Email hacks involving celebrities, government officials, and major corporations have become hot news topics, but have you ever thought about the damage an email attack could inflict upon your life?
Sure, you probably don’t think you’re a target since you don’t have millions of dollars in your bank account or the codes to launch nuclear war in your inbox.
But you’d be totally wrong.
Your email data is exactly the kind of prey hackers, advertisers, and employers are looking for.
The real kicker is that most people aren’t even aware that their emails are so vulnerable.
To protect your emails and learn what’s at stake, we take a further look at who’s really peeking in your inbox — and what you can do about it.
Come On, Who Really Wants My Emails?
According to Patrick Peterson, CEO of email security company Agari:
“Over the past several years, the cybersecurity market has grown exponentially — with new companies and products being launched every few months. Yet with all this industry focus, email attacks are continuing unabated, with growing impact.”
You may be surprised to learn who’s scanning the contents of your inbox. Typically, it’s:
Hackers can get into your account with the help of password stealing software and phishing emails, which appear like an email from one of your trusted vendors, such as your email provider, bank, or Netflix, but is actually fake.
Unfortunately, when you click the link in the email to log in to your account, you send your credentials directly to the hacker and not to that supposed company.
You probably think (and definitely hope) you’re better at recognizing phony emails, but when Intel conducted a phishing study, they noticed that “97% of computer users failed to identify all 10 out of 10 phishing emails as being illegitimate.”
Sure makes you wonder how many you may have missed.
Your Email Provider
It’s a common fact we all seem to forget: your email provider can see the full text and contents of all the emails you send and receive.
Gmail or Yahoo! crawlers, for instance, will search your emails for keywords and then display targeted ads that they hope connect with your email’s keywords, and thus you.
This is how these free services make their revenue; they make you the product and sell the data they compiled into your buyer/internet profile to whoever pays the most for it.
Whether you use them on your phone, web browsers, or social media platforms, malicious third party apps have been known to request access to your emails to scan and collect your data.
Your Current Employer
A survey from the American Management Association revealed that “at least 66 percent of U.S. companies monitor their employees’ internet use, 45 percent log keystrokes, and 43 percent track employee emails.”
Your company may enlist software to scan your company emails for keywords to make sure you’re not leaking private company data, talking to headhunters, or sharing disgruntled annoyances with your coworkers.
It’s an invasion of privacy, but you also shouldn’t be using your company email to do such things anyway.
Now that you know who has access to your emails, here’s what you can do about protection.
5 Security Measures to Keep Your Emails Private
Always Use Two-Factor Authentication
Most major email providers have hopped on the two-factor authentication train, so have you?
Basically, two-factor authentication means you’ll need more than a password to get into your email account. Two-factor authentication combines the first factor (your password) with another form of identification, such as a verification code sent via text message to your phone.
To access your email from a new computer, for example, you’ll need to log in with your username and password and then jump through this second identification hoop. This makes it a little bit harder for hackers just plugging in passwords to get inside.
Use Different Email Accounts for Different Purposes
If you’re using one email account for everything, a compromised account would literally shut down your life.
Instead, get into the habit of using different email accounts from various email providers for your activities. For example, sync one account with all of your social media sites and another for your online banking, a third for all your online purchases, etcetera.
By dispersing your information among several different providers and accounts, you’ll never give a hacker the complete picture of who you are. They’ll need to do a lot of snooping to find your trail of digital breadcrumbs. Just don’t link all the accounts together 🙂
Join a Virtual Personal Network (VPN)
We’ve discussed the dangers of open, unsecure networks, but the allure of free public wifi is kind of hard to resist when you’re standing in line at the coffee shop and you haven’t checked your email all morning.
If you travel a lot for work you may want to consider joining a VPN, which basically creates a secure network for all of your online work when you’re away from your secure network.
Simply log on to your VPN provider site with your credentials and let your computer exchange security keys with the VPN server. “Once both computers have verified each other as authentic, all of your internet communication is encrypted and secured from eavesdropping.”
Encrypt Your Emails
When you encrypt your email, the content is completely jumbled up so that anyone without a specific encryption key won’t be able to make any sense of it. That means even if someone tries to get into your account, your information will never be readable or compromised.
The most commonly used data encryption standard is OpenPGP, which stands for Pretty Good Privacy. Instead of keeping one decryption key and giving one to your contacts, as standard encryption goes, “PGP makes use of public-key encryption. One key (a public key) is used to encrypt the data and a separate key (the private key) is used to decrypt it.”
You can find free browser add-ons, plugins, and apps to encrypt your emails, but make sure to do your research. While these may offer encryption, they may be collecting other data or installing malware on your devices if they’re free, making them more trouble than they’re worth.
Windows users should check out Gpg4win, a free open-source file and email encryption software that’s free of malware threats. MAC users emailing with Apple Mail should take advantage of GPGMail, an open source plugin that encrypts, decrypts, signs, and verifies emails as part of GPGTools’ secure communication package.
Find a Better Email Client
Not every email client will scan your private messages.
Email providers with privacy in mind not only offer fully encrypted files and emails, but they also let you manage who has access to this information, who shares this data, and how long they can keep your messages (you can set your emails to self-destruct after a certain period of time).
When your emails are encrypted, providers literally can’t view your emails even if they tried, not even if they’re presented with a court order to show them.
Most of these services are located in privacy-protecting countries that value your wish for anonymity. They usually won’t ever store your metadata, user activity, or log your IP address.
Some of them will even give you other aliases to go by so you never have to give out your actual email address again.
Talk about private.
If a hacker worms their way into your email account and sees all the emails from the sites you visit, all it takes is a quick password reset to lock you out of your entire life.
If they don’t feel like messing with you personally, they can just sell your passwords on the dark web, where login credentials and credit card numbers are sold for under $5 a pop. Seriously.
It’s not the content of your emails that makes hacking so attractive for nefarious individuals — it’s stealing your identity. Your emails are connected to everyone you know, every business you exchange money with, and every trace of who you are on the internet.
Don’t let this become public knowledge now that you know what you’re up against.