Increase Email Security and Reduce Your Risk of Being Hacked - by Robert Siciliano
October 10, 2017
It’s easy to prevent your e-mail account from getting hacked – Email security 101: don’t click on links inside e-mails!
Yeah, right.
Clicking on links inside e-mails is here to stay, till the end of time. Not clicking links is good advice, but it’s not enough.
Hackers say “Own the email, and you’ll own the person.” If your email gets hacked, bad guys will have access to almost all of your critical accounts associated with that email address. That’s why improving your email security is so important.
Hackers send phishing e-mails, disguising them to look like legitimate messages from the IRS, UPS, Macy’s, PayPal, your employer, your bank, your medical plan carrier, a friend, a sweepstakes announcement that you won a prize – anything to lure the user into clicking the link.
Even highly educated people in leadership positions get suckered into clicking links, like John Podesta, campaign chairman for Hillary Clinton. His hasty click in an email that looked like it was coming from Google to update his account let hackers into his entire e-mail account. And we all know how that turned out!
Even people who are warned not to click on links inside e-mails will still do this.
Don’t Let Your E-mail Get Hacked
If you decide to click on a link, at least do a few things first:
Hover over the URL of the link to see if it looks suspicious, e.g., it ends in “.com.xe” instead of just “.com,” but if it’s just “.com,” it can still be malicious.
A malicious URL is often very long and nonsensical.
The URL can also look quite legitimate.
When the URL looks valid, there are other tell-tale signs of a phishing e-mail.
A skilled hacker can make a phishing e-mail look like it came from the CEO of your employer.
Generally, I only click links in emails if I’m receiving a confirmation email from a new account that I just signed up for, or if I’m engaged in ongoing dialog with a trusted relationship.
When in doubt, contact the alleged sender by phone instead of clicking any links.
How to Spot a Phishing Email
The subject line is urgent, like “Your account was compromised” or “Your account is about to be suspended.”
The subject line may also be some form of good, but unexpected, news, like winning a prize, or “Check out the Instagram pics of my new baby!”
A huge red flag is when the message has misspellings or other mistakes.
Another giant red flag is when the message is telling you that you must reset a password.
Any e-mail that appears to be from the IRS, UPS (or similar), your bank, or a major retailer.
Any e-mail from that appears to be from PayPal that doesn’t address you by your full name.
Additional Email Security Tips to Make a Hacker’s Job Harder Always use long, strong passwords that are a random mix of numbers, letters, and symbols.
Sign up for two-factor authentication for your e-mail account. Do not click on attachments from e-mails that fit the bills described above.
Increasing your email security is probably the most important digital security responsibility we all have. The advice is relatively simple with a bunch of moving parts. Some of the information here might be old hat, but it’s still incredibly important that it’s followed to the word. Put a note in your calendar to revisit this post in 6 months and share this to enlighten others to protect themselves.