NEWYou can now listen to Fox News articles!
My friend Lisa called me last night, voice shaking. Someone had cleaned out her PayPal. Then her Amazon. Then they tried her bank. Three accounts in 40 minutes. The criminals never touched her passwords. They didn’t have to.
They had her email.
10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026
Think about what lives in yours right now. Bank statements. Medical results. Your retirement account, your mortgage company, every streaming service, every store you’ve ever bought anything from. And here’s the part that should stop you cold: every password reset link on the planet gets delivered straight to your inbox.
A criminal doesn’t need to hack your bank. They just need your inbox. One account. Every other door swings wide open. That’s not a flaw in the system. That’s how email was designed to work. And most people protect it with the same password they’ve been using since the Bush administration.
Nope. Not anymore.
Online criminals prowl the web for information on your banking, personal documents and other related accounts. Experts say your email could be a gateway for this activity. (Sergei Supinsky/AFP via Getty Images)
Here’s how fast it actually happens
The criminal goes to your bank’s website. Click “forgot password” and type in your email address. The bank sends a reset link to your inbox. The criminal, already inside your email, clicks it, creates a new password and walks right in. Then they do it to your Amazon. Your PayPal. Your brokerage. Your health insurance portal.
Each account takes about 60 seconds. It’s less effort than ordering a pizza.
The FBI calls this account takeover fraud, and it cost Americans $2.7 billion last year alone. The part that should really bother you: 81% of victims said they thought they were “pretty careful” about security beforehand. (Their words, not mine).
BE AWARE OF EXTORTION SCAM EMAILS CLAIMING YOUR DATA IS STOLEN
Three moves. No excuses
1. Get a real password for your email right now.
If your email password is under 16 characters or reused anywhere else, change it today. I use NordPass ($1.43 a month) to generate passwords that look like a cat walked across my keyboard. You remember one master password. It handles the rest. That’s the whole deal.
Experts say that securing your email can limit your exposure and vulnerability to cybercrime. (Cyberguy.com)
2. Turn on two-factor authentication. But not the text message version.
Two-factor means even if someone steals your password, they still can’t get in without a second code. Good. But here’s what most people don’t know: SMS text codes can be hijacked through something called a SIM swap attack. A criminal calls your cell carrier, sweet-talks a customer service rep and transfers your phone number to their device. Now your “secure” text codes go straight to them.
Use Google Authenticator instead. It generates codes on your physical phone, not through your carrier. Go to your email account’s security settings and swap SMS verification for an authenticator app. Takes five minutes.
NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS
3. Audit every app connected to your inbox.
Every time you clicked “Sign in with Google” to access some website or app, you handed that app a key to your email. Some of those apps can read your messages. Some can send emails posing as you. I did this audit last year and found 34 apps with access to my Gmail. Thirty-four. Apps I’d completely forgotten existed, still holding a master key to everything.
Go here right now: myaccount.google.com > Security > Third-party apps with account access. Revoke anything you don’t recognize or actively use. Gone.
Experts say taking a few simple steps to audit apps and emails will protect you from cybercrime vulnerabilities. (CyberGuy.com)
Your bank has a fraud department. Your credit card has zero-liability protection. Your email? Nobody’s covering that one but you.
Twenty minutes. Three moves. Lisa wishes she’d done it on a boring Sunday afternoon instead of a panicked Tuesday night.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Your inbox is either a fortress or an open door. There’s no in between. And unlike your front door, this one doesn’t even need a deadbolt. Just strong security.
Kim Komando is America’s Digital Goddess, heard on 510 radio stations nationwide. For more tips on staying safe online, visit Komando.com.
