Cybersecurity Update: Your Email Address: The Weak Link in Your Security

                                                                                        May, 2017

Take a second and think about how many times per day you enter your email address to log into an account that is not your email. How many emails do you get from retailers alerting you to a big sale? A lot.

We’re quick to give away our email address to get information or deals—but is it putting our security at risk?

Yes, because every time we enter our email address into a database, we are handing a crucial window into our lives over to companies that often have questionable security practices.

According to a study done by security firm BreachAlarm, 41% of people who check their email address against a database of known hacked email accounts discover that their account has been compromised in a data breach. Mobile identity company Telesign found that two in five people have had an account hacked and a password stolen.

Our commonly used email addresses and passwords are out there for sale on the black market. When companies get hacked, your email address is exposed. And often your password is stolen along with it. But even if it’s not, there’s another easy way for hackers to break in to your email account.

They can use the password reset feature. In many cases, you can reset a password and access an email account by correctly answering security questions. More often than not, these questions can easily be answered by information found on the Internet. For example, “Where did you go to high school?” can be discovered by a quick visit to your Facebook page or a Google search.

Anatomy of an email hack

Once thieves are in your email account, they have the keys to your digital life.

A break-in of your primary email address exposes various aspects of your life. For one, your private life is unmasked: your correspondence, names, addresses, phone numbers, appointments, messages, passwords, photos, and more are in the hands of a hacker.

Social media activity is at risk—your Facebook, Instagram, Twitter, and Pinterest accounts can all be accessed via your email.

Your medical history also becomes public. Many insurance companies send notifications via email about new claims and payments. Clicking on a link in an email from your health insurance provider can give a hacker enough information to commit medical identity theft—a rising threat.

And we’re not done yet. A hacked email account can also uncover sensitive business information such as internal documents, salary records, competitive intelligence, and client notes. Any work you’ve done with a non-profit or in your community can be found as well.

Most dangerous: If your online bank, brokerage, or other financial accounts are linked to your personal email address, hackers now have a path to your money. Once they control your email account, they can hijack your bank account by performing a password reset and then start transferring money.

As you can see, your email account is a digital version of you. Unauthorized access gives the thief enough information to impersonate you and commit frauds that affect all areas of your life.

Keeping hackers away from your money

In order to protect your most sensitive financial accounts, you need to reduce your digital footprint by creating a secret email address. This email will only be used for your financial accounts—credit cards, brokerage banks—reducing the chance that it will get swept up in the next data breach.

When you create your secret email address, you do not want it to include any revealing information such as your first name, last name, initials, or birth date in your username.

You also want to choose the stronger security features to protect this account. Many email providers have begun phasing out password recovery questions because the answers can often be found by searching on the Internet. If you can, choose a recovery phone number for password reset. With this option, a code will be sent to your mobile phone and you will need to provide that code in order to complete the password reset.

Be sure to keep this secret email separate from your primary email address. Doing so will help you maintain secrecy and reduce the chances that a hacker can gain access to your finances. 

Cybersecurity Shorts

Fake Apple support team looks to steal iCloud credentials. Apple customers have received calls from scammers asking for iCloud usernames and passwords and other personal information. The scammers are taking advantage of false claims that millions of iCloud accounts had been compromised. If you receive a call claiming to be from Apple that asks for personal information, hang up.

Tech-savvy? You’re at greater risk of falling victim to identity theft. A study by IT training company CBT Nuggets found that those who are confident in their computer use are 18% more likely to become an identity theft victim. Only 3.7% of those surveyed followed all of the basic security requirements while 40% were “too lazy” or found it to be “too inconvenient.” These basic security requirements include using a VPN and using unique passwords, among others.


Edward J. Kohlhepp, Jr., CFP®, MBA

Edward J. Kohlhepp, CFP®, ChFC, CLU, CPC, MSPA

Founder & CEO


Please contact us whenever there are any changes to your financial situation, personal situation or investment objectives.



Don't Sell on Headlines
The Fed's Rate Hike

Archived Newsletters

Investment Updates

Newsletters Sign Up

Account Login

Contact Info

Kohlhepp Investment Advisors, Ltd.
3655 Route 202, Suite 100
Doylestown, PA 18902
Phone: 215-340-5777
Fax: 215-340-5788

Securities offered through Cambridge Investment Research, Inc. a Registered Broker/Dealer, Member FINRA/SIPC. Investment Advisory Services offered through Kohlhepp Investment Advisors, Ltd., a Registered Investment Advisor. Kohlhepp Investment Advisors, Ltd. and Cambridge Investment Research Advisors, Inc. are not affiliated.

Due to various state regulations and registration requirements concerning the dissemination of information regarding investment products and services, we are currently required to limit access of the following pages to individuals residing in states where we are currently registered. We are licensed in the following states: AZ, CA, CO, DE, FL, GA, IN, KY, LA, MA, MD, NC, NJ, NY, OR, PA, RI, SC, TX, VA, VT, WA

Check the background of this firm on FINRA's BrokerCheck