Your Email Inbox: The Weakest Link?

Your Email Inbox: The Weakest Link?

EmailAdvancements in technology have revolutionized how we live and communicate, with few technologies dominating more of our daily life than email. The convenience and ubiquity of email, however, has a dark side: as more of our personal and financial information finds its way to our email inbox, it becomes an irresistible target to hackers and identity thieves. It is only with prudence and the diligent application of good email “hygiene” that we can keep the hackers at bay. To that end, we here offer tips for practicing safe email hygiene, as well as a plan of action for dealing with a compromised email account.

 

Practice Safe Email Hygiene

  • Be sure the passwords attached to your accounts follow these best practices:
    -Employ a mixture of letters, numbers, and special characters
    -Do not use actual words
    -Avoid patterns that would be easy to identify such as birthdays or names of family members
  • Set up two-step account verification – this means no computer or device can access your email without first being authorized by entering a code sent to your cell phone.
  • If something seems strange or out of the ordinary, trust your instinct and take a closer look at the email you received.
  • Double check the sender’s email address as hackers will use familiar names in the address line and body of the email but have a strange email address listed as the sender. For example, if an email address is johndoe@gmail.com, they may modify it to johndoe1@gmail.com, johndo@gmail.com, or some other similar variation hoping you won’t notice the minor change.
  • ALWAYS hover over a link before clicking and read the website address. If it doesn’t make sense (isn’t clearly about what it is meant to be about), don’t click on it and contact the sender to see if they are legitimate. Even something as seemingly innocent as clicking on a link can unleash evil stuff onto your computer and onto your network.
  • Do not save important information (Social Security Number, passwords, date of birth, etc.) via email. Emails don’t get intercepted, accounts get hacked. They will find it in your inbox. If you must send information via email, make sure to delete the message from your sent folder and trash folder, or from your inbox and trash folder if you are the recipient. Ideally, it would be best to either password protect a document that has this information or transmit the information verbally so there is no written record to potentially be hijacked.
  • Many of us check our email on devices other than our computer, such as our cell phones, iPads, tablets, etc. Protect these devices by setting up a passcode and selecting the option to have the devices’s memory erased if too many attempts are made with the wrong code. If you’re using Apple products, be sure to activate “find my iPhone,” which will allow you to remotely erase the memory of lost iPhones and iPads.
  • Have a list of your contacts saved to another email account or other storage device that you can access easily. If you are ever locked out of your email account by a hacker, this list can be a good back up for the information you will need so you can notify your network about the breach immediately.

What To Do If Your Email Account Has Been Compromised

  • Change your password IMMEDIATELY.
  • Search your sent folder to see who the hacker may have contacted. In some instances the hacker may have deleted the emails they sent, so search your trash folder as well.
  • Send an email to your contacts telling them that they should not act on any requests for money or private information and that you either have regained control of your email or will be switching to a different email soon.
  • If you decide to change your email or are locked out of it, update any accounts that had your old email address listed as a login ID or for electronic correspondence.
  • If you are concerned the hacker may have gained access to your financial details, sign up for a credit monitoring service with TransUnion, Experian, Equifax, and/or IdentityForce.

Other Resources

How To Guard Against Identity Theft
Learn about the different types of identity theft, how hackers get your information, and how to protect yourself

Staying Safe in the Technology Age
Review Schwab’s Security Guarantee and Yeske Buie’s Security Policies

Live Big® Digest – Housekeeping Edition – Cloud Hygiene
James Fallows wrote an interesting article in the November 2011 issue of The Atlantic (“Hacked”),  in which he relates the experience he and his wife had when her Gmail account was hacked