For as long as humans have been sending written messages, others have looked for ways to take advantage of the process – by stealing, intercepting, forging, etc. the information. In today’s era of digital mail, things are no different, except for the fact that the variety and sophistication of security risks have expanded significantly. To preserve the safety of your mailbox and any emails connected to it, you would do well to understand and adequately respond to 5 forms of risk.
1. Data interception
Ideally, data sent to one person should only be read by one person. However, with the way email services are built, any message typically goes through several servers or hosts before it reaches its final destination, and this transit process is where someone could catch it for their purposes. An attacker might interrupt delivery, copy the message, or simply examine the header, depending on their aims.
This risk can be mitigated by using a private email service that supports encryption (obfuscation of data). At the very least, encryption should protect data in transit, but if it is an end-to-end encrypted email service, then even the mail servers relaying the messages will have no access to email contents and the risk is reduced.
2. Unauthorized access
Breaking into an email account gives hackers a huge advantage. Not only can they read all the messages saved in your account, but they can also start infiltrating or modifying any additional services you are using that are connected to that email address (e.g. via password resets).
The typical strategy for mitigating this risk involves making the login process more complex. For example, you can use a longer and unpredictable password that substitutes letters or words with numbers, special symbols, and uppercase letters. This will make the credentials near-impossible to guess and very difficult to match through automation. Another good practice is setting up 2FA (two-factor authentication) with codes sent to a mobile device.
Using all kinds of trickery, hackers have learned to convincingly imitate people and organizations (spoofing) in a way that makes it look like emails come from these real entities. While you may see one email address in the email outline, the message will be sent from another address or server.
Though most mail providers have become quite good at determining when a self-identified address does not match the true source, you can still carry out this check yourself by copying the email header and running it through a header analyzer.
Scams are one of the most common forms of email risks and range from poorly worded nonsense to elaborately worded inquiries that entice you to respond. Most of the time, scam messages will attempt to hook you with alluring promises of riches, free goods, and other benefits, and eventually ask you to deposit before you get something in return.
While some scam emails can be identified by copied texts (found via search), you can generally avoid them by using common sense and questioning why a stranger is offering you “free candy”.
Infection is a risk that can manifest through files or links to external content (malicious websites). In the case of files, beware of suspicious email attachments (e.g. in an executable file, video/image file, or a document). Many mail services have threat scanners built in, but they aren’t perfect, so you can use your antimalware software to check files, or better yet, never open those items you feel unsure about.