TL Tech Logo
We Solve Your Problems. Seriously, we actually do.
Home
About Us
Services
Stories
Contact Us
Tools
Info Center
  • Sections

    • Code
    • Howto
    • Tips
  • Recent Entries

    • Recovering from a Broken Partition Table
    • RewriteRule in htaccess vs httpd.conf
    • Running PHP through mod_fcgid
    • How They Got Your Password
    • Installing mod_reqtimeout on cPanel
    • Following the Hacker — passwords
    • Using Nginx as a reverse-proxy
    • Dead-simple templates in PHP
    • Tell-a-friend SPAM
    • PHP mail via SMTP

Protecting Your Email Account

Picture yourself filling out the following form. Maybe you’re signup up for a new account at a blog, or forum, or gallery, or the latest Web 2.0 social gadget. Look at the fields, and imagine what you would put into each one.

Sign up for FREE

Now — and answer honestly — did you just give this unknown website the password to your email account? If you’re like most people, then you probably did.

Most people have just a handful of passwords that they use for everything. Often one password for banks and other high-security sites, and one for “normal” sites, like forums and email. But if someone knows your email address, then they they know where to to go to check your email. And now you just gave them the password to your account. Whoops.

So, what can the bad guy do with your email password? Just about anything, it turns out. When it comes to your online identity, forget bank accounts and social security numbers — your online identity is your email address.

First, he can set up filtering and redirection rules so that important messages from important companies, (like your bank) will be forwarded to somewhere else, where you’ll never see them. Then he can read through your mail history  to see what assets you might have that are of value. And finally, he can start sending “I forgot my password” requests, and grant himself control over everything you own.

What’s more, it’s not just your bank account and credit card that you’d have to worry about. For example, if you run a website or work for an important company, the hacker can easily leverage your email account  to attack these assets as well. He can (permanently) transfer ownership of your domain away from you, for example. And many of the most sophisticated attacks against major corporations are traced back to someone’s email account getting compromised.

Your email account is the key to your kingdom. Be very, very cautious with it.

© 2006-2014 TL Tech Services LLC. All rights reserved. Contact us to inquire about republishing rights.