5 Useful Tips to Prevent Email Hacking

Tips to Prevent Email Hacking

Electronic mail is an incredibly useful communication method, but it does come with certain risks. In 2019, according to Verizon’s 2020 Data Breach Investigation Report, 94% of malware was delivered by email.

Email hacking in one form or another is an all-present danger, so it’s more than useful to know how to increase safety to mail accounts so it can’t be hacked and that’s exactly what this article is all about.

Can I Get Hacked by Opening an Email?

If you are afraid to even open an email for fear of getting hacked, let me put your mind to ease. You can’t get hacked by simply opening an email. 

Whatever email client you are using, whether it be Gmail, Outlook, Yahoo, CTemplar, ProtonMail, etc, no matter how unfamiliar the email client looks to you (or even suspicious), an email is nothing more than an HTML document, much like a web page. No harm can be done if you open it.

For instance, if you get an email like this:

spam email

Opening it won’t do any damage. 

However, should you click on the link there, that’s where you’re playing right into the hacker’s hands.

There are two main ways people get hacked via email. They either:

  1. Click on a malicious link, or
  2. Open an attachment.

By clicking on a link sent in an email message (like the one above), the unsuspecting email user will usually be sent to a website or web page under the hacker’s control. 

Once he has the victim here, the hacker will look to get as much personal and sensitive information about the user.

Depending on the cyberattacker’s motivations, they might go for different PII (personally identifying information) about their victim, such as:

  • Credit card numbers
  • Passwords
  • Social security number
  • Trading information
  • Bank account information
  • Intellectual property
  • Medical records

Each of these can be worth from a few dollars on the dark web (for SSN) to $1-2,000+ for medical records, according to Experian.

on the dark web
Img src: Experian

Another way you can be hacked through your email is by opening an attachment. Kaspersky points to four types of biggest malware-carrying files, which are:

  • ZIP and RAR archives
  • Microsoft Office docs (in particular .doc, .docx and to a lesser extend .xls .xlsx, .xlsm)
  • PDF files
  • ISO and IMG

What happens if you open an attachment like that?

Typically, these attachments will contain a hidden script that will then start running or downloading on your computer, which the hacker can then use to wreak all kinds of chaos, steal your personal info and more.

X Tips to Prevent Email Hacking

Prevention is usually the best form of protection, so here are 5 useful tips to prevent your email from being hacked:

  1. Avoid clicking on suspicious email links or opening and downloading attachments

We already talked about how anonymous hacker email can use links or attachments to hack your email, but the good news here is that these will be harmless as long as you don’t click on them. 

How do hackers get you to click? They might use different tactics, but in general, it all boils down to two: 

  • An enticing, “one-in-a-lifetime” offer, like “don’t miss this get-rich-quick opportunity”, or
  • Using scare tactics, such as claiming you are due with some payment or your taxes and that you’ll get sued if you don’t do it right away or using sextortion (claiming to have you on video watching porn).
  1. Limit the use of public WiFi

Yes, your plane got delayed and now you have to wait for two hours at the airport, so why not use the free WiFi? Well, there’s nothing wrong with that if all you’re going to do is browse the Internet. 

However, if you’re using the public WiFi to log in to your email or make online payments to your bank, you are becoming a target for a potential hacker nearby who is monitoring the unsecured traffic for someone to steal their information from.

  1. Use a strong password

Hackers will try to brute-force your email or other online passwords. Don’t make it easy on them by using easy passwords like “1234567890”, or “qwertyuiop”. 

TeamPassword evaluated the passwords people most often use and these are their top 50 worst passwords in 2019.

How should your password look like then? It’s best to avoid using your name, your spouse’s or your children’s names, or anything that might easily be connected to you. A password should be something easy for you to remember, but not for others to connect you with.

  1. Use a password manager

Of course, as you probably have dozens of online accounts and it’s hard to keep track of all the passwords, password managers like LastPass can be a useful tool in keeping track of them all.

Just keep in mind that a password manager too can be hacked, so make sure to use a strong master password and to update the service regularly.

  1. Use 2FA

Even the strongest password can be hacked. What you need is an additional layer of protection in “two-factor authentication” or 2FA. 

What does 2FA do? 

There are 3 types of 2FA:

  • Additional login credentials that only the account owner knows, like a security question (name of your first pet), PIN, etc.
  • Another device that the account holder owns, like a mobile phone. If 2FA is on, you’ll get an SMS message or security token whenever someone enters your login info.
  • Biometrics. These include fingerprints, iris, voice recognition and other biometrics that are unique to the account owner.

Keep in mind that even 2FA is not 100% secure and it can be bypassed as we already discussed in another blog post.

What to do When Email is Hacked?

Ultimately, people are fallible and despite all the precautions you take, a single misclick, a small lack of vigilance or plain old curiosity (maybe you actually might win that $100,000?) can lead to your email getting hacked.

What to do when email is hacked?

If you clicked or downloaded something in a suspicious email, there are three things that you should immediately do:

  1. Scan your device for malware and viruses

If you downloaded an attachment it’s possible that you also downloaded malware with it. To find it and remove it, use a malware scanner and removal program like Malwarebytes, AVG, Avira, or other.

  1. Check if your settings changed

In particular, look if your emails are being forwarded to an anonymous hacker email. If you’re using Gmail, you’ll find forwarding by going to: Settings > See all settings > Forwarding and POP/IMAP > Add a forwarding address. If you see an email address here that you don’t recognize or remember putting, be sure to delete it.

  1. Change your password.

 One of the first things hackers will do when they hack your email account is to change your password and that way deny you further access to your email. However, sometimes they won’t do that or they don’t do it on time, If that’s the case, you can use the “forgot password” link on the login page and set a new password.

Looking for an anonymous and encrypted email service? Try CTemplar Armored Email today.