Why You Should Disconnect Usernames and Email Addresses

Eons requires an email address for login, and offers some of its features based on direct email address sharing between members. For instance, one of the Friends permission levels requires you know a potential friends email address in order to send a Friends invitation. This could give Eons scammers a tool to use in guessing your email address.

If you've used your Eons user name as the same name in the email address you use for login, you may be vulnerable. Some scammers are bright. If you've used your Eons user name in your email address, and used a common web-based email provider, how difficult would it be to guess your email? If you're GardenValerie on Eons, and your login email address is gardenvalerie @ yahoo.com, or hotmail.com, or gmail.com (to name only a few), "phishers" and other scammers can test that working address at Eons, by entering these possible combinations, one after the other, into the Invite Friends tool.

This is called a "brute force" approach to discovering hidden information. And of course, programs can be used to make this process more efficient. "For popular free email services like Yahoo and Gmail, some spammers try all alpha-numeric combinations up to a certain length, since the likelihood of finding valid email addresses that way is high enough to be worth the try." [1]

Current, valid email addresses have a monetary value, when collected into lists and sold to spammers. An address used as a site login is usually considered extremely "fresh".

This doesn't mean that Eons is lax about security. They're not. This is not a security hole. Eons seems to be an honorable company, at least in all my dealings with them. Using an email address for a site login is considered more secure than asking for just your site user name, however, most people should protect that email address a bit more carefully.

Think Ahead

No email address is completely safe. Programs can be used to hack or crack email addresses, however you can make it more difficult for less technical scammers. When you sign up for an email address, consider a username that is "one-off" from your desired username. Make it difficult for scammers to guess, while still easy for you to remember. Add a number to make it harder to guess. There are even cautions in that piece of advice, do not use a personally important date like your birthday, part of your social security number, your anniversary, year of graduation, kids birthdays, etc. Better, make your email address a clever variation of your desired username.

GardenValerie -- GardenValkarie, ValGardens, GardeningVal, GardensRVal, ValGuard, ValientGardner, GardenValerina

and then add a number, capitals, or a symbol, if allowed, i.e. GardensRVal2x2 @ email provider.com

Or use a "spam deterrent" email address from a provider such as SpamBog, SpamGourmet, or SpamFree24.

Too Paranoid For You?

I can certainly understand if you think that I'm overly cautious. There are many other methods, some innocent, that could be used to obtain your email address.

Simpler than "brute force" is social engineering. Scammers or any other innocent person could ask others for your email address. Many will hand over a friends address more easily than their own. If you wish to keep your email address secure, you need to caution others to be protective of it, as well.

Even more innocently, your address could have been revealed by a friend, accidentally, in a forward. Some people send email addresses to everyone on their email lists. If no precautions are taken (bcc, for instance) your email address could be broadcast to thousands of people as part of a forwarded email. Learn how to Remove Emails Addresses Before Forwarding so you don't help contribute to the distribution of others addresses. If others send you forwards with other's email addresses revealed, help in the education effort by explaining the safer process yourself, or referring them to online instructions.

There are many other ways spammers can obtain your email address. Ranging from reading AOL profiles to reading HTTP headers of your web browser, spammers have multiple sneaky methods to try discover your email address. Nineteen different methods are outlined in How Do Spammers Harvest Email Addresses. This resource also offers resource links that may help you trace received emails.

Speaking of Tracing

Be careful about opening email you suspect might be spam. Small tracking images are often included to help determine if a particular email address is active. Set your email reader program (or web-based email settings) not to display images, except from trusted senders, i.e. those in your personal address book, or collected addresses (those you have sent email to.)

A More Secure Email Program

If you receive email directly to your computer system, consider switching to a more secure, helpful email program. No matter how much spam filtering you have, more is always better. Mozilla Thunderbird offers spam filters, image filters, and phishing filters, built in. Thunderbird has current editions for Windows, Linux, and Mac.

Surf More Safely

See what your browser is saying about you, as you traverse the Web. No, this isn't a program. The information on the page is taken from your browser header. See if there's anything there that you recognize, like your email address. Too much info? Close it down with a personal firewall. Spend a few minutes at GRC's Shields UP! website, to learn more about securing your computer.

Excellent Anti-Spam Resources:

[1] Simple Techniques to Prevent and Fight Spam

How Do Spammers Harvest Email Addresses
Wikipedia: Anti-Spam Techniques
The Correct Way To Forward Emails

--- CDAARA, Manager Online Safety for Women Group