7 Important Email Security Tips You Should Know About

Joel Lee 14-09-2012

email security tipsInternet security is a topic that we all know to be important, but it often sits way back in the recesses of our minds, fooling ourselves into believing that “it won’t happen to me”. Whether it’s the destructive force of the newest virus or just the hacking attempts of a newbie scriptkiddy, we’re always only one click away from dealing with a security mess that we’d rather not confront. Nowhere is this truer than in our emails.


Mat Honan wrote a fascinating article over at Wired about Internet security and about how he became a victim of various online security flaws. In it, he wrote, “[The] security lapses are my fault, and I deeply, deeply regret them”. He hits home on a very serious truth: in most of the cases where we face hiccups in security, we can trace the issue back to our own ignorance and negligence.

Safe online practices are important to keeping your online identity unadulterated and free from viruses, hackers, and all sorts of Internet-based shenanigans. And the best place to start? Your inbox.

Here are some simple yet important security tips you should know in order to keep your email account as secure as possible.

1. Use Separate Email Accounts

If you’re like most people, your email account is probably the centralized hub of your personal activity. All of your Facebook notifications, website registrations, newsletters, messages, etc. get sent to your email box, right? That means you’re putting all of your eggs in one basket – if that basket happens to fall, you’ll lose all your eggs with it.

In other words, if you bring all of your activity into a single email account, what happens when someone breaks into it? I’d say it’s plausible that they would gain access to everything else. This is why you should use multiple email accounts.

Having separate email accounts will not only help boost your security, but also your productivity. Imagine if you could consolidate all of your work emails into a single work account; all of your friends and family communicate with your personal account; you have a recreational account for various websites; and a throwaway account for potential spam links. This way, if someone hacks your work account, all of your personal emails are still safe.

2. Create A Unique Password

email security tips

Going along with the multiple account idea, you should also have an entirely unique password for each of your email accounts. Even if you decide to keep one “master” email account, make sure that its password is 100% unique.

Using one password for all of your accounts is a rookie-level mistake. Suppose someone did hack into your personal email and they see all of your incoming Facebook notifications, eBay reminders, and more. Any half-wit hacker will test those accounts with the same password as your email account–and in your case, they would succeed.

This is common advice, I know, but so many people still neglect it. Admittedly, for the longest time, I too used the same password for literally every account that I had. When one of my friends figured out my password (without messing with anything, thankfully), I knew it was time to wise up.

3. Beware Of Phishing Scams

When dealing with a particular company or product that requires account information, have you ever seen the following message: “Never give away your personal information. We will never ask you for your password.” When someone sends you an email asking you for your personal information, you know right away that it’s a trick.

But there’s another level to this scam and it’s called “phishing.” Basically, malicious users will imitate and impersonate high-profile websites (e.g., eBay, Amazon, Facebook, etc.) and say that they’re experiencing trouble with your account; all you have to do to fix it is to send them your username and password to verify your authenticity. Sometimes they’ll even link you to a false website that looks exactly like the real thing.

Be wary. In fact, whenever your personal information is ever brought up in a non-face-to-face capacity, your scam detector should go off loud and clear.

4. Never Click Links In Emails

email security

Phishing brings me to my next point. Whenever you see a link in an email, 99% of the time you should not click on it. The only exceptions are when you’re expecting a particular email, such as a forum registration link or game account activation email. Things like that.

If you receive a spam email that tries to sell you a particular service or product, never click on any of the links inside. You never know where they’ll lead you. Sometimes they might be safe; other times they’ll bring you straight to the doors of hell and swarm you with malware and viruses.

If you get an email from your bank or any other service (e.g., bill payments), always visit the website manually. No copy and paste. No direct clicking. You’ll thank yourself later.

5. Do Not Open Unsolicited Attachments

Attachments are a tricky thing when it comes to email. If you’re expecting something from a buddy or an uncle, then sure, go ahead and open the attachment. Have a laugh at the funny photo they sent you. It’s all good when you know the person sending the attachment.

But if the email is unsolicited, never open any attachments. Even if the file looks innocent, you could be in for a world of hurt. Filenames can be spoofed. JPEGs could be EXEs in disguise and those EXEs will run as soon as they’re downloaded. And then you’ll have a virus on your hands.

6. Scan For Viruses & Malware

email security tips

If you open an email and it seems suspicious in any way, go ahead and run a malware and virus scanner. Not every spam email will infect you with a virus and it may seem like overkill to run a malware scanner every time you open a fishy email, but it’s better to be safe than sorry. The one time that you decide to let it go could be the time your computer loads a keylogger.

7. Avoid Public Wi-Fi

And lastly, avoid checking your email when you’re on public Internet. Yes, I know that when you’re waiting for an airplane to reach your gate, it can be tempting to whip out your smartphone or laptop and check for new messages. Unfortunately, public Wi-Fi can be extremely insecure.

There are programs out there called “network sniffers” that run passively in the background of some hacker’s device. The sniffer monitors all of the wireless data flowing through a particular network – and that data can be analyzed for important information. Like your username and password.

It’s strange that as the years go by, security grows tighter in some ways and we remain just as vulnerable as we’ve always been in other ways. Email security comes down to common sense and careful decisions. Don’t let laziness and convenience overshadow your desire for protection and peace.

Image Credits: Email Key Via Shutterstock, Password Via Shutterstock, Phishing Via Shutterstock, Internet Scam Via Shutterstock

Explore more about: Email Tips, Phishing, Scams.

Whatsapp Pinterest

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Visible One HK
    October 17, 2018 at 11:02 am

    There's is no doubt that being knowledgeable in email security is important nowadays in order to protect oneself from cyber attacks. Thanks for sharing this great article. Keep it up!

  2. Web Design Agency Hong Kong
    October 17, 2018 at 11:00 am

    There's is no doubt that being knowledgeable in email security is important nowadays in order to protect oneself from cyber attacks. Thanks for sharing this great article. Keep it up!

  3. Nick
    May 24, 2016 at 9:54 am

    Very well written blog. Email security is indeed the need of the hour, With so much going on in the world of viruses, it has become important to save our emails as most of the businesses are dependant on emails. Talking about it, antivirus programs are helpful like Avast, Bitdefender, REVE Antivirus that helps in ensuring safety of computer, emails and web.

    • Joel Lee
      May 27, 2016 at 1:46 am

      Thanks Nick. You're absolutely right. Unfortunately a lot of people don't care enough to take the proper steps towards protecting themselves. :(

  4. Anonymous
    October 9, 2015 at 1:34 pm

    LOL.....ever since setting up my spamcop and KnuJon accounts,,,,,they get ALL of my spam...and my spam numbers have actually dropped significantly.....granted, a lot of it comes from nigeria and russia, etc....but yes, it is time consuming, forwarding it all to knujon and spamcop. but i feel it's paid off.......I may get 3 or 4 spam messages per day.......vs. the old 20+ per day.......also something that has helped me, is unsubscribing from all the old newsletters and forums I no longer use.......

  5. Roomy Naqvy
    December 14, 2012 at 6:25 pm

    Also, disable images in your email. Sometimes, scammers use embedded images in their emails to phish out your data.

  6. Altra Attestor
    October 15, 2012 at 11:42 am

    This helped me on the importance of email

  7. b7ddbfd4136c77f546943d6d644bb5f3
    October 8, 2012 at 10:23 pm

    I use a header tracker. My junk mail nearly always comes from a location I would never have contact with, Ukraine, India, Romania etc. This will show in the header. I use

  8. abdur jahangir
    October 6, 2012 at 7:30 am

    i have locked my id is there any guy who can help me.

  9. Srinivas N
    September 23, 2012 at 5:36 pm

    Always wondered how they're able to intrude in Public Wi-Fi..
    Thanx for that Network Sniffer stuff..i will be much happier to know how these Network Sniffers work actually a bit more technical..

  10. Kurt Decker
    September 20, 2012 at 1:17 am

    Fabulous! Thanks for drawing our attention to this. It's really "common sense".

  11. Pedro Wallie
    September 19, 2012 at 12:58 pm

    Thanks. You guys are gtreeeaat! I was not aware of a few tips presented here like the public Wi-Fi tip. Thanks.

  12. Kp Rao
    September 17, 2012 at 11:10 pm

    really I don't know before i read this article

  13. Dylan Brendan
    September 17, 2012 at 10:48 pm


  14. Nikhil Kulkarni
    September 17, 2012 at 1:38 pm

    Very Informative...:)

  15. Bav
    September 16, 2012 at 8:12 am

    I think having multiple email accounts unnecessarily complicate ones life.

    Gmail, for example, has two-step verification which requires the user to input a code sent via text each time they access their email account from a new device.

    I'm not sure why this kind of advanced security management hasn't been mentioned in the article. To me, that is a good way of securing your account.

    I agree with all the other advice. I like having one email account I use for everything - it allows me to keep a track of everything from one place. I suppose I could use mail forwarding and not have to worry about logging in elsewhere though... I just think it complicates things.

    • Scott
      September 16, 2012 at 12:28 pm

      FWIW, I recently read through Matt Cutt's blog post on 2FA. It generated a lot of discussion in the comments. Though the majority of the responders were in favor of it, there were some (more than I expected) who had negative things to say about it – not necessarily the functionality itself, but the fact that it was *Google* using it. (E.g. a comment by "Not Safe" toward the bottom of the page linked to an interesting article warning about giving away cell phone numbers).

      In case anyone's curious:

  16. Vince Radice
    September 15, 2012 at 9:04 pm

    This is one of the reasons I switched away from micro$oft to Linux. More stable (no BSOD). More secure. Free!!! I try to open attachments anyway. windows exes do not work in Linux.

  17. Roger Imai
    September 15, 2012 at 7:11 am

    I recently disregarded my own usual caution and discovered something interesting going on. What happened was I received a no-subject line email from my sister which contained a URL. It was total, moronic impulse that I clicked on it, and was taken to a page that described a lady supposedly in my locale making $3K+ a month from home simply by "posting links" and receiving per-click compensation, with an invitation to join the program. I closed the tabbed window, and searched for verification of this lady, and found listings of her name in several US locations, but nowhere near here.

    Oddly enough, the pages I saw looking for this person usually included a link to a "new" two-product skin treatment featuring "polymoist-ps" that claimed to restore a 20-years younger appearance to one's complexion. Each link told the same story with different people, and included visitor comments below, but when you try to add a skeptical comment, you get a "not available, try again later" message. The pages all had a Disclaimer at the bottom stating, "result may vary," one even stated that the page was loosely based on one user's claim and was "not to be taken as a non-fictional story." Another page stated that it was an advertisement, and facts were modified, including the comments posted.

    The scammer is operating as a corporation, at least one of which is called Consumer Products Daily. He's selling a link-posting "internet business" and putting up multiple testimonial pages for the the business investors to post. He get money from both the buyers of the internet business plans, and from the people trying the 2-product facial treatment -- which start cheap, but in the fine print, you're subscribing to a program that will cost several hundred dollars. You can cancel any time. But that's another story.

    This is promotion is a well conceived, complex scheme that is likely impossible to trace to the actual perpetrators. The internet business is a scam. The face cream combo is a scam. Both offers take your credit card and sign you into extended subscriptions that will charge your account repeatedly. Most people will not react quickly enough and will lose much more than they thought they were risking.

    About my clicking on the link. I am probably lucky that I run Linux and rogue programs may not run in the background without the operating system requesting explicit permission. Windows users without appropriate security may experience other symptoms, such as exposure of their e-mail contacts to unknown parties, and mail being sent to them without their knowledge. Anyone skeptical about the capabilities of online threats should Google "Stuxnet worm."

  18. venkatp16
    September 15, 2012 at 6:07 am

    Very useful info for beginneres..

  19. Mirza Rawal baig
    September 15, 2012 at 4:31 am

    Very Informative post, these are some necessary points everyone should knew

  20. Roger Caldwell
    September 14, 2012 at 10:25 pm

    Regarding 7. Avoid public WIFI. It mentions in particular checking email over public wifi. Is it still so dangerous if you are using SSL on your POP/SMTP/IMAP accounts?

  21. Edward Bellair
    September 14, 2012 at 7:14 pm

    Good points. To bad so many people don't follow this advice.

    • Joel Lee
      September 14, 2012 at 7:41 pm

      It is sad, yes. I live by the motto, "Better safe than sorry," but not many people do that anymore.

  22. GrrGrrr
    September 14, 2012 at 7:08 pm

    I follow almost all the tips you have mentioned.

    so far so good.

  23. Dave
    September 14, 2012 at 6:16 pm

    Re. previous: Should have read item five. It's my age, don'cha know!

  24. Dave
    September 14, 2012 at 6:14 pm

    Re. item seven:
    If you are definitely expecting something with an attachment from a known and trusted person, then I would imagine that this would be OK most of the time but I gather that address books can be hacked, so the mail could still look like it's from someone you know but, in reality, it could be loaded with malware.
    A program I have used almost from its inception is Mailwasher from Firetrust
    (This is not an advert and I have no affiliation to them, other than being a satisfied customer). Mails can be inspected whilst still on the server and either deleted or then downloaded to your e-mail client if you're happy that they are legit. There is a "bounce" feature but I imagine this would be of limited use these days. Very useful for keeping nasties out of your local inbox.

  25. B
    September 14, 2012 at 6:07 pm

    You wrote, "Avoid Public Wi-Fi". Instead, teach users about VPN.

    • Joel Lee
      September 14, 2012 at 7:41 pm

      Learning the ins-and-outs of VPN usage would require a separate article unto itself! But yes, VPN is a way to add another layer of security (not just for emails, but Internet activity in general).

  26. Jim Spencer
    September 14, 2012 at 5:21 pm

    Great article, or posting! I follow these guidelines pretty close to the letter, however, I have a question! The reason I am reading this article is because I clicked on the link in my makeuseof email to get to this page! Was that still a bad practice? I have an excellent AV with BitTorrent, which scans every piece of mail, web based or not!

    • Joel Lee
      September 14, 2012 at 7:40 pm

      Scammers can quite easily impersonate big websites (for example, there are tons of scam emails going around that falsely claim to be from Blizzard Entertainment), so there is still a bit of risk involved when clicking links--even if it seems legit. The best practice would be manual URL typing, but it's up to you if the inconvenience is worth the trade-off for security. :)

      (Personally, I do click links in emails that I'm expecting. But if it's an unsolicited email, I'm immediately suspicious.)

  27. AP
    September 14, 2012 at 5:03 pm

    Wise advice , a bit hazzaled because it's difficult to give away old habits but try to follow it.

  28. Michael Cook
    September 14, 2012 at 3:55 pm

    These are some great pointers and I unknowingly use them myself.

  29. Jamie
    September 14, 2012 at 3:46 pm

    Matt Honan's article also said that what happened to him wouldn't have happened if he'd used Google's 2-Step Verification. It's as unobtrusive as is possible (I think). You either use their Authenticator application or you get a text every time you log in to your account from an unknown computer. Not only does this increase security, but you get a heads up if someone's trying to access your account.

    • Scott
      September 14, 2012 at 4:31 pm

      Yes, considering the nightmare that one goes through to recover a stolen (free) email account (think: Gmail, Yahoo, Hotmail/Outlook), the more these services can do to implement preventative security features, the better ! :-)

  30. Petey Pabler
    September 14, 2012 at 3:06 pm

    Some quick comments I have are; Any link in an email is underlined and highlighted (usually blue depending on your theme). You can hover over the link with your mouse pointer and see where the link will take you. It could say in the email, but when you hover over it with the mouse pointer it could say [Broken URL Removed]. That is one way to verify the link.
    Another way to check (for attachments and URLs) is to copy the link or the attachment in question and upload them to They scan and report all URLs and attachments securely and privately using all antivirus engines. Totally worth checking out even if you typically trust the source.

    • Joel Lee
      September 14, 2012 at 7:37 pm

      Great suggestions. Some scammers will use very similar URLs (.com vs. .net, for example) so you must be absolutely cautious when you scan URLs like that.

  31. Scott
    September 14, 2012 at 12:21 pm

    Joel said (under the first point), "In other words, if you bring all of your activity into a single email account, what happens when someone breaks into it? I’d say it’s plausible that they would gain access to everything else. This is why you should use multiple email accounts."

    This great advice complements results seen in the recent article "How Do You Use Email ?".

    With so many people seeming to prefer using webmail these days, they would seem to be making themselves vulnerable to the concern you raise above when using a webmail account to manage any/all others. That is, no matter how many separate accounts people have set up for various things, *if* they have even one online account being used as a 'managing account' (as many people do seem to use their Gmail account for), then THAT account, as you note, is a prime target for all the information in the other accounts. And, consequently, it would seem to lessen – but not completely eliminate – the advantage of having these multiple accounts to begin with. (Am I misunderstanding any of this ?)

    IOW, *if* one is going to take your advice to use multiple accounts as an email security layer, then to complete the picture, IDEALLY one should also (a) check each account *separately* while online, and (b) use an *offline* client, instead of a webmail account, when one wants to do any managing of all accounts in *one* interface. No ?

    • Joel Lee
      September 14, 2012 at 7:37 pm

      You've understood the concept correctly!

      Offline clients can make it easier to manage multiple accounts, but I don't think they are inherently safer. The two main ways that an offline client can be "hacked" are: 1) physical access to the computer, and 2) packet sniffing. In either case, if one account is compromised, all of them will be.

      Accessing each account separately may increase security a bit, but I have a feeling most people would gladly trade that bit of security in exchange for convenience. :(

  32. Shakirah Faleh Lai
    September 14, 2012 at 11:06 am

    I do use some separate account for different task but at the end I forgot the username of some account that I don't use regularly.

    September 14, 2012 at 11:00 am

    Fair comments and tips.

    Regarding "2. Create A Unique Password" - we all know that this can be painful. It is hard to memorize more than one password and that's why a lot of users end up using the same password in a lot of web sites. Here is a way to overcome this problem:

    • Joel Lee
      September 14, 2012 at 7:33 pm

      Wow, that's really neat! Extremely useful and easy-to-memorize way to create unique passwords for each site. I'm going to try it out.

    • Stonedreamer
      September 17, 2012 at 9:26 am

      OMG... That is a really smart way to actually use only one password. Great work Konou - I will pass your little trick along to my friends :))

  34. Ahmed Khalil
    September 14, 2012 at 9:53 am

    all of us know these advises but still act like we do not hear about it, and when the problem happen their will be no way back

    • Joel Lee
      September 14, 2012 at 7:32 pm

      That's the problem. People tend to ignore advice until it's too late, unfortunately.

  35. Faisal Ahmed
    September 14, 2012 at 6:16 am

    hmm...I have to re-activate my yahoo account (quite boring)...

  36. xbalesx
    September 14, 2012 at 4:03 am

    Great things to always be aware of and currently I have 4 throw away email accounts.

    • Joel Lee
      September 14, 2012 at 7:32 pm

      Throwaway email accounts are so useful. Nice!

  37. Hafid Aid
    September 14, 2012 at 2:35 am

    These are the bases that everyone should do! haf4fb[at]gmail[dot]com is for what it stands for :D