7 Important Email Security Tips You Should Know About

Email Security Tips Intro   7 Important Email Security Tips You Should Know AboutInternet security is a topic that we all know to be important, but it often sits way back in the recesses of our minds, fooling ourselves into believing that “it won’t happen to me”. Whether it’s the destructive force of the newest virus or just the hacking attempts of a newbie scriptkiddy, we’re always only one click away from dealing with a security mess that we’d rather not confront. Nowhere is this truer than in our emails.

Mat Honan wrote a fascinating article over at Wired about Internet security and about how he became a victim of various online security flaws. In it, he wrote, “[The] security lapses are my fault, and I deeply, deeply regret them”. He hits home on a very serious truth: in most of the cases where we face hiccups in security, we can trace the issue back to our own ignorance and negligence.

Safe online practices are important to keeping your online identity unadulterated and free from viruses, hackers, and all sorts of Internet-based shenanigans. And the best place to start? Your inbox.

Here are some simple yet important security tips you should know in order to keep your email account as secure as possible.

1. Use Separate Email Accounts

If you’re like most people, your email account is probably the centralized hub of your personal activity. All of your Facebook notifications, website registrations, newsletters, messages, etc. get sent to your email box, right? That means you’re putting all of your eggs in one basket – if that basket happens to fall, you’ll lose all your eggs with it.

In other words, if you bring all of your activity into a single email account, what happens when someone breaks into it? I’d say it’s plausible that they would gain access to everything else. This is why you should use multiple email accounts.

Having separate email accounts will not only help boost your security, but also your productivity. Imagine if you could consolidate all of your work emails into a single work account; all of your friends and family communicate with your personal account; you have a recreational account for various websites; and a throwaway account for potential spam links. This way, if someone hacks your work account, all of your personal emails are still safe.

2. Create A Unique Password

email security password   7 Important Email Security Tips You Should Know About

Going along with the multiple account idea, you should also have an entirely unique password for each of your email accounts. Even if you decide to keep one “master” email account, make sure that its password is 100% unique.

Using one password for all of your accounts is a rookie-level mistake. Suppose someone did hack into your personal email and they see all of your incoming Facebook notifications, eBay reminders, and more. Any half-wit hacker will test those accounts with the same password as your email account–and in your case, they would succeed.

This is common advice, I know, but so many people still neglect it. Admittedly, for the longest time, I too used the same password for literally every account that I had. When one of my friends figured out my password (without messing with anything, thankfully), I knew it was time to wise up.

3. Beware Of Phishing Scams

When dealing with a particular company or product that requires account information, have you ever seen the following message: “Never give away your personal information. We will never ask you for your password.” When someone sends you an email asking you for your personal information, you know right away that it’s a trick.

But there’s another level to this scam and it’s called “phishing.” Basically, malicious users will imitate and impersonate high-profile websites (e.g., eBay, Amazon, Facebook, etc.) and say that they’re experiencing trouble with your account; all you have to do to fix it is to send them your username and password to verify your authenticity. Sometimes they’ll even link you to a false website that looks exactly like the real thing.

Be wary. In fact, whenever your personal information is ever brought up in a non-face-to-face capacity, your scam detector should go off loud and clear.

4. Never Click Links In Emails

email security phishing   7 Important Email Security Tips You Should Know About

Phishing brings me to my next point. Whenever you see a link in an email, 99% of the time you should not click on it. The only exceptions are when you’re expecting a particular email, such as a forum registration link or game account activation email. Things like that.

If you receive a spam email that tries to sell you a particular service or product, never click on any of the links inside. You never know where they’ll lead you. Sometimes they might be safe; other times they’ll bring you straight to the doors of hell and swarm you with malware and viruses.

If you get an email from your bank or any other service (e.g., bill payments), always visit the website manually. No copy and paste. No direct clicking. You’ll thank yourself later.

5. Do Not Open Unsolicited Attachments

Attachments are a tricky thing when it comes to email. If you’re expecting something from a buddy or an uncle, then sure, go ahead and open the attachment. Have a laugh at the funny photo they sent you. It’s all good when you know the person sending the attachment.

But if the email is unsolicited, never open any attachments. Even if the file looks innocent, you could be in for a world of hurt. Filenames can be spoofed. JPEGs could be EXEs in disguise and those EXEs will run as soon as they’re downloaded. And then you’ll have a virus on your hands.

6. Scan For Viruses & Malware

email security scam   7 Important Email Security Tips You Should Know About

If you open an email and it seems suspicious in any way, go ahead and run a malware and virus scanner. Not every spam email will infect you with a virus and it may seem like overkill to run a malware scanner every time you open a fishy email, but it’s better to be safe than sorry. The one time that you decide to let it go could be the time your computer loads a keylogger.

7. Avoid Public Wi-Fi

And lastly, avoid checking your email when you’re on public Internet. Yes, I know that when you’re waiting for an airplane to reach your gate, it can be tempting to whip out your smartphone or laptop and check for new messages. Unfortunately, public Wi-Fi can be extremely insecure.

There are programs out there called “network sniffers” that run passively in the background of some hacker’s device. The sniffer monitors all of the wireless data flowing through a particular network – and that data can be analyzed for important information. Like your username and password.

It’s strange that as the years go by, security grows tighter in some ways and we remain just as vulnerable as we’ve always been in other ways. Email security comes down to common sense and careful decisions. Don’t let laziness and convenience overshadow your desire for protection and peace.

Image Credits: Email Key Via Shutterstock, Password Via Shutterstock, Phishing Via Shutterstock, Internet Scam Via Shutterstock

The comments were closed because the article is more than 180 days old.

If you have any questions related to what's mentioned in the article or need help with any computer issue, ask it on MakeUseOf Answers—We and our community will be more than happy to help.

44 Comments -

0 votes

Hafid Aid

These are the bases that everyone should do! haf4fb[at]gmail[dot]com is for what it stands for :D

0 votes

xbalesx

Great things to always be aware of and currently I have 4 throw away email accounts.

0 votes

Joel Lee

Throwaway email accounts are so useful. Nice!

0 votes

Faisal Ahmed

hmm…I have to re-activate my yahoo account (quite boring)…

0 votes

Ahmed Khalil

all of us know these advises but still act like we do not hear about it, and when the problem happen their will be no way back

0 votes

Joel Lee

That’s the problem. People tend to ignore advice until it’s too late, unfortunately.

0 votes

konou.gr

Fair comments and tips.

Regarding “2. Create A Unique Password” – we all know that this can be painful. It is hard to memorize more than one password and that’s why a lot of users end up using the same password in a lot of web sites. Here is a way to overcome this problem: http://www.konou.gr/one-password-is-enough/

0 votes

Joel Lee

Wow, that’s really neat! Extremely useful and easy-to-memorize way to create unique passwords for each site. I’m going to try it out.

0 votes

Stonedreamer

OMG… That is a really smart way to actually use only one password. Great work Konou – I will pass your little trick along to my friends :))

0 votes

Shakirah Faleh Lai

I do use some separate account for different task but at the end I forgot the username of some account that I don’t use regularly.

0 votes

Scott

Joel said (under the first point), “In other words, if you bring all of your activity into a single email account, what happens when someone breaks into it? I’d say it’s plausible that they would gain access to everything else. This is why you should use multiple email accounts.”

This great advice complements results seen in the recent article “How Do You Use Email ?” (http://www.makeuseof.com/tag/email-makeuseof-poll/).

With so many people seeming to prefer using webmail these days, they would seem to be making themselves vulnerable to the concern you raise above when using a webmail account to manage any/all others. That is, no matter how many separate accounts people have set up for various things, *if* they have even one online account being used as a ‘managing account’ (as many people do seem to use their Gmail account for), then THAT account, as you note, is a prime target for all the information in the other accounts. And, consequently, it would seem to lessen – but not completely eliminate – the advantage of having these multiple accounts to begin with. (Am I misunderstanding any of this ?)

IOW, *if* one is going to take your advice to use multiple accounts as an email security layer, then to complete the picture, IDEALLY one should also (a) check each account *separately* while online, and (b) use an *offline* client, instead of a webmail account, when one wants to do any managing of all accounts in *one* interface. No ?

0 votes

Joel Lee

You’ve understood the concept correctly!

Offline clients can make it easier to manage multiple accounts, but I don’t think they are inherently safer. The two main ways that an offline client can be “hacked” are: 1) physical access to the computer, and 2) packet sniffing. In either case, if one account is compromised, all of them will be.

Accessing each account separately may increase security a bit, but I have a feeling most people would gladly trade that bit of security in exchange for convenience. :(

1 votes

Petey Pabler

Some quick comments I have are; Any link in an email is underlined and highlighted (usually blue depending on your theme). You can hover over the link with your mouse pointer and see where the link will take you. It could say http://www.facebook.com in the email, but when you hover over it with the mouse pointer it could say http://www.clickthislinkforavirus.com. That is one way to verify the link.
Another way to check (for attachments and URLs) is to copy the link or the attachment in question and upload them to https://www.virustotal.com/. They scan and report all URLs and attachments securely and privately using all antivirus engines. Totally worth checking out even if you typically trust the source.

0 votes

Joel Lee

Great suggestions. Some scammers will use very similar URLs (.com vs. .net, for example) so you must be absolutely cautious when you scan URLs like that.

1 votes

Jamie

Matt Honan’s article also said that what happened to him wouldn’t have happened if he’d used Google’s 2-Step Verification. It’s as unobtrusive as is possible (I think). You either use their Authenticator application or you get a text every time you log in to your account from an unknown computer. Not only does this increase security, but you get a heads up if someone’s trying to access your account.

0 votes

Scott

Yes, considering the nightmare that one goes through to recover a stolen (free) email account (think: Gmail, Yahoo, Hotmail/Outlook), the more these services can do to implement preventative security features, the better ! :-)

0 votes

Michael Cook

These are some great pointers and I unknowingly use them myself.

0 votes

AP

Wise advice , a bit hazzaled because it’s difficult to give away old habits but try to follow it.

0 votes

Jim Spencer

Great article, or posting! I follow these guidelines pretty close to the letter, however, I have a question! The reason I am reading this article is because I clicked on the link in my makeuseof email to get to this page! Was that still a bad practice? I have an excellent AV with BitTorrent, which scans every piece of mail, web based or not!

0 votes

Joel Lee

Scammers can quite easily impersonate big websites (for example, there are tons of scam emails going around that falsely claim to be from Blizzard Entertainment), so there is still a bit of risk involved when clicking links–even if it seems legit. The best practice would be manual URL typing, but it’s up to you if the inconvenience is worth the trade-off for security. :)

(Personally, I do click links in emails that I’m expecting. But if it’s an unsolicited email, I’m immediately suspicious.)

0 votes

B

You wrote, “Avoid Public Wi-Fi”. Instead, teach users about VPN.

0 votes

Joel Lee

Learning the ins-and-outs of VPN usage would require a separate article unto itself! But yes, VPN is a way to add another layer of security (not just for emails, but Internet activity in general).

0 votes

Dave

Re. item seven:
If you are definitely expecting something with an attachment from a known and trusted person, then I would imagine that this would be OK most of the time but I gather that address books can be hacked, so the mail could still look like it’s from someone you know but, in reality, it could be loaded with malware.
A program I have used almost from its inception is Mailwasher from Firetrust
http://www.firetrust.com/en/products/mailwasher-pro
(This is not an advert and I have no affiliation to them, other than being a satisfied customer). Mails can be inspected whilst still on the server and either deleted or then downloaded to your e-mail client if you’re happy that they are legit. There is a “bounce” feature but I imagine this would be of limited use these days. Very useful for keeping nasties out of your local inbox.

0 votes

Dave

Re. previous: Should have read item five. It’s my age, don’cha know!

0 votes

GrrGrrr

I follow almost all the tips you have mentioned.

so far so good.

0 votes

Edward Bellair

Good points. To bad so many people don’t follow this advice.

0 votes

Joel Lee

It is sad, yes. I live by the motto, “Better safe than sorry,” but not many people do that anymore.

0 votes

Roger Caldwell

Regarding 7. Avoid public WIFI. It mentions in particular checking email over public wifi. Is it still so dangerous if you are using SSL on your POP/SMTP/IMAP accounts?

0 votes

Mirza Rawal baig

Very Informative post, these are some necessary points everyone should knew

0 votes

venkatp16

Very useful info for beginneres..

1 votes

Roger Imai

I recently disregarded my own usual caution and discovered something interesting going on. What happened was I received a no-subject line email from my sister which contained a URL. It was total, moronic impulse that I clicked on it, and was taken to a page that described a lady supposedly in my locale making $3K+ a month from home simply by “posting links” and receiving per-click compensation, with an invitation to join the program. I closed the tabbed window, and searched for verification of this lady, and found listings of her name in several US locations, but nowhere near here.

Oddly enough, the pages I saw looking for this person usually included a link to a “new” two-product skin treatment featuring “polymoist-ps” that claimed to restore a 20-years younger appearance to one’s complexion. Each link told the same story with different people, and included visitor comments below, but when you try to add a skeptical comment, you get a “not available, try again later” message. The pages all had a Disclaimer at the bottom stating, “result may vary,” one even stated that the page was loosely based on one user’s claim and was “not to be taken as a non-fictional story.” Another page stated that it was an advertisement, and facts were modified, including the comments posted.

The scammer is operating as a corporation, at least one of which is called Consumer Products Daily. He’s selling a link-posting “internet business” and putting up multiple testimonial pages for the the business investors to post. He get money from both the buyers of the internet business plans, and from the people trying the 2-product facial treatment — which start cheap, but in the fine print, you’re subscribing to a program that will cost several hundred dollars. You can cancel any time. But that’s another story.

This is promotion is a well conceived, complex scheme that is likely impossible to trace to the actual perpetrators. The internet business is a scam. The face cream combo is a scam. Both offers take your credit card and sign you into extended subscriptions that will charge your account repeatedly. Most people will not react quickly enough and will lose much more than they thought they were risking.

About my clicking on the link. I am probably lucky that I run Linux and rogue programs may not run in the background without the operating system requesting explicit permission. Windows users without appropriate security may experience other symptoms, such as exposure of their e-mail contacts to unknown parties, and mail being sent to them without their knowledge. Anyone skeptical about the capabilities of online threats should Google “Stuxnet worm.”

0 votes

Vince Radice

This is one of the reasons I switched away from micro$oft to Linux. More stable (no BSOD). More secure. Free!!! I try to open attachments anyway. windows exes do not work in Linux.

0 votes

Bav

I think having multiple email accounts unnecessarily complicate ones life.

Gmail, for example, has two-step verification which requires the user to input a code sent via text each time they access their email account from a new device.

I’m not sure why this kind of advanced security management hasn’t been mentioned in the article. To me, that is a good way of securing your account.

I agree with all the other advice. I like having one email account I use for everything – it allows me to keep a track of everything from one place. I suppose I could use mail forwarding and not have to worry about logging in elsewhere though… I just think it complicates things.

0 votes

Scott

FWIW, I recently read through Matt Cutt’s blog post on 2FA. It generated a lot of discussion in the comments. Though the majority of the responders were in favor of it, there were some (more than I expected) who had negative things to say about it – not necessarily the functionality itself, but the fact that it was *Google* using it. (E.g. a comment by “Not Safe” toward the bottom of the page linked to an interesting article warning about giving away cell phone numbers).

In case anyone’s curious: http://www.mattcutts.com/blog/google-two-step-authentication/

0 votes

Nikhil Kulkarni

Very Informative…:)

0 votes

Dylan Brendan

Awesome!

0 votes

Kp Rao

really I don’t know before i read this article

0 votes

Pedro Wallie

Thanks. You guys are gtreeeaat! I was not aware of a few tips presented here like the public Wi-Fi tip. Thanks.

0 votes

Kurt Decker

Fabulous! Thanks for drawing our attention to this. It’s really “common sense”.

0 votes

Srinivas N

Always wondered how they’re able to intrude in Public Wi-Fi..
Thanx for that Network Sniffer stuff..i will be much happier to know how these Network Sniffers work actually a bit more technical..

0 votes

abdur jahangir

i have locked my id is there any guy who can help me.

0 votes

b7ddbfd4136c77f546943d6d644bb5f3

I use a header tracker. My junk mail nearly always comes from a location I would never have contact with, Ukraine, India, Romania etc. This will show in the header. I use
http://www.iptrackeronline.com/email-header-analysis.php

0 votes

Altra Attestor

This helped me on the importance of email

0 votes

Roomy Naqvy

Also, disable images in your email. Sometimes, scammers use embedded images in their emails to phish out your data.