This post has been modified to reflect new information since its original publication.
Imagine someone emailing your bank (from your own email address), posing as you in order to withdraw large sums of money. This actually happened to a Vox journalist as a result of someone hacking her email account.
But what if you don’t have a lot of money saved? Are you still at risk? The unfortunate truth is that—regardless of your net worth—cybercriminals are targeting your email account, and you need to know how to defend yourself.
Keep reading to learn more about email privacy, including 13 tips you can follow to protect your valuable information.
Why you should worry about email privacy
When someone gains access to your email username and password, that person can easily collect enough personal information about you—usually via people-search sites—to steal your identity and damage your online reputation. Because it is a good money-maker, email hacking has grown into a huge industry. There’s even a website where you can check to see if your account information has been compromised.
One reason cybercriminals are going after email accounts is due to the way email works. Even without being hacked, email is one of the least secure forms of communication. In fact, some have compared it to a postcard because its contents are viewable by anyone who happens upon the message during its travels. This is because email is not a direct form of communication.
Email messages pass through numerous servers, including those of the various Internet Service Providers (ISPs) and mail clients involved. And each server stores multiple copies of every message, with additional copies stored on the sender and recipient’s devices. As such, even when you delete your original email, you aren’t removing all the other copies that exist.
Even more worrisome is the fact that your email is connected to everything you do online. Nearly every time you sign up for an online service, you have to enter your email address. Once you are registered, the service usually sends you an email containing your password information and terms of service.
Therefore, hackers who have access to your email inbox automatically gain entry to your accounts on all of these websites. This can be especially harmful if hackers obtain the login credentials to your financial accounts or your business’s website, where you store confidential data about your customers and employees.
And don’t forget that once someone has your email username and password, they can see everything you’ve ever sent via email. This includes pictures, tax forms, contracts, and personal communication—all of which can be used against you.
Email privacy tips
You should always be concerned about your privacy when using email, but you don’t have to abandon it entirely to keep your information secure. Instead, you can follow these tips to mitigate the risks:
- Use a strong password: Your email password is the only thing standing between your private personal information and Identity theft. Therefore, it needs to be as strong as possible. The key ingredients of a strong password are length (with longer being better); a mix of letters (upper- and lowercase), numbers, and symbols; no connection to your personal data; and no dictionary words.
- Beware of public Wi-Fi: Hackers often set up fake hotspots that enable them to intercept and store people’s personal data. This gives them access to a host of information, including email usernames, passwords, credit card numbers, bank account details, and more. Although many people know the dangers of using public Wi-Fi, research from BullGuard found that two-thirds of individuals have configured their devices to connect to the nearest hotspot automatically. To stay safe, don’t use public Wi-Fi, especially if you are signing into online banking, checking your email, or doing anything else that might reveal sensitive information.
- Protect your address: While your email address is hardly a secret (as everyone can see it on each email you send) there’s no reason to give it out when you don’t need to. For example, don’t post your email address on social media or include it in blog post comments because cybercriminals are constantly scraping these sources for new victims.
- Lock your screen: Don’t leave your email account visible for others to see. Even if you’re just stepping away for a minute, you should always lock your desktop. Otherwise, a passerby could read your mail or (if they are particularly evil) reset your password. On a Windows machine, hold the Windows key and press “L” to lock the desktop. On a Mac, you can use Command+Control+Q or Control+Shift+Powerbutton. If your Mac has an optical drive, click Control+Shift+Eject.
- Sign out every time: In addition to locking your screen, it’s always a good idea to sign out of your email account whenever you are not using it. This is especially important if you are using someone else’s computer or if another person has access to yours.
- Don’t fall for phishing scams: An email or text message that tricks you into revealing your private information is called a phishing scam. Thousands of these types of cyber attacks occur every day, and many are successful. In fact, the FBI reports that, in 2020, phishing schemes cost Americans $54,241,075. Google has even gone on record saying that phishing attacks are the “greatest threat” to its users. To avoid becoming a victim, never click on any email links. If you receive a message from a company you do business with, contact the firm to verify that it sent the email before responding.
- Encrypt your connections: To safeguard your personal information from identity thieves, you need to encrypt the connection between your computer and your email server. This prevents personal data like usernames and email addresses from being intercepted by eavesdroppers. (An encrypted site’s address will start with https:// instead of http://.) Some mail services, like Gmail and Outlook, encrypt your connection automatically, while others require you to alter your security settings manually. A good way to ensure your messages are always encrypted is to use a VPN.
- Use a secure email service: Once your messages reach the mail server, they’re readable by anyone in the relay chain between you and your recipient. To solve this problem, you’ll need to encrypt the actual content of your emails with a secure email service like Hushmail, CounterMail, or ProtonMail.
- Use two-factor authentication: With this extra security measure, anyone trying to log into your account must prove they’re you by entering a temporary passcode that your email provider sends to your phone. Another advantage to this feature is that you’ll know that someone else is trying to log into your account when you receive passcode messages when you aren’t trying to log in.
- Understand your service provider’s TOS: To plug all the security holes in your email account, you need to first know what they are. And the way to find out is to read your email provider’s Terms of Service. Does it encrypt messages on its server? Does it have any defenses against brute-force attacks? Does it promise to protect your data? While you might assume that your email provider values your privacy, there’s a good chance it doesn’t see privacy in the same way you do. Google, for example, lets third-party developers read your emails.
- Don’t send personally identifying information via email: The easiest and most effective way to keep your vital data protected is to not share it electronically in the first place. Instead, communicate your private information in person with the individual or organization who requires it.
What to do if your email is hacked
Of course, regardless of the precautions you take, there is always a chance that your email information will be hacked. If this happens to you, make sure you respond appropriately. Don’t panic, but don’t be complacent either. Instead, take the following steps:
- Change your password and security questions for any hacked accounts: The first thing you need to do is to prevent the hacker from logging back into your account. Make sure the new password is a strong one and not related in any way to your old one. For security questions like “what’s your mother’s maiden name,” you should provide a fake answer, such as “MyLittleFlowerpot” and store it in your password manager. You could also use a password generator to create an answer.
- Scan your device for malware: Hackers ultimately want your money. This means that they’ll often attempt to install keylogging software and other malware to discover your financial passwords.
- Check your account settings to see if anything has changed: Check your forward settings. Hackers sometimes alter this to forward copies of every email you get to themselves. This lets them watch for any messages that contain valuable login information. You should also check your signature to see if the hacker changed it to a spammy one that will continue to market their product even if you’ve locked them out. Next, examine your “reply to” address and make sure that it hasn’t been changed to one that is similar to yours. Finally, ensure that the hacker hasn’t turned on your auto-responder to act as a spam machine.
- Reclaim your account: If the hacker only used your account to send mass mailings to all of your contacts, consider yourself lucky. Often, hackers also change your password, thereby locking you out of your account. If this happens, you’ll need to reclaim your account. This usually involves clicking on “forgot password” and using your backup email address or answering your security questions.
What else you can do to protect your privacy
Whether you are the victim of an email hacking or are just concerned about protecting your personal information, it’s important to know what your options are. A quick and easy way to do this is to call ReputationDefender. We offer free consultations 24/7 to discuss your unique situation.
To learn more about online privacy, see the following articles: