Keeping Your Email Safe & Secure

Email is ubiquitous. We use it at work and at home. Many of us have multiple email addresses. It’s no wonder that spammers and attackers see it as a great avenue for their attacks.

Here are some basic tips for keeping your email (and computer) safe and secure:

• Don’t ever send sensitive or private information. Email is typically transmitted “in the clear”, that is, without any encryption. Compare it to a postcard sent through the mail, where a casual observer can easily read the message. You should never send credit card information or sensitive information through email — use the phone or a secure website instead. Even if you use an encrypted connection to send and receive email, there is no guarantee that the email is stored in an encrypted format. If you must send sensitive information through email, then you need to use end-to-end encryption such as PGP or S/MIME, which is unfortunately too complicated for most users. And, of course, you have to trust the person on the other side (and yourself) to not let the computer become infected with a virus or be stolen, making the emails easily available.
• Be wary of unexpected attachments. Most people will be on their guard if they receive emails from strangers. But you should also be suspicious of unexpected attachments from people and organizations you know. It’s easy for viruses and spammers to send emails posing as someone else. If you receive an email from a friend or family member that doesn’t read like their normal writing, you should proceed with caution. Use a good anti-virus program with email scanning capability.
• Be wary of urgent messages with links. “Phishing” emails are messages from scammers that are posing as your bank or other trusted organization. Usually it tells you to take urgent action because of an emergency, or because your account or service will be canceled. Clicking on links in the email take you to a facsimile of the real website, but is actually run by the scammer. Real companies will never ask you to send credit card information or password through email. If there is an urgent situation, they will usually call you. If you are not sure about the authenticity of an email, type the website address into your browser directly and login to your account from there, or call them.
• Don’t make any business or financial decisions based on what strangers emailed you. This may seem like common sense, but an enticing or convincing message can sway even the cynical. Don’t buy stuff that was mentioned or offered in an email. Don’t give anyone your bank or account information. It’s always a scam.
• Restrict publication of your email address. This is obviously tricky to do, since you need to tell people how they can email you. The problem is when your email gets published on a website — whether it’s your company website, a social network, or anywhere else — then spammers can find it and add you to their lists. Well-made websites should protect their email addresses from the spam robots, but even then it’s not bulletproof. Show some restraint when giving out your email address; some people keep a personal email that they only give out to friends, family, and colleagues, and use a free throwaway email address for e-commerce and other sites.
• Don’t unsubscribe…sometimes. The U.S. CAN-SPAM law requires legitimate businesses to include their physical address in their email newsletters and to honor unsubscribe requests quickly. If the email has an address at the bottom and appears to be a legitimate newsletter that you may have signed up for (or been signed up for), then you might be safe clicking that “unsubscribe” link. However, spammers can also add an “unsubscribe” link that does nothing but confirm your email address. Sometimes the simplest thing to do is simply blacklist or delete the emails.
• Use a good email program, whether it’s a desktop app like Outlook, Thunderbird, or Apple Mail, or a website like Hotmail or Gmail. It should offer basic protections against malicious emails, such as blocking attachments and showing warnings if a message is potentially harmful.
• If you think your email account has been compromised, contact your email provider. Let your email provider know if you notice any suspicious activity with your account.