This post has been modified to reflect new information since its original publication.
Imagine someone emailing your bank (from your own email address), posing as you in order to withdraw large sums of money. This actually happened to a Vox journalist as a result of someone hacking her email account.
But what if you don’t have a lot of money saved? Are you still at risk? The unfortunate truth is that—regardless of your net worth—cybercriminals are targeting your email account, and you need to know how to defend yourself.
Keep reading to learn more about email privacy, including some tips you can follow to help protect your valuable information.
Why you should worry about email privacy
When someone gains access to your email username and password, that person can easily collect enough personal information about you—usually via people-search sites—to steal your identity and damage your online reputation. Because it is a good money-maker, email hacking has grown into a huge industry. There’s even a website where you can check to see if your account information has been compromised.
One reason cybercriminals are going after email accounts is due to the way email works. Even without being hacked, email is one of the least secure forms of communication. In fact, some have compared it to a postcard because its contents are viewable by anyone who happens upon the message during its travels. This is because email is not a direct form of communication.
Email messages pass through numerous servers, including those of the various Internet Service Providers (ISPs) and mail clients involved. And each server stores multiple copies of every message, with additional copies stored on the sender and recipient’s devices. As such, even when you delete your original email, you aren’t removing all the other copies that exist.
Even more worrisome is the fact that your email is connected to everything you do online. Nearly every time you sign up for an online service, you have to enter your email address. Once you are registered, the service sends you an email confirmation that can include sensitive information.
Therefore, hackers who have access to your email inbox automatically gain entry to your accounts on all these websites. This can be especially harmful if hackers obtain the login credentials to your financial accounts or your business’s website, where you store confidential data about your customers and employees.
And don’t forget that once someone has your email username and password, they can see everything you’ve ever sent via email. This includes pictures, tax forms, contracts, and personal communication—all of which can be used against you.
Email privacy tips
You should always be concerned about your privacy when using email, but you don’t have to abandon it entirely to keep your information secure. Instead, you can follow these tips to mitigate the risks:
- Use a strong password: Your email password is a key factor standing between your private personal information and Identity theft. Therefore, it needs to be as strong as possible. The key ingredients of a strong password are length (with longer being better); a mix of letters (upper- and lowercase), numbers, and symbols; no connection to your personal data; and no dictionary words.
- Beware of public Wi-Fi: Hackers often set up fake hotspots that enable them to intercept and store people’s personal data. This gives them access to a host of information, including email usernames, passwords, credit card numbers, bank account details, and more. Although many people know the dangers of using public Wi-Fi, research from BullGuard found that two-thirds of individuals have configured their devices to connect to the nearest hotspot automatically. To stay safe, don’t use public Wi-Fi, especially if you are signing into online banking, checking your email, or doing anything else that might reveal sensitive information.
- Protect your address: While your email address is hardly a secret (as everyone can see it on each email you send) there’s no reason to give it out when you don’t need to. For example, don’t post your email address on social media or include it in blog post comments because cybercriminals are constantly scraping these sources for new victims.
- Lock your screen: Don’t leave your email account visible for others to see. Even if you’re just stepping away for a minute, you should always lock your desktop. Otherwise, a passerby could read your mail or (if they are particularly evil) reset your password. On a Windows machine, hold the Windows key and press “L” to lock the desktop. On a Mac, you can use Command+Control+Q or Control+Shift+Power Button. If your Mac has an optical drive, click Control+Shift+Eject.
- Sign out every time: In addition to locking your screen, it’s always a good idea to sign out of your email account whenever you are not using it. This is especially important if you are using someone else’s computer or if another person has access to yours.
- Don’t fall for phishing scams: An email or text message that tricks you into revealing your private information is called a phishing scam. Thousands of these types of cyber-attacks occur every day, and many are successful. In fact, phishing was the number one internet crime reported in 2022 according to the FBI (in the FBI IC3 2022 Internet Crime Report). Google has even gone on record saying that phishing attacks are the “greatest threat” to its users. To avoid becoming a victim, never click on any email links. If you receive a message from a company you do business with, contact the firm to verify that it sent the email before responding.
- Encrypt your connections: To safeguard your personal information from identity thieves, you need to encrypt the connection between your computer and your email server. This prevents personal data like usernames and email addresses from being intercepted by eavesdroppers. (An encrypted site’s address will start with https:// instead of http://.) Some mail services, like Gmail and Outlook, encrypt your connection automatically, while others require you to alter your security settings manually. A good way to ensure your messages are always encrypted is to use a VPN.
- Use a secure email service: Once your messages reach the mail server, they’re readable by anyone in the relay chain between you and your recipient. To solve this problem, you’ll need to encrypt the actual content of your emails with a secure email service like Hushmail, CounterMail, or ProtonMail.
- Use two-factor authentication: With this extra security measure, anyone trying to log into your account must prove they’re you by entering a temporary passcode that your email provider sends to your phone. Another advantage to this feature is that you’ll know that someone else is trying to log into your account when you receive passcode messages when you aren’t trying to log in.
- Understand your service provider’s TOS: To plug all the security holes in your email account, you need to first know what they are. And the way to find out is to read your email provider’s Terms of Service. Does it encrypt messages on its server? Does it have any defenses against brute-force attacks? Does it promise to protect your data? While you might assume that your email provider values your privacy, there’s a good chance it doesn’t see privacy in the same way you do. Google, for example, lets third-party developers read your emails.
- Don’t send personally identifying information via email: The easiest and most effective way to keep your vital data protected is to not share it electronically in the first place. Instead, communicate your private information in person with the individual or organization that requires it.
Consider using aliases for additional security
Using aliases for additional email security can provide numerous benefits and help protect your email privacy.
What are aliases?
Aliases allow you to create alternate email addresses that can be used for different purposes, such as signing up for online services or communicating with different groups of people.
By using aliases, you can protect your real email address from being exposed to malicious entities.
If you use your real email address for various online activities and services, there is always a risk that it could be compromised or targeted by phishing scams.
However, by using aliases, you can minimize this risk.
Aliases work by routing emails sent to the alias address to your main email account. This way, you can still receive emails from different sources but keep your real email address private.
If you start receiving suspicious emails or notice an increase in spam after using an alias for a specific purpose, you can simply delete or disable that alias without affecting your main email account.
In addition to protecting your email address, aliases also provide better control over your email content.
You can create specific aliases for different purposes, making it easier to filter and organize your emails. This can be particularly useful when signing up for online services that may send excessive promotional emails or when communicating with various sets of individuals.
Overall, using aliases is an effective strategy to enhance your email security and protect your real email address from potential risks. Take advantage of this feature offered by popular email service providers and enjoy the added layer of protection it provides.
What is an email signing certificate? Well, it’s an encrypted key that you can use to authenticate the sender of an email. It’s a digital signature that verifies the email was sent from you and not someone else.
Earlier we talked briefly about encryption and VPNs. But Pretty Good Privacy (PGP) encryption is different.
PGP encryption is a widely used method to encrypt messages and ensure that the content of an email is only accessible by the intended recipient. It works by using two keys: one public key, which is available to anyone, and one private key, which only you have access to.
When you receive an encrypted message, it can only be decrypted with your private key. Similarly, when sending an encrypted message, your public key is used to encrypt it.
Overall, PGP encryption can be used to protect the content of your emails from outside access and ensure that the data stays secure while in transit.
What to do if your email is hacked
Of course, regardless of the precautions you take, there is always a chance that your email information will be hacked. If this happens to you, make sure you respond appropriately. Don’t panic, but don’t be complacent either. Instead, take the following steps:
- Change your password and security questions for any hacked accounts: The first thing you need to do is to prevent the hacker from logging back into your account. Make sure the new password is a strong one and not related in any way to your old one. For security questions like “what’s your mother’s maiden name,” you should provide a fake answer, such as “MyLittleFlowerpot” and store it in your password manager. You could also use a password generator to create an answer.
- Scan your device for malware: Hackers ultimately want your money. This means that they’ll often attempt to install keylogging software and other malware to discover your financial passwords.
- Check your account settings to see if anything has changed: Check your forward settings. Hackers sometimes alter this to forward copies of every email you get to themselves. This lets them watch for any messages that contain valuable login information. You should also check your signature to see if the hacker changed it to a spammy one that will continue to market their product even if you’ve locked them out. Next, examine your “reply to” address and make sure that it hasn’t been changed to one that is similar to yours. Finally, ensure that the hacker hasn’t turned on your auto-responder to act as a spam machine.
- Reclaim your account: If the hacker only used your account to send mass mailings to all of your contacts, consider yourself lucky. Often, hackers also change your password, thereby locking you out of your account. If this happens, you’ll need to reclaim your account. This usually involves clicking on “forgot password” and using your backup email address or answering your security questions.
What else you can do to protect your privacy
Whether you are the victim of an email hacking or are just concerned about protecting your personal information, it’s important to know what your options are. A quick and easy way to do this is to call ReputationDefender. We offer free consultations 24/7 to discuss your unique situation.
To learn more about online privacy, see the following articles:
- Top 5 social media privacy mistakes
- Why geotracking is a growing threat to online privacy
- How to remove yourself from the top people-search sites
- How to remove public records from the Internet in five steps
It’s easy to think that because we are using Google or some other secure email provider, we don’t have to protect our email privacy or worry about security features. But that’s the furthest thing from the truth. Digital privacy is everyone’s responsibility.
That’s why we’re here to help and provide as many free resources as possible—because we know it can be overwhelming and the consequences can be extreme if you don’t have the right information.
Bookmark this article and revisit it as much as you need to until you get your email privacy in order.
For a review of how your online privacy may be exposed, grab your free reputation report card. These resources will give you instant control over how you’re seen by others online, how it’s affecting your reputation, and how to get started improving your online privacy and your internet presence in general.