Account takeover fraud can devastate your finances, but implementing three key security measures can help protect your email and associated accounts from criminals.
Criminals no longer need your passwords to access your financial accounts; they simply need your email. This alarming trend has become a significant concern as account takeover fraud continues to rise.
Recently, a friend of mine, Lisa, experienced this firsthand when her PayPal account was drained, followed by her Amazon account, and an attempted breach of her bank account—all within 40 minutes. The criminals did not require her passwords; they only needed access to her email.
Consider the sensitive information that resides in your email inbox. It contains bank statements, medical results, retirement account details, mortgage information, and access to every streaming service and online store you have ever used. Perhaps most concerning is that every password reset link is sent directly to your inbox.
With access to your email, a criminal can easily reset the passwords for your other accounts. They simply visit your bank’s website, click “forgot password,” and enter your email address. The bank sends a reset link to your inbox, which the criminal can access if they are already inside your email. Within minutes, they can breach your Amazon, PayPal, brokerage, and health insurance accounts.
This type of fraud, known as account takeover fraud, cost Americans an estimated $2.7 billion last year. Disturbingly, 81% of victims reported believing they were “pretty careful” about their security before falling victim to this crime.
To safeguard your email, start by changing your password if it is under 16 characters or if you have reused it across multiple accounts. Consider using a password manager like NordPass, which generates complex passwords that are difficult to guess. You only need to remember one master password to access all your accounts securely.
Implementing two-factor authentication (2FA) is another crucial step. Even if someone steals your password, they cannot access your account without a second verification code. However, many people are unaware that SMS text codes can be intercepted through a method known as a SIM swap attack. In this scenario, a criminal convinces a customer service representative at your cell carrier to transfer your phone number to their device, allowing them to receive your “secure” text codes.
To enhance your security, switch to an authenticator app like Google Authenticator, which generates codes directly on your physical device rather than through your carrier. This change can be made in just a few minutes through your email account’s security settings.
Additionally, be mindful of the permissions you grant to third-party applications. Every time you use the “Sign in with Google” option to access a website or app, you may inadvertently give that app access to your email. Some applications can read your messages or even send emails on your behalf. Conduct an audit of your connected apps by visiting myaccount.google.com, navigating to the Security section, and reviewing third-party apps with account access. Revoke access to any apps you do not recognize or actively use.
While your bank may have a fraud department and your credit card may offer zero-liability protection, your email security is solely your responsibility. Taking these steps can significantly reduce your risk of falling victim to account takeover fraud.
In just twenty minutes, you can implement these three essential security measures. Lisa wishes she had taken these precautions during a quiet Sunday afternoon rather than in a state of panic on a Tuesday night.
Your email inbox can either be a secure fortress or an open door. Unlike your front door, it does not require a deadbolt—just strong security practices.
For more tips on staying safe online, visit Komando.com.