Email is a useful and essential tool. Unfortunately the very things that make email great also make it a priority target. Luckily there are a few basic steps you can take to help safeguard your inbox. Knowledge is power, so let’s first explore some ways that email is attacked.
Spoofing is the first thing to keep an eye out for, as the other attack methods usually build off of this. Spoofing involves scammers masking their email address as someone’s email that you may be more likely to open, such as a friend, family member, or your bank.
Phishing is a method of tricking you into giving up personal information. You may get spam or a spoofed email from what looks like your bank asking you to click a link to verify your email and password. That link usually leads to a scammer’s computer.
Malware Distribution involves putting harmful files into in an attachment, link, or even in the body of the email itself. This email tries to entice you to click a link or download a file, which actually installs a virus.
Hijacking email accounts is another tactic. This can cause huge problems, as the scammers have all your emails and contacts. They can send out phishing messages to all your contacts posed as you. Passwords get hijacked in a few ways; such as phishing, keyloggers, or brute force attacks that attempt all possible words and common combinations.
Now that you know some basic attacks, here are
10 simple tips you can take to help protect yourself:
1) For any web-based email like Gmail and Hotmail: if you are ever unsure of who sent an email, even if it looks like your bank or someone you know, simply
hover your mouse over the sender’s name in your inbox (don’t click!) to see the true email address. This can help you find spoofed emails.
2) Always have anti-virus and anti-malware software installed and up to date. Free options include AVG and Malwarebytes.
3) Use a separate email to sign up for newsletters, social media, subscriptions, etc.
Keep your main email only for personal and financial use. Never give it out.
Many websites routinely sell their email lists, so having a separate email protects your real information.
“With a minimum of effort, you can exponentially increase your odds of avoiding the hassle and stress that an email hack can bring.”
4) Avoid accessing accounts over public wi-fi. Hackers can look at traffic in public wi-fi to see any account information. Also, avoid using public computers to access accounts.
5) Make your password complicated. Mix in upper case, lower case, numbers, and symbols. This helps with brute force attacks. Use different passwords for different accounts so if one gets compromised, your other accounts are safe.
6) Enable two-factor authentication whenever possible (such as offered with Gmail).
If you try accessing your email from a new computer or device, you will be sent a text with a code to enter to confirm your identity. The scammers will not receive that code, so they won’t be able to log into your account.
7) Never click on links or download attachments unless you are certain they are safe. If you have any doubt, confirm with the sender.
8) Never click on links in emails from banks or online shops. If you receive anything from a bank or online store asking for information, go to the website directly. If there is a legitimate message you can find it there.
9) Do not open spam or unfamiliar emails.
10) Never click on pop-up boxes in websites. Just close it.
With a minimum of effort, you can exponentially increase your odds of avoiding the hassle and stress that an email hack can bring.
If your email is compromised you should take these steps immediately to help mitigate any damage:
1) Change your password.
2) Check your sent folder to see any emails that were sent in your name.
3) Warn your contacts list.
4) Run a virus scan.
5) Watch your email and sent folder after changing your password.
6) Report the incident to your email provider, which can log the attack and may provide more details.
Shawn Hanna is NVAR’s Director of Technology Initiatives