The reality is these days, stolen email addresses are a dime a dozen. Thanks to relentless data breaches, it’s safe to assume your email address is already in the wrong hands. Although it may not sound like much, it’s a goldmine for further crimes involving you.

• Is it Really You? A hacker can use your email address to impersonate you and send emails to your contact list including friends and family. They can ask for money, attach a malicious file or link, and say anything in your name. Should the message seem unusual or out of character for the person you know, verify it with them. Contact them directly but never use any information in the email since it could be under hacker control.

• Who has my PII? Hackers can gather a mountain of information about you starting with your email password. With it, a hacker has access to every email in your inbox. They can cobble together nuggets of your PII (birthday, home address, phone number, account numbers, etc.) in the messages to create a full profile to use against you.

• Password Cracks. With password “cracking,” a hacker figures out passwords to more of your accounts. They already have your email password, and they know emails confirming online accounts you signed up for will mention your username and maybe your password, too. Reusing your email password for other accounts lets a hacker request a login reset for each that locks you out of that account. They also try cracking other accounts, hoping you reused your password for them.

• 2FA Cracks. A hacker can intercept your 2FA code sent via email. 2FA (aka MFA) codes are meant to verify your identity during login, keeping others from getting into your account. But a hacker who’s cracked your account login knows some 2FA codes are sent by email, and they intercept the code before you suspect a thing. With it, the hacker has total access to your account.

• Identity Theft. With a hijacked email account, a hacker can use all the above and more to steal your identity. Once done, they can apply for a  mortgage, credit cards, get tax refunds, and anything else that benefits them using your identity.

What To Do

If you suspect your email account may be compromised, log out of it and sign-in again. If it’s blocked, there’s a good chance the hacker did it to lock you out. Check your email provider’s support page for more instructions and be ready to provide prior logins and other proof of your identity.

If your login password hasn’t been compromised yet, quickly change it with one that’s long and unique. A minimum of twelve characters with a mix of capital and lowercase letters, along with numbers and symbols is best. With a fortified password, a hacker is more likely to give up and move to their next victim.

Use 2FA when available to further protect your accounts. Although it’s not perfect, 2FA codes make it more difficult for a hacker to steal it and access your account, even if they have your password.

Considering what a hacker can do with your cracked email account, prevention is always the best medicine. Remember, the more difficult it is to hack the safer your account will be!