Sticking With One Email Address Is A Security Risk

Australians can find plenty of useful security advice for consumers and businesses at staysmartonline.gov.au. Reusing passwords is a major security risk but another sensible precaution is to avoid using the same email address for everything. Creating extra addresses or aliases can be a hassle, but it certainly makes it more difficult for hackers to bring you down.

One simple way to do this is to use a separate free webmail account — from the likes of Microsoft, Google or Yahoo! – to sign up for services which you think are likely to leak your email address to spammers and hackers.

Something like [email protected] might do the trick, ensuring you only use it when signing up for cut-rate online shopping sites. To make life easier, you might forward this account to your primary email address but filter those emails into a sub-folder or colour code them so you can easily tell where they came from.

This way if you receive an email to that address regarding a supposed unpaid tax bill, overdue electricity account or request to reset social media passwords you can safely ignore it – knowing that it’s a scammer trying to trick you.

Most online scams take a shotgun approach but some are targeted particularly at you, especially if you run a business. Another way to stay safe is to use different email addresses for all your important online services.

Managing a dozen webmail accounts is obviously a hassle, an easier way to go about it is to create alias email addresses which funnel into your primary inbox, once again using sub-folders or colour coding so they’re easy to spot. Think of it like using a PO Box to receive your snail mail, so you don’t have to tell the world where you live.

Different email services support aliases in different ways, so it’s worth checking the advanced settings. Some let you choose any login, such as [email protected], while others even let you choose from a range of domain names so you can use [email protected].

Unfortunately Google isn’t this flexible, if you’re [email protected] you can use [email protected] which helps in some circumstances but doesn’t mask your true email address.

This trick also makes it easier to spot phony emails, as emails which are sent to the wrong alias are clearly bogus – for example an Amazon password reset sent to [email protected] is certainly fake, and vice versa. The same goes for banking-related emails which aren’t sent to the unique email address you only use with that bank. Once again it’s important not to use these aliases elsewhere.

Using aliases also helps protect you against targeted attacks, because hackers can’t break into an account which doesn’t exist – particularly useful for cloud storage and backup services which contain sensitive information.

Your primary email address might be [email protected], but hackers targeting you will have no luck breaking into your Dropbox account if it’s under [email protected] or something more obscure which you never reveal publicly.

You might think that having a strong password and using two-factor authentication are enough to keep you safe – and they certainly help – but by using a unique alias you’re also foiling social engineering attempts to trick tech support into resetting your password, or attempts to hijack your mobile number to intercept two-factor codes.

Everyone has their own tricks for staying one step ahead of hackers, how do you stay safe online? Let us know in the comments.

This article originally appeared on The Sydney Morning Herald