One of the things people need to understand is unless you’re using a private service like hushmail and sending encrypted emails your email is NOT private. The sad part is it can be picked up between You and your recipient and read.
Fraud and phishing exist because they are profitable. Too many people don’t check out messages that might be suspicious and they click on links they shouldn’t. Email is like candy, taking candy from a stranger that might want to harm you is a BAD idea. If you’re getting an email that looks like it’s from one of your friends and you’re not expecting a link from them look at #2 and if it is actually from them you should let them know their account might be compromised.
As I used to tell my college students, ‘Email is like a post card. Don’t put anything in it you would be embarrassed to see on a billboard’. Unfortunately, as people have become more familiar and dependent on email they are ignoring some basic properties of email, such as:
1. Email is not generally anywhere near as private as you think. (more on that later). Google ‘mailsnarf’
2. Emails might not be from who you think they’re from. Emails have header information that is usually hidden. Enable headers if your suspicious or on GMAIL click on the three dot menu on top right of the email and click show original. It will then show the header information. Look for ‘smtp.mailfrom’ and if it doesn’t match the user’s email address domain (the part after the @) then you’re probably looking at a spoofed email. Pay attention to the english usage in the email. If someone you know sends you an email and their use of our language seems off contact them via phone or text and ask if it’s them.
3. With weak passwords/no 2 part authentication/user error you or your recipient might not be the only ones reading that mailbox. I’ve seen multiple cases where someone’s email got hacked and they didn’t nothing but read emails and craft really good looking spear-phishing emails using the information they gained watching the person’s email.
4. Don’t send vital information via email unless you have no choice. If that is the case text, fax, or call and give them passwords if you can. If you can’t do this send it in parts in different emails. At least that way they have to work for it.
5. If you’re setting up your email in a client such as outlook, ALWAYS use an SSL connection. If you don’t understand this as the geek in your life, they’ll help you.
6. If you’re using a web-based email program check for the padlock to the left of the URL, use a strong password, and turn on 2 factor authentication if at all possible. (I wouldn’t use an email service that didn’t offer 2 factor authentication)
Passwords, Passwords, Passwords
Are dead!! Use a Passphrase. Instead of ‘Charlie2017’ – your dog’s birth year, use a phrase and substitute some of the characters for special characters on the keyboard try “Ch@rliewa$b0rn2017” easy to remember and very hard to crack. The estimate for that password being attacked by a medium sized bot net was 1 quadrillion years. (A little overly optimistic imho)
Another site, http://password-checker.online-domain-tools.com/ gives some really good estimates on security of your password.
All of this is meaningless if your computer has a virus or malware. Many viruses and malware programs watch the keyboard for passwords or look at saved passwords in browsers. Don’t save your password if it’s not your computer! Download some good antivirus programs and regularly scan your machine for malware.