Zombie accounts might come back to bite you

zombie ghosts and pumpkins

If you’ve been using the internet for any length of time, you’ve probably set up online accounts with a lot of different organisations. Maybe to make a purchase, sign up for a free trial of a product or service, or to download something you wanted to read.

Most of us fail to close these accounts later. Perhaps we plan to come back later to make a second purchase, or to have another look, but never get around to it. Usually that account is just left forgotten and unused.

This is a potential problem, because people often use weak or duplicate passwords for what they see as ‘throwaway’ accounts, being in a hurry to get to the goodies. And an email address + password pair, once stolen by criminals, can be used to try to gain access to your other, perhaps more sensitive, accounts using that pair.

Some companies do a good job of closing unused – or zombie – accounts these days. They send reminders that they’ll close the account on a certain date if you don’t at least log in, giving you the chance to revive it if you want it. Other companies, though, make it really difficult to delete an account once it’s been opened, and by the time you find that out, it’s too late.

What can you do about zombie accounts?

When setting up accounts online in the future, for whatever reason, consider:

  • Hiding your email address by using a temporary email address or by setting up new email addresses and using them for different purposes
  • Always using a strong and unique password. You may need to use a password manager if you have hundreds to remember, but don’t forget that you should be able to enter a reset-password loop if you need to
  • Never saving your credit card information in that account; always enter it yourself when making a purchase, or use a payment service that conceals your credit card information from the seller
  • Setting up multifactor authentication for that account if at all possible
  • Keeping your business accounts away from your personal accounts
  • Making a note to delete that account at a future date. Put a date on it, and follow up. If you decide the account is useful to you, keep it; otherwise clean it up.

And if you suspect you have unused accounts out there, maybe set aside some time to go through your old emails to try and track them down and remove them. If deleting the account seems to be impossible, change the password to make it as strong as possible.

For cyber security help for your business, contact the Click and Protect team on 0113 733 6230 or via this form.