Proof’ They’re Legitimate
One of the many ways that identity thieves work is by running a con, often when they have a few pieces of information, like a phone number and email address and home address, and want to parlay that into more useable data points. This typically involves the deft deployment of known facts to create the illusion of access in the hope of getting still more.
How it works: If a crook has your email address, they can usually cobble together other facts about you, like your name, where you live, where your kids go to school—any information that is online and contains both your email address and an implicit statement of fact about you: e.g,. your email on a PTA meeting list. A scammer can then call you up and use those facts to “prove” they know you in an attempt to get access to your financial accounts or other information they need to steal your identity. Never provide information to someone who contacts you. Ask for the name of the organization that contacted you, find their number independently and contact them directly.
If you bear in mind that email can get you in trouble, and act accordingly, you can save yourself a lot of grief. Sharing doesn’t always mean caring. When it comes to your email address, your need to share would be better served by giving money to a charity.
Adam Levin is chairman and founder of CyberScout and Credit.com, where this post originally appeared.