September 29, 2021
4 Reasons to Use Multiple Email Addresses to Protect Your Privacy
Posted by Rhiannon
When email was invented in the mid-1960s, it revolutionized how information is shared between people. It quickly took over snail mail as the preferred method of sending letters and other forms of communication. It also helped put personal information on the internet for strangers to see. While email is relatively secure, there are a few ways it impacts privacy. Here’s everything you should know about email and why using multiple email addresses can keep you protected online:
- A brief history of email
- What is email privacy?
- What are the threats to email privacy?
- How can cybercriminals threaten you through email?
- What happens if my email is hacked?
- Why should you use multiple email addresses?
- Other ways to protect your email accounts
A Brief History of Email
In 1965, the Massachusetts Institute of Technology (MIT) became one of the world’s first organizations to use computer systems. Because computer terminals at the time had no memory or storage capabilities, they all connected to a central mainframe, where the work of every user at each terminal was done and stored. To make this structure function for them, MIT employed a Compatible Time-Sharing System, with which users could schedule computer time, collaborate with others on the system, and store their files. This system paved the way for the earliest iteration of electronic mail, in which one user could leave a message in the file directory of another user. It functioned similarly to leaving a note on a colleague’s desk. However, in order to leave a message for another user, the sender had to be able to access their file directory.
Six years later, computer programmer Ray Tomlinson refined the email process, by adding the @ symbol to user’s names, thus creating a targeted address which a sender could use to direct their messages at a specific receiver.
In 1973, this system became widely adopted and a level of standardization was added to email clients. Standardized features included to and from fields, as well as the ability to forward messages to others. However, at this time, emails still remained contained to internal networks, as the internet had not yet been developed.
It wasn’t until 1989 that the company CompuServe started an internet-based email service, which allowed users to send and receive messages to and from anyone online, so long as they had access to an internet email service. From there, companies like AOL and Microsoft developed their own online email clients, and helped drive further development of the technology that is ubiquitous today.
What is Email Privacy?
In 2021, 319.6 billion emails are sent every day. In addition, roughly 3.8 billion people have at least one email account. The technology is critical to communication networks around the world, keeping businesses, supply chains, and crucial infrastructure systems in working order. They also help individuals connect with others.
Because email is such an important feature of everyday life, email privacy is just as important. The term “email privacy” refers to two different aspects of the technology. In the first, email privacy describes the process of keeping the contents of an email secure, both while in transit and while stored in a server. In the second, email privacy describes keeping individual email accounts private and secure from online threats that want to exploit the personal information stored in these accounts.
Different measures have to be taken to ensure that each aspect of email privacy is carried out successfully. While individual users can do little to protect their emails in transit and in storage, as that is the purview of the email client itself, individual users can help protect their account privacy in a number of ways, including using different email addresses for different purposes, which we’ll get into later.
What are the Threats to Email Privacy?
Dozens of email privacy threats lurk on the web, just waiting for you to lower your guard and let them wreak havoc. Most of these threats are carried out by cybercriminals, or “bad actors.” Despite the numerous methods of attack, each type can typically be assigned to one of two categories. Those categories are:
- Information theft attacks. In this type of attack, the criminal’s aim is to steal your sensitive or personal information, both from information stored in your account and from content sent or received in your emails. Once stolen, they can typically use that information to make money, whether through stealing your identity, selling it to third-parties, or blackmailing you directly.
- Damage attacks. Here, the criminal’s goal is simply to cause as much chaos for you as possible. They often do this by damaging (or deleting) your accounts or by even damaging your devices.
In some cases, attacks to your email privacy fall into both categories.
In addition, email privacy threats often have two different targets. These targets are:
- Individuals. Many cybercriminals target individual user accounts, in the hope that the target doesn’t have good security habits.
- Email clients. Cybercriminals may target the email client as a whole. This type of attack is typically harder to carry out, because most email providers employ robust security methods to protect all users but, if the attack is successful, the rewards for the criminal are much higher because they can steal the information of many users at once.
How Can Cybercriminals Threaten You Through Email?
As an individual, you must rely somewhat on your email provider to keep your account private and secure. However, cybercriminals know that individuals are often the weakest link when it comes to email privacy, so they target them specifically. As a user, how can cybercriminals threaten you through email? There are a few ways:
A phishing attack occurs when a cybercriminal tricks you into believing a fake email has come from a legitimate source. Most of these emails compel you to take some sort of action that allows them to steal your information once you do. Scare tactics are common in phishing attempts.
For example, the cybercriminal might send you an email that appears as though it has come from your bank. This email may say something like “We have detected unusual account activity. Sign in now to change your password,” and it will even give you a handy in-email link to change that password. Clicking the link may take you to a website that looks like your bank’s login page, but if you input your credentials, the cybercriminal will simply be able to copy them and access your account themselves.
In other cases, the criminal may offer a “reward” in exchange for your information. For example, they may send an email that looks like it comes from your favourite retailer, offering you a discount on your next purchase in exchange for filling out a survey. However, surrendering your information in this survey merely surrenders it to the criminal.
Malware is a portmanteau that blends the words “malicious” and “software.” There are different types of malware, including spyware (which spies on your activities and steals your data), ransomware (which locks your files until you pay a fee), and adware (which inundates your device with spam ads). One of the most common delivery systems for malware is through email.
Much like with phishing attempts, criminals attempt to hide malware as a legitimate download or email attachment. For example, they may pose as a retailer sending the victim a digital copy of their “recent receipt.” Because the victim didn’t make a purchase, they download the receipt to see what they were charged for, and inadvertently allow the malware to infect their devices. Malware also often targets business emails, because businesses often download attachments from vendors, customers, and other third parties without even considering whether or not the email is real. In these cases, malware often slowly infects an entire business network before launching an attack after it has taken over every critical system of the business.
A credential stuffing attack occurs when a criminal uses your username (often available publicly) and attempts to guess your password by “stuffing” guessed credentials in the password field. They may use a mathematical formula to guess common or likely passwords, or they may use details about you stolen from other locations online (like from your social media accounts) to make educated guesses. The simpler your password, the more likely a credential stuffing attack is to be successful.
Zero-day vulnerabilities occur when an email provider has a flaw in their security system that they don’t know about. Until this flaw is recognized and fixed, cybercriminals can exploit it. While individual users can’t prevent zero-day vulnerabilities from happening, you can help mitigate their risk. Most security patches for these vulnerabilities come in the form of a software or app update for your email client. By installing these updates as soon as they become available, you benefit from the patch right away.
Zero-day vulnerabilities and credential stuffing attacks especially can allow a hacker to gain access to your email account. This can have devastating consequences.
What Happens if My Email is Hacked?
If a cybercriminal is able to gain access to your email account, the impact on you can be severe. These are just a few of the things that may happen if your email is hacked:
- The hacker can send emails in your name. This can get you in trouble with anyone who receives these emails, including all of your contacts. In addition, hackers can use your account to phish your contacts, who trust your name when it shows up in their inbox.
- They can access your other accounts. Most of us use the same email to sign up for every new account. Worse than that, many people also reuse the same passwords on those accounts. If a hacker gains access to your email credentials, they can also sign into your other online accounts, if they use the same credentials.
- Your personal information is compromised. Your email address may include information like your name, address, date of birth, and more. In addition, the emails you send and receive may also contain sensitive information that you wouldn’t want falling into someone else’s hands. If your email account is hacked, all of the information associated with it and its emails becomes available to the criminal behind the hack.
- You may lose your identity. If a hacker is able to gather enough of your personally identifiable information from your email address, they may be able to steal your identity.
Why Should You Have Multiple Email Accounts?
Email privacy and security should always be taken seriously. The consequences of your privacy and security being breached are severe. They can even be life altering if the breach is bad enough. We’ll go through some of the ways you can help protect all of your online accounts. However, when it comes to email specifically, one of the best ways to increase your email security and privacy is to use multiple email accounts.
For users who do this, it’s recommended that you use different email addresses for different purposes. A minimum of two email addresses is good; one to use for your private personal and financial life, and one for everything else. However, you can use even more than that. For example, one email might be used to access financial information connected to your bank account and PayPal account. One might be for personal use, like staying in touch with acquaintances, applying for jobs, and making business inquiries. And you might use a third to sign up for online accounts like social media or retail websites (like Amazon, etc.), where you can track your interactions on these platforms.
By using multiple email accounts for security, you reduce the impact that one account being hacked can have upon you. The process of mitigating the hack is also much easier, because it won’t be able to trickle into every aspect of your life.
A few other reasons you might want to consider using multiple accounts include the following:
Sometimes you have to provide your email address to access services online. For example, making an online purchase or signing up for social media usually requires an email address. However, those services also often come with annoying, spammy emails that you don’t want to receive (and can’t always easily opt out of). Instead of cluttering your main email address with those messages, use a second address. This also helps protect your information in the event of a data breach at the provider level.
Separating Your Business and Personal Life
Email is a great way to communicate in a professional capacity. To keep it professional, however, often means using your real name and posting your contact information on a business website. By doing that, you run the risk of your information falling into the hands of strangers you don’t want contacting you, or having business contacts reaching out at all times of the day with no reprieve. To avoid this, use separate emails for your business and personal life. Only give the barest of details in your public business account, to keep your information safe.
Keeping Your Identity Secret
In some cases, you have to provide your email address and name to be able to take certain actions online. Those actions may include signing up for social media, writing reviews, commenting on articles, or participating in forum discussions. However, these situations also often make your email address public. Rather than give up your personal email address and identity, use another email with a name that doesn’t easily tie to you.
Having a Backup
When you set up an email account, it’s a great idea to also have a second account that can be used to recover passwords and manage unauthorized access alerts. This helps to keep all of your accounts more secure and private.
Other Ways to Protect Your Email Accounts
In addition to using multiple email accounts, you can also employ some account security best practices to improve your security on all online accounts, including your email accounts. These practices include:
Using a Strong Password
If your password is easy to guess, it increases your risk of being hacked. Avoid these most common passwords, and don’t use a password that is too short, uses dictionary words, or contains personal information about you (like your name or SSN number). In addition, don’t reuse passwords on multiple accounts. You can use our tips for creating strong, memorable passwords to help you out.
Avoiding Unnecessary Info Forms
Many platforms, email providers included, ask for a lot of personal information about you when you set up your account. When faced with these forms, avoid the temptation to give away your details like candy. Instead, fill out the minimum required information and leave it at that. This reduces the amount of information that can fall into the wrong hands and be used against you.
Using a VPN with Public Wi-Fi
If you use public wi-fi, it’s possible for anyone else on the network to see your activity and steal your information. Something as simple as checking your email on public wi-fi can put your information at risk. To reduce this risk, always use a VPN when using public wi-fi. This digital tool encrypts your activity and makes you anonymous online, so no snoops can steal your data.
Turning on 2FA
2FA stands for two-factor authentication. With this level of security, every time you log into your account, you will input your regular password as well as a one-time password sent to your phone or an authentication app. This prevents people without access to your other devices from accessing your accounts.
Vetting Your Email Provider
Some people choose to avoid big-name email clients like Gmail and Outlook. However, if you go this route, vet your chosen provider carefully to ensure their security is up to snuff.
Learning to Recognize Phishing Attempts
Phishing attacks have grown more and more sophisticated over the years. However, they may still be recognized in some cases, if you know how to spot them. Look for significant spelling errors, check the sender’s email address to make sure it seems legit, and don’t click any link or attachment in an email unless you can verify its legitimacy. Recognizing phishing attempts can go a long way to protecting yourself from them altogether.
Not Emailing Sensitive Information
Avoid sharing sensitive information in the emails you send, in case they’re intercepted or breached in storage. Information considered sensitive includes things like passwords, your SSN, medical records, financial information, etc.
Creating two or more different email addresses is an excellent, and simple way to protect your privacy online. By compartmentalizing your email life, you can mitigate the risk of hacking, spam, and more. Check back regularly for more tips on protecting yourself online.
Posted by Rhiannon
More Blog Posts
February 14, 2023
How the Investigatory Powers Act Impacts Citizen PrivacyIn 2016, the United Kingdom passed the Investigatory Powers Act or IP Act, into law. This act empowered the government and related agencies to access and collect citizen data, without consent. Critics immediately slammed the new law. The media dubbed it the “Snoopers’ Charter.” Meanwhile, Edward Snowden described the act as “the most extreme surveillance […] Read more
February 14, 2023
How to Easily Unblock Wikipedia with HotBot VPNWikipedia puts a wealth of information at your fingertips. Everything from the biography of Alexander Graham Bell to the basics of quantum computing can be instantly opened by curious browsers. But what happens when you can’t access that information? Whether a business network blocks it or a particular country censors it, don’t let that slow […] Read more
February 14, 2023