Today’s world seems like a safe place to be, but this holds true only until you think of online crime rates. A single look at recent online security stats is enough to help you realize the myriad of risks you take simply checking your email.
Online Crime Thrives
As technologies evolve, new security concerns emerge and we have no choice but to address them. What kind of concerns? Consider online security broadly, including email security, social media security, financial security, etc.
Furthermore, despite the historic focus of hackers on governments and corporations, their gaze is gradually shifting towards individuals.
Yes, you got it right. Hackers want your sensitive data, not the data of the company you work for. For you this means one thing: it’s time to enhance your online security. We encourage you to start with improving your email security. Keep reading to find out how and why.
Email (in)Security Explained
As we’ve already mentioned in our guide to online security, email is the most common channel for spreading malware and spam today. If you are wondering what makes email such a popular starting place for hackers, think of the wealth of personal information and identity attributes you store in your inbox.
The good news is that you can keep your email confidential by educating yourself and following some simple steps.
The Most Common Threats to Email Security
Email security dangers are as common as they are diverse. Some threats like spam or malware are almost like buzzwords now, while others like ransomware or spoofing might require some explanation. Below you’ll find a list of the most popular email security dangers explained in plain English.
What is it?
An attempt to gain unauthorized access to your computer.
Email Hacking: Best Example
The Yahoo hack of 2013 is known as the biggest data breach in history, and it’s also the biggest email hacking case out there. Around 3 billion user accounts were affected and personal data such as names, telephone numbers, hashed passwords, dates of birth, and security questions with answers were stolen.
What is it?
An unsolicited and unwanted email sent to a large number of recipients whose email addresses have been gathered from the Internet.
Email Spam: Best Example
The biggest-ever spam list was found on a so-called ‘’spambot’ server in the Netherlands in August 2017. The list contained a shocking 711 million emails with passwords.
What is it?
A falsification of an email header to make the email look as if it’s come from someone other than the real sender.
Email Spoofing: Best Example
On May 4, 2017, the FBI revealed the details of a $5 billion email spoofing scam. Victims received emails that looked like they were sent from business suppliers or corporate executives who would normally request payments from the email recipients. As a result, about one in four victims responded by wiring the requested money to fraudsters.
What is it?
An attempt to obtain sensitive data like passwords or credit card details by disguising fraudulent senders as trustworthy and legitimate entities.
Email Phishing: Best Example
Well, this one is ironic and proves that even top tech companies are not immune from online scams. An investigation conducted by Fortune revealed that Google and Facebook were tricked by a hacker into paying him more than $100 million because of email phishing tactics.
Man-in-the-middle Email Hack
What is it?
An email attack occurring when a hacker convinces legitimate parties involved in an email communication that they’re talking to each other when they are not in actuality.
Man-in-the-middle Email Hack: Best Example
More than 49 people were arrested on suspicion of intercepting payment requests from emails via a man-in-the-middle fraud scheme. According to Europol, the suspects were busted in raids that occurred simultaneously in Spain, Italy, Poland, Belgium, Georgia, and the UK.
What is it?
The distribution of various types of malicious software such as viruses, spyware, and Trojans via email attachments.
Email Malware: Best Example
One of the most destructive cases of email malware dates back to 2003 and is known by the name SoBig.F Warm. Malware entered devices via email, and it was programmed to search the infected computer for other email addresses and send the same infected email to all the addresses found. The malware caused nearly $37.1 billion in damages and was called one of the most costly viruses of all times.
What is it?
A type of attack that threatens to reveal one’s personal data or blocks access to it indefinitely unless a ransom is paid.
Email Ransomware: Best Example
This August, a huge ransomware attack, Locky, unleashed 23 million emails in just 24 hours. The victims of the Locky attack received emails with short subject lines saying general things like ‘print this’ or ‘download it here’. Those who opened the infected email lost access to their files and were asked to pay .5 Bitcoin to regain it.
By now you are familiar with most common email security threats, and it is time to discuss measures you may (and should) take to enhance the security of your email communication.
Essential Email Security Tips
It’s important to take action to protect your data. Learn and make use of security tips that will ensure your email safety.
Use Strong Passwords
Choosing a hack-proof email password is one of the easiest and most effective security measures out there. By simply choosing a strong password, you significantly decrease the risk of having your email account hacked.
The tricky part about passwords is that they should be easy to remember but difficult to guess. Here’s what you need to know about how to create a strong password. The great news is that there’s no need to over-complicate fantastic password security.
In nearly all the cases, following these do’s and dont’s will be enough:
- DO use passwords of at least 8 characters.
- DO mix lowercase and uppercase letters.
- DO use both letters and numbers.
- DON’T use your username, full name.
- DON’T use password clichés.
- DON’T use the same password for more than 6 months.
Apart from everything above, rely on common sense.
In regards to password security, this means not saving your passwords on devices other than your own, avoid writing your passwords down or telling them anyone, as well as trying not to use the same password for all accounts you have.
Don’t Open Emails from Strangers
People who tend to open every single email in their inbox are at greater risk of having their email account hacked.
This measure is as simple as it seems: do not open emails from people you don’t know, just don’t.
If you have opened one unintentionally, never download attachments or follow links.
Opt for Two-Factor Authentication
If you mistakenly believe that two-factor authentication is something only paranoid people do, it’s time to change your mind.
As top security analyst, Neil J. Rubenking, has explained there are three factors of authentication out there:
- something you know (password, answers to security questions),
- something you have (a cell phone or a hardware token), and
- something you are (your fingerprint).
When we’re talking about a two-factor authentication, what we basically mean is that the system is using two out of three options to protect your security.
In the case of email, two-factor authentication is usually about using a password and a simple numeric code sent to your phone. To enable two-factor authentication, you should go to your email account settings, click on the security section and opt for two-step/two-factor notification.
Consider Using Encryption
Getting serious about securing your email communication? You should think about using email encryption.
Don’t be scared by the way it sounds.
Encryption might be hard to understand from the technical point of view, but just like with cars or smartphones, you don’t need to know how things work from the inside to benefit from using them.
Simply put, there are two keys you have. One of them is private, the other is public. If someone wants to send you an encrypted email, they will have to use your Public Key to encrypt the message they’re sending. To decrypt the email (read: see the original content of the email), you will have to use your Private Key. You can also use your Private Key for digitally ‘signing’ your email so that your recipient will have no doubts the message is from you.
With encryption, your emails will look like nonsense for hackers unless they somehow gain access to your private key (highly unlikely).
Think Twice About Listing Your Email Publicly
Another amazingly simple rule you should follow is not putting your email on publicly available documents like press releases, printed materials such as your business cards, etc. The cold truth is that each time you make your email address visible to the public, the risk of your account to be compromised, stolen, or accessed without your permission increases.
Data protection is vital, especially when it comes to personal, sensitive data that is usually shared via email. Remember that an ounce of prevention is worth a pound of cure. You should protect your email account from hackers the same way you’d protect your heirloom watch or brand new smartphone—diligently and consistently.