Contact us | Membership Enquiries 0800 028 0245 | Search

Brits leaving emails wide open to hackers


Over half of all those surveyed aged 18-25 reuse their email password for other accounts – putting their cyber security and identity at risk.

The Government’s Cyber Aware campaign and global information services company Experian are urging Brits to help protect their email accounts from hackers with a strong and separate email password through #OneReset campaign.

  • Despite 68% of 18-25 year olds with an email account saying they were worried about hackers using their personal information to steal their identity, 52% reuse their email password for other accounts
  • Over three quarters (79%) of Britons surveyed with an email account have sent personal information – such as their address or bank details – over email*
  • More than half (55%) of those sending their passport or driving licence by email, and 52% of those sending their bank or credit card details have not deleted them from their sent items.
  • Despite these risks only 8% of those surveyed picked improving their online security from a number of ways in which they felt they needed to “reset” their life

New research from Experian and Cyber Aware released today has revealed that the UK public’s email passwords could be leaving them wide open to hackers – putting themselves at risk of identity theft. Despite 66% of those with an email account saying they were worried about hackers using their personal information, such as passport details or home address, to steal their identity, more than a quarter (27%) reuse their email password for other accounts, and this goes up to 52% when it comes to 18-25 year olds.

The research highlights the worrying amount of personal information people surveyed keep in their email accounts – what Detective Inspector Mick Dodge, National Cyber PROTECT coordinator with the City of London Police has described as a ‘treasure trove’ for hackers.

Over three quarters (79%) of those surveyed share personal information, such as their address or bank details over email, and of those who did, 67% have not deleted all the items. More than half (55%) of those sending their passport or driving licence still have it in their sent items, 52% have still got bank or credit card details, 66% mortgage or tenancy agreements and 56% handwritten signatures.

Hackers are able to exploit a weak email password which is why Experian and Cyber Aware are urging the public to take the simple step of having a strong and separate password for their email account to help protect their identity. Your email account is a gateway to a vast amount of information and hackers can also use your email account to access many of your other personal accounts, by asking for your password to be reset. 55% of those surveyed with an email account have six or more online accounts – from social media to online shopping – with some as many as 21 – so not adopting simple protective measures could have major personal consequences.

Despite these risks only 8% of those surveyed picked improving their online security from a number of ways in which they felt they needed to “reset” their life. The results form part of Experian and Cyber Aware’s #OneReset campaign which is encouraging everyone to think about the simple resets they can do to make their lives better – from resetting their fitness regime to getting control of their finances – while at the same time taking cyber security more seriously to help protect their identity. Making just one reset to their email password to keep it strong and separate from all other passwords can help protect Britons from the majority of cyber threats.

This taps into a growing desire to ‘reset’ various aspects of our lives – with 83% of people surveyed agreeing they felt they needed to make a reset to their lives. The most popular “resets” are improving fitness, (48%), followed closely by “a healthier diet” on 41% and “getting more sleep” in third on 37%. But those aren’t the only resets those surveyed were keen on pursuing – nearly two fifths (19%) want to reset their careers through a change of job and over one in ten want to reset their dating or love lives.

Detective Inspector Mick Dodge, National Cyber PROTECT coordinator with the City of London Police said: “People might worry about cyber security but the reality is that doing something about it is often bottom of the list. The UK public need to take action. Your email account is really a treasure trove of information that hackers won’t hesitate to exploit. You wouldn’t leave your door open for a burglar, so why give criminals an open invitation to your personal information? Making one simple reset to have a strong and separate email password can make a big difference and help protect you from being the latest victim of cyber crime. ”

James Jones, Head of Consumer Affairs at Experian said: “Identity theft continues to grow and leaves victims feeling worried and vulnerable. We helped around 15,000 victims restore their credit ratings last year, which for complex cases can take several months. Having a strong and separate password for your email is one simple but crucial step to staying safe, as is protecting your identity by keeping an eye on your credit status. You can meet your “Data Self” with Experian and monitor your credit score for free via our website and app.”

Cyber Aware ambassador Dr Hazel Wallace said: Cyber Aware’s new research has revealed the most popular reset people want to make is to their fitness routine. This is essential but when you’re making a lifestyle reset it’s also important to make a reset to your online health as well by using a strong, separate password for your email. Hackers can use your email to access all of your personal information by asking for a reset to your passwords for other accounts.”

Cyber Aware and Experian have the following top tips to better protect your online identity:

  1. Use a strong, separate password for your email account.
  2. A good way to create a strong and memorable password is to use three random words. Number and symbols can still be used if needed, for example 3redhousemonkeys27!
  3. Use words which are memorable to you, but not easy for other people to guess. Don’t use words such as your child’s name or favourite sports team which are easy for people to guess by looking at your social media accounts or simple substitutions like ‘Pa55word!’
  4. When available you should use two-factor authentication on your email account. It gives it an extra layer of security, as it means your account can only be accessed on a device that you have already registered.
  5. Don’t use public Wi-Fi to transfer sensitive information such as card details.

Top