Navigation
Increase Email Security and Reduce Your Risk of Being Hacked - by Robert Siciliano
Oct 25, 2017

It’s easy to prevent your e-mail account from getting hacked – Email security 101: don’t click on links inside e-mails!

Yeah, right.

Clicking on links inside e-mails is here to stay, till the end of time. Not clicking links is good advice, but it’s not enough.

Hackers say “Own the email, and you’ll own the person.” If your email gets hacked, bad guys will have access to almost all of your critical accounts associated with that email address. That’s why improving your email security is so important.

Hackers send phishing e-mails, disguising them to look like legitimate messages from the IRS, UPS, Macy’s, PayPal, your employer, your bank, your medical plan carrier, a friend, a sweepstakes announcement that you won a prize – anything to lure the user into clicking the link.

Even highly educated people in leadership positions get suckered into clicking links, like John Podesta, campaign chairman for Hillary Clinton. His hasty click in an email that looked like it was coming from Google to update his account let hackers into his entire e-mail account. And we all know how that turned out!

Even people who are warned not to click on links inside e-mails will still do this.

Don’t Let Your E-mail Get Hacked

If you decide to click on a link, at least do a few things first:
Hover over the URL of the link to see if it looks suspicious, e.g., it ends in “.com.xe” instead of just “.com,” but if it’s just “.com,” it can still be malicious.
A malicious URL is often very long and nonsensical.
The URL can also look quite legitimate.

When the URL looks valid, there are other tell-tale signs of a phishing e-mail.

A skilled hacker can make a phishing e-mail look like it came from the CEO of your employer.

Generally, I only click links in emails if I’m receiving a confirmation email from a new account that I just signed up for, or if I’m engaged in ongoing dialog with a trusted relationship.

When in doubt, contact the alleged sender by phone instead of clicking any links.

How to Spot a Phishing Email

The subject line is urgent, like “Your account was compromised” or “Your account is about to be suspended.”

The subject line may also be some form of good, but unexpected, news, like winning a prize, or “Check out the Instagram pics of my new baby!”

A huge red flag is when the message has misspellings or other mistakes.

Another giant red flag is when the message is telling you that you must reset a password.

Any e-mail that appears to be from the IRS, UPS (or similar), your bank, or a major retailer.
Any e-mail from that appears to be from PayPal that doesn’t address you by your full name.

Additional Email Security Tips to Make a Hacker’s Job Harder Always use long, strong passwords that are a random mix of numbers, letters, and symbols.

Sign up for two-factor authentication for your e-mail account. Do not click on attachments from e-mails that fit the bills described above.

Increasing your email security is probably the most important digital security responsibility we all have. The advice is relatively simple with a bunch of moving parts. Some of the information here might be old hat, but it’s still incredibly important that it’s followed to the word. Put a note in your calendar to revisit this post in 6 months and share this to enlighten others to protect themselves.

PREVIOUS POSTS
Jun 13.16 | There’s the Beef: Wendy’s Breach Numbers About to Get Much Meatier by KrebsonSecurity

read more

Apr 28.16 | PCI DSS 3.2: 3 Things You Need to Know by Steve Zurier

read more

Aug 24.15 | MYANMAR: Humanitarian flood appeal 07/08/2015 by Alan Cole in the UK

read more

Aug 11.15 | Diving into the Dark Web: Where does your stolen data go? By Charlie Osborne for Zero Day | April 8, 2015

read more

Jul 27.15 | Target, PCI Auditor Trustwave Sued By Banks Trustwave apparently certified the retailer as PCI compliant -- but can PCI assessors be held liable for data breaches? by Mathew Schwartz Infoweek

read more

Jun 04.15 | AT&T Admits Failure In Mobile Payments By pymnts @pymnts

read more

May 04.15 | Three Survive Eight Days Under Earthquake Rubble In Nepal, As Death Toll Rises: By Gopal Sharma: Reuters

read more

Apr 27.15 | Nepal earthquake donations: Who's sending what By Alanna Petroff and Ben Rooney @CNNMoney

read more

Apr 27.15 | Nepal scrambles to organise earthquake relief, death toll rises to 4000 - Source: Reuters @ibnlive

read more

ARCHIVE