Why would anyone want my e-mail account?

One of my train acquaintances’ e-mail addresses got hacked last week. And yesterday The Consumerist warned not to play games on social networking sites telling people what your royal name would be by substituting things like the names of places you’ve lived for your real name. That led to people asking why anyone would want an Ordinary Joe’s e-mail account.

Ordinary Joe’s e-mail account is priceless, that’s why.

Here’s the reason you should never, ever play games that involve personal information like past pet names, past street addresses, mothers’ maiden names, or anything else of the sort, and never, ever, ever, unless there’s literally a gun to your head, post it to a social networking site.

Information like that can be used to recover all sorts of things, like the password to your e-mail account, and even bank and credit card information in some cases. Companies have to provide some way to let you in when you forget your password or your PIN, and about the only thing they can do without creating public outcry is to ask you to confirm obscure information about yourself. And that’s fine, until people start posting the stuff on Facebook in the name of inane fun.

The information is in public databases, in many cases. But why look there when so many people are willing to post it to Facebook while giggling?

And I don’t care who you are, your e-mail account is valuable. The question is how many thousands of dollars it’s worth to the right person.

I hope that got your attention, so I’ll say it again. I don’t care who you are, your e-mail account is worth thousands of dollars, if not more.

Your e-mail account contains a lot of valuable information. The address book has e-mail addresses in it. Someone probably is reading the e-mail accounts associated with those addresses. The inbox has e-mail in it, some of which was sent by real people expecting replies. That means those are valid e-mail addresses in active use with real people reading them. Not throwaway addresses like atomicpuppy1234@charter.net.

Spammers buy lists of e-mail addresses, if you haven’t heard. If you can provide some kind of evidence that real people are reading them, presumably they’re willing to pay more. There are tons of e-mail addresses for me floating around, but some of them haven’t been valid since 1998, either because I’ve changed jobs or the companies that hosted them went bust. Or both, in a couple of cases.

Someone with a suitably sized pile of good e-mail addresses can sell them to not just one, but multiple spammers. So there’s ample motivation.

And besides that, the person who steals that e-mail address can, after harvesting all the e-mail addresses from it, turn around and use that address to blast out some spam. Since it’s coming from a valid e-mail address rather than a fake one, the spam is more likely to be read. And the address isn’t traceable back to him. It’s not as efficient as setting up a rogue SMTP server and blasting out millions of messages programmatically from fake e-mail addresses, but it’s postentially more effective, and it’s a lot harder to get caught.

So that’s why you shouldn’t post personal information online for all the world to see. And you should use a strong password to protect your e-mail account, and not use the same password for your e-mail, your Facebook, your eBay, your Paypal, and whatever else it is you do online. Because if you have the same password on all of that, someone can do even more damage. If they’re willing to steal your e-mail account, I guarantee they’re willing to empty your Paypal account and order a bunch of stuff, send it to a vacant house a block away from them, and leave you with the bill.

If you found this post informative or helpful, please share it!