Most of us are pretty comfortable using email; and even sifting through spam and following up with those arduous threads has become second nature – but there are email-specific threats lurking out there. If you haven't personally dealt with malware, phishing scams, and dubious links, however, it can be easy to think of them in the abstract.
But a little prevention can go a long way! We've put together a list of the top 10 tips to ensure your emails stay secure, at work or at home.
Be link savvy
False, malicious URLs are by far the most prevalent threat to email security. If you receive any unexpected or suspicious mail asking you to click on a link, don't! Take a look at the link, first. Does it match the URL that appears when you mouse over it? Is it spelled correctly? Typos and extra sub-domains are a good indication that a link should be avoided, and most reputable services and companies won't require you to click a link to verify any personal details.
Look for grammatical clues
Contrary to what they'd have you believe, cybercriminals aren't always slick, technical geniuses – sometimes they give themselves away! Lookout for spelling mistakes and awkward, improper email formatting. Additionally, if you receive suspicious mail from a known sender, take a moment to recognize any abrupt changes in their communication style or language.
Verify the sender
Sender information can reveal a great deal about odd emails. Does the accompanying email address match the sender's name? If a scammer can convince you their false mail is from a well-known service like PayPal, Ebay, or Amazon, there's a chance you might click a malicious URL and be tricked into handing over personal information. Always question whether you expected to receive the email, and handle any issues directly from your account by typing the URL into your address bar.
A determined scammer can use the information you post to social media to inform their attacks – and this includes details about birthdays, family members, where you work and live, and yes, even pet names! Be aware of what you share, and remember not to divulge personal information in emails, either, particularly when communicating with new contacts.
Don't get attached
Scammers love stuffing email attachments full of viruses and malware. Similar to URLs, don't click on (or download) any attachments you aren't expecting – especially if they're from unknown senders or if they require you to enable macros. Typically, malicious attachments will seek to infect your device if clicked, or even run ransomware. If you want to send an attachment yourself securely check out our guide on how to send a secure email attachment.
Keep a secure password – no, really!
Frequently changing your password is one of the easiest ways of shoring up your email security – and not enough of us are doing it! When you craft a new password, mix in symbols, numbers and phrases, and avoid using any personal details. A complex password is incredibly difficult for a hacker to crack, even if they're using software to sift through possible combinations. If you're worried about keeping track of your passwords (you should be using a different one for all your accounts), check out a password manager, and our oh-so-handy guide!
Two-factor authentication (2FA) is another simple method of thwarting scammers. Most email clients allow you to enable this feature in a few clicks, and once you have, scammers will still be unable to access your email account even if they have your password – because they'll also need the code that's been texted to your mobile device!
Invest in an antivirus
An antivirus isn't a one-stop security solution, but it can help users avoid malware and phishing scams. By scanning your mail and attachments, antivirus software essentially gives you a heads-up if anything looks suspicious. You'll know which emails are safe to open, and which need to be flagged and deleted right away. See our best antivirus software page for a list of the top services.
It's always risky to discuss sensitive issues or divulge personal information via email. Encryption prevents snoopers from tuning in to your conversation by converting regular plain text emails into cipher text. What's more, email encryption utilizes encryption keys to ensure that only the intended recipients of an email can actually read it – snoopers without the necessary private key will be out of luck!
Be direct and double-check
Of course, you can always confront a suspicious email directly. If a coworker has sent you an oddly urgent request for details, credentials, or money, give them a call to verify the request! The same goes for correspondence from companies or services. One quick call can determine whether an email is safe or suspicious, and if it turns out to be a scam, you'll be able to report it with confidence.
A note on phishing
Phishing scams are an incredibly prevalent threat – in fact, 96% of them are delivered via email. A scammer looking to start a phishing scam will send hundreds, maybe thousands, of false emails in the hopes that a handful of recipients will click the URLs inside, and be directed to bogus sites that request their credentials. The phishing email might be incredibly convincing, or claim to be urgent in the subject line – either way, it's all a ploy.
We've covered phishing scams in far greater detail elsewhere, so check out our what is phishing guide for more information on how to thwart phishing scams of all sorts and sizes.