While pretty much everyone uses email as a primary mode of communication today, many are unknowingly putting their employers, loved ones and themselves at risk of cyberattack. From corporate leaks and phishing scams to identity theft and ransomware, there is a lot of potential danger lurking in your inbox.
Here are eight tips to ensure you don’t fall victim to email infiltration.
1. If it looks sketchy, don’t open it
Curiosity is often a hacker’s greatest weapon, as they typically use enticing email subject lines to lure their victims into opening dangerous files. If you receive an email from an unknown source, it’s probably best to send it to spam and move on, no matter the subject line.
2. Be suspicious of links and attachments
Hackers will often send viruses and malware through email attachments, and all they have to do to infect your entire network is convince you to open them. If emails from strangers are a Trojan horse, the attachments are the soldiers hiding within.
If you receive an email from a stranger, try not to open it. If you can’t avoid opening it, certainly don’t click on any links or attachments.
3. Don’t send sensitive information over email, even to loved ones
While malicious attacks from strangers are always of concern, sending sensitive information — even to a friend or colleague — could put you at equal risk.
That’s because once an email is written, there really is no way to be sure it doesn’t get forwarded, copied or land in the inbox of a hacked account. Sensitive information such as passwords, account numbers or social insurance numbers should never be sent via email, even to friends and family.
4. Don’t automatically trust emails that look official
Hackers have gotten very good at replicating official-looking emails purporting to be from highly reputable institutions in order to request sensitive information.
Such institutions, however, tend to avoid requesting sensitive information via email at all costs. Instead, they typically ask you to go to their website to complete an action or provide information.
If you receive an official-looking email requesting sensitive information via email, get in touch with the institution using other means aside from email to confirm its authenticity.
5. Be on alert during the holiday season
Malicious email attacks often spike during the holiday season, as it’s the busiest time for online sales and deliveries. As a result, it’s important to be on high alert this time of year.
For example, hackers have been known to send emails that appear to be from shipping companies saying they need some additional information to complete a delivery. The scam is more successful during the holiday season when people are more likely to be expecting a delivery or have reason to believe someone sent them something unannounced.
You can test the email’s authenticity by going to the shipping or courier service’s website, signing in and completing the request there.
6. When in doubt, call to confirm
Even when a colleague, relative or friend asks you for sensitive information, it’s always more secure to provide that information over the phone, rather than writing it down.
Furthermore, should a bank, delivery service or other trusted institution request personal or sensitive information, it’s always best to call and confirm that they were, in fact, the senders of the request.
7. Change your password often
No matter how well you follow the above best practices, it’s important to change your email password at least every 60 days. A combination of letters, numbers and other characters in random order is the most secure while using names (including company names), dates and phone numbers are considered less safe.
Avoid sharing your password with anyone or storing it anywhere on your computer or mobile device, and be sure to use a unique password for your email that you haven’t already used elsewhere.
8. Use two-step verification
In order to add another layer of security, it’s recommended to use two-step verification. By doing so your email provider can use your mobile device as an added layer of security.
They typically do this by sending a text message with a password or code to ensure that whoever is changing your security settings is also holding the smartphone affiliated with that account. This makes it difficult for anyone to change your security settings, even if they manage to get a hold of your password.