Skip to content


Lowdown on Hijacked Email

Emailing information is fast and convenient. We do it often without a second thought – and that discarded second thought can come back as a painful reminder that you need to be careful to prevent your email address from being hijacked.

There really isn’t a lot you can do about hiding your email address or anything else, for that matter, even if you never go online. That really came home to us personally when we moved this summer. The purchase of our new house, the sale of our old house – everything – was public record. My email address is out there because it’s part of my business. I want people to contact me.

So, it’s there, and it can be planted like a seed. What happens? Well, you might be one of 25 people getting a message as an addressee or cc. If someone has hacked one of those person’s email accounts, it’s like the fox getting into the henhouse.

Here’s what can happen. All the hacker needs to do is substitute an email address for any one of the 25 addresses in the list. If I’m one of those people, for example, my name only, Norman Rosenthal, might appear in the list. But unless you hover your mouse over my name, you won’t see my email address: [email protected]. If hacked, the message to Norman Rosenthal could unknowingly go to [email protected]. (More hacking originates from Russian domains than anywhere else in the world.) So, when you hit Reply to All, the message – and all those names – go to a bad guy who can try to penetrate everyone’s computer.  If he’s successful, he can plant a virus or malware of some sort on every computer in an address book that doesn’t have good protection. He can send a scam message and get a bite, or – if you read the previous article, the bad guy can get into an Outlook file that has user names and passwords for bank accounts.

You can prevent your email address from being hijacked by using some common sense and taking a few precautions.

  • Most obvious, if something looks funny or out of character, don’t open the email or click on links. If a request from a friend doesn’t seem right, pick up the phone and call if you must do something. Otherwise, just delete it.
  • Use strong passwords for all online access to your email accounts.
  • If you’re sending usernames, passwords or account numbers, don’t send it to a big list. Send it to one person and send it in a series of emails. Put part of the info in each email. That way, if one gets intercepted by chance, the hacker likely will not be able to piece all the info together.
  • Use bcc if you must send a message to a long list of email addresses. It will prevent those massive Reply-to-All responses. Remember, if 25 people send Reply-to-All responses, those addresses are being exposed 225 times.
  • If you’re buying or selling something over the Internet, such as on Craig’s List, hover over names and email addresses and make sure it feels right to you.

We’re available by email or phone – 973-433-6676 – if you have any questions about ways to prevent your email address from being hijacked.

This article was published in Technology Update, the monthly newsletter from Sterling Rose LLC.