Email Aliases Aren’t as Safe as You Might Think

They won’t completely stop phishing attacks

Key Takeaways

  • More and more services are offering to 'hide your email' when signing up for new accounts.
  • You can use these programs to hide your real email from certain stores and websites.
  • Experts warn that you shouldn't treat email aliases as a be-all-end-all solution, as they won't completely stop phishing attacks or spam.
A laptop computer with Gmail loading on the screen.

Solen Feyissa / Unsplash

Experts say using email aliases can provide an extra layer of security, but they aren’t a complete solution to protecting your online data.

As more services start to pop up for email aliases, it’s essential to understand exactly what these services offer. Like Firefox Relay’s new Premium plan, Paid options can be good for many, while free variants like Apple’s built-in Hide My Email function may work for others.

If you’re going to use an email alias service, experts say you shouldn’t treat it like a complete security solution. They warn that you’ll still need to pay attention to which emails you open and what links you click on within them.

“These services operate by creating aliases for your actual email address, which forward your email without exposing your actual email address. Because of this, it adds an additional layer of privacy to help protect one-half of your account details: the email address itself,” Nate Warfield, an ethical hacker and CTO of cybersecurity company Prevailion, explained in an email. 

“However, because they are only forwarding your email and not creating a separate email address, if you reply to the message, your actual email address can be exposed.”

"Email privacy tools like this are helpful, but users should also be using things like strong passwords, a password manager... and multi-factor authentication wherever possible."

Phishing for Pixels

The internet has made life more convenient over the past few decades, but it also has many risks. One of the most common is phishing attacks. These are attempts to gain information access to your personal information—whether it be credit card numbers, your Social Security Number, or even something as simple as your Facebook login info.

Phishing attacks were the most common type of cybercrime in 2020, according to the FBI. Bad actors can try to get your information in many ways—via email, phone calls, or even text messages. However, information from Verizon's 2021 Data Breach Report found that almost 96 percent of these attacks come in the form of emails. There's a lot more depth to those stats, too, including several different types of phishing that bad actors can use against you.

Ultimately, what's important about phishing attacks is that you're the only one who can stop them from getting the better of you. While helpful for hiding your email, services like Firefox Relay and Apple's Hide My Email won't completely remove the risk of getting a bad email.

"This doesn't stop phishing attacks, and if someone clicks a link and inputs their creds, that's still a risk," Warfield noted. He also warned that these services can't stop tracking pixels, which alert senders when you open an email. This is a common form of tracking that advertisers use, and it has been under scrutiny for some time.

Extra Security, Not a Silver Bullet

While email aliases can't completely stop phishing attacks, they do have their uses. Because they act as a proxy, some of these services offer filters that can reduce spam. They won't stop it altogether, but at the least, they can help you figure out where the spam is coming from.

Also, as privacy advocates like Paul Bischoff note, aliases are a lot easier to change than your email address.

"If you use an email alias to register an account on an online store, then start receiving spam emails to that address, you'll know that the store you signed up for was responsible for sharing your email," he explained in an email. "You don't get that level of transparency with a normal all-purpose email address."

A concept image of fishing hooks and lines attached to personal information icons.

Sarayut Thaneerat / Getty Images

Additionally, Bischoff says services like Firefox Relay can help you better figure out where phishing attempts or scams might be coming from, especially if a company you used that alias with suffers from a data breach.

Ultimately, email aliases can offer many helpful features. The important thing to note here is that these solutions aren't a complete line of defense.

"In the security industry, we advocate for layers of security since no single technique is 100 percent effective," Warfield said. 

"Email privacy tools like this are helpful, but users should also be using things like strong passwords, a password manager to help them use unique passwords for each website, and multi-factor authentication wherever possible."

Was this page helpful?