Best Practice for Protecting Email Identities

How to defend yourself against digital identity theft

As ever more services are moving online, your email address is becoming the cornerstone of your digital identity. No wonder that cyber criminals have begun to target email addresses for identity theft, financial fraud and other online crimes. Make sure you know what cyber criminals are up to so you can defend yourself against digital identity theft!

Digital Identity Theft is an emerging threat

In order to make a profit of digital identities, criminals must first get ahold of them. Unfortunately, that is not a difficult feat. Online services are regularly targeted by hackers looking to extract personal data, causing headlines that describe ever larger breaches: “Hackers Stole Personal Data of 2 Million T-Mobile Customers”, “Tens of millions of hacked Gmail and Yahoo Email accounts are being sold on the dark web”, “Every single Yahoo account was hacked – 3 billion in all”, “Twitter advising all 330 million users to change passwords after bug exposed them in plain text”, “Facebook Security Breach Exposes Accounts of 50 Million Users” and even recently “Store of 770m email addresses and passwords discovered after being put on hacking site”. Worryingly, these headlines cover only those breaches that became public. A considerable number of breaches never gets media coverage: either because the organization that was hacked chooses not to publish any information about the hack – or because they didn’t even notice that a hack took place.


The “Dark Web” and Crypto Currencies are an attractive infrastructure for cyber criminals

Having stolen online identities, cyber criminals often turn to the “dark web” to hawk their wares. The dark web has recently gotten a lot of coverage by the media. It consists of forums, online shops and other websites that cannot be accessed as part of the regular internet. Because they are hard to find, dark web forums give cover to all kinds of activities that can not stand the light of day. The combination of such an attractive infrastructure and the development of anonymous currencies such as bitcoin has given rise to a lively market for identity data. Email accounts and other online identities are being sold at low rates  by criminals looking to make a quick profit.

We often set our priorities on comfort and not on cyber security

The risk increases by the fact that many people use the same email address and password to register accounts with multiple online services. For instance, “85% of the millennials admit to re-use credentials across sites and services”. This leads to a major problem if cyber criminals breach one of these services: a security breach at a single online service can mean that hackers immediately have access to your complete digital identity across all services.

The Digital Identity Theft defense strategy

Having your digital identity stolen can be a harrowing experience. Fortunately, there are some measures you can take to prevent identity theft and to limit its impact.

First and foremost, you should make sure that even if your online identity is breached, the associated data are of no use to cyber criminals. For example, make sure that you use a different password on every website. That way, a data leak on a single website does not lead to cyber criminals getting access to all your other online identities.

In addition to using unique passwords, you should make sure they cannot be easily guessed. “1234” and “password” are so easy to guess that even unskilled hackers can gain access to your account immediately. Instead, choose a complex password (a long password containing letters, numbers and other characters) or a passphrase (a combination of words that is easy to remember but hard to guess).

Some websites offer enhanced security measures, such as two-factor authentication using a smartphone or a security token. By enabling such features, hackers cannot login to your account, even if they manage to obtain your user name and password.

Independent Online Identity Monitoring closes the defense gap

Finally, make sure you are notified if your data are breached. BULIDSEC Email Identity Guard monitor data breaches for any signs of your online identity. That way, you can take countermeasures, such as changing your passwords or closing your accounts, before cyber criminals gain access to your accounts.