Is your email safe and secure? Messages may contain phishing, malware, bad attachments, it can be spied upon and more. Here are the best ways to boost email security and privacy on PC or Mac.
There are many threats to your security and privacy when using the internet and email is one of the ways in which you are under attack. Fortunately, there are ways to prevent or avoid spam, malware, phishing and other undesirable or malicious content in messages landing in your inbox. With a few tweaks to settings, you can make significant improvements and it takes only a minute or two for most of them. Let’s take a look at email security and safety.
1 Watch out for phishing
Phishing is a scam designed to steal your login details for online services and stores, like Amazon, PayPal, Apple, eBay, your bank and other places. Learn to spot fake emails and you go a long way to securing your accounts and increasing your safety.
There are many ways to spot fake emails and the simplest is to look at who the email is address to. If it is not to you personally, it is almost always a fake. For example, many phishing emails either have no name or begin ‘Dear customer’. Nothing screams fake more than ‘Dear customer’!
Delete phishing emails and do not reply to them or click anything in them.
2 Be careful with attachments
Email attachments are often included with phishing attempts, but not always. The message will tell you to open the file and often gives a reason for doing so, such as, it contains important account information, it is a receipt for something you bought (even though you never bought anything), it is a document of some sort, or it was an undeliverable email (that you can’t remember sending).
If you have not asked someone to send you a file, such as a friend, work colleague or contact, be very suspicious of attachments and assume they are malicious. They often contain malware. Unsolicited emails, particularly from people you don’t know, with attachments should be deleted.
3 Be careful with links
Phishing and emails spreading malware often contain links to bad websites. They will either try to infect your computer directly, get you to download malware, or try to steal your login details for an online service or website.
Be very careful with links in emails where you have not specifically asked someone to send a link or you don’t know the sender. Let the mouse hover over a link in an email and usually the URL is displayed in the bottom left corner of the mail or browser window. The destination may look legitimate at first glanced, but URLs are often designed to fool you into thinking they are real. Study them carefully.
If the link is to a site you know, like Amazon, Apple, PayPal, you bank and so on, type it in to the address box of the browser instead of clicking a link in an email. If you must open a link, right click it and open it in a private or incognito window. It will not protect you from everything, but it is safer than directly clicking a link.
4 Don’t show images
Images in emails can be used to track you and to discover information about you. It depends on your email service, but some can block emails from senders by default. You then have a choice whether to show them or not. You may choose to show images from friends, but not from unknown senders.
For example, at the Outlook website, click the gear icon, click View all Outlook settings, select Junk email and down at the bottom is Block attachments, pictures and links from anyone not in my safe senders and domains list. It increases your email safety and security.
In Gmail, click the gear icon, click Settings, select the General tab and look for the Images section. There is an option to Ask before displaying external images. Gmail actually has systems in place to check images and automatically block suspicious ones, so in this case it is OK to show images, but other email systems may not have this protection. Check your email software or webmail settings and see whether you need to block images.
5 Avoid sending private information
It is not a good idea to send personal or private information in emails and one reason is that the information stays in the inbox forever. Anyone that gains access to the inbox could read that private information, which could be login details for sites and services or even financial information.
Microsoft recently revealed that hackers gained access to some Outlook webmail accounts and were able to read some emails. Sensitive information could have been accessed. Were you affected? You might have received an email about it from Microsoft.
It is possible for third party tools to read emails, such as add-ons and extensions for browsers and email services. They might see something you would rather be kept secret, so you should think twice about installing them and don’t send or receive private information.
6 Use a VPN
When using a laptop with public Wi-Fi there is a possibility that hackers, the hotspot owner, or a fake hotspot set up nearby is spying on your activities. If you access your email over public Wi-Fi you cannot guarantee it is 100% safe and secure.
One way to increase privacy and security with email at a public Wi-Fi hotspot is to use a VPN. This is a utility installed on the computer that creates an encrypted internet connection. It keeps out anyone attempting to spy on your internet activities. A side effect is that it unblocks public Wi-Fi, which is sometimes so limited as to be almost unusable.
There are many VPNs for PC and Mac and I looked at the free version of ProtonVPN here. I used NordVPN for a couple of years and found it to be excellent. Surfshark is another VPN that offers fantastic deals.
7 Increase the spam filters
Email services usually have some sort of spam filter which removes junk emails, some phishing attempts and malware. To keep your inbox clean and safe you should firstly enable any spam filtering options if present and secondly, consider increases the protection if there are different filtering settings.
There doesn’t appear to be any settings in Gmail or Outlook and spam filtering is automatic. Some email programs and other webmail services may have junk filtering on/off switches and different levels of protection. Look for them and enable them if necessary to improve safety and security.
8 Switch to a safer email service
Not all email services are equally safe. Some webmail, like Gmail and Outlook, automatically scan emails and attachments and remove malware. They will not let you accidentally download and save a malicious email attachment. Other services may have an option in the settings, but some services have none – beware!
Some email, such as from a website, is unfiltered and unmonitored. Anything and everything is allowed and there is obviously a risk of malware. You could simply be very cautious and wary of emails and attachments, or you could just configure a service like Gmail or Outlook to fetch and display the emails. It is possible to add external email accounts and to fetch the emails from them. They will then block malicious attachments and bad messages.
9 Switch to a secure email service
Some email services offer enhanced security and messages are encrypted using methods that will block anyone without access to the services of a supercomputer for several weeks. With a super secure email service you can be sure that no-one but the intended person is able to read the email messages you send.
A common limitation of these secure email services is that the encryption only works between people using the same service. If you send a message to a person using a different email service, it is not encrypted.
Most people will not be using the same encrypted email service as you, so to maintain security and safety, some offer an alternative. A link is emailed and when people click the link it opens a browser on a secure site and lets people read the email only if they know the password. You can agree this with friends beforehand.
Secure email is a pain to use with other people, but great if all your friends use it. Two popular choices are ProtonMail and Hushmail. ProtonMail offers a free account whereas Hushmail is $49.98 a year.
10 Choose a secure password
Apparently millions of people still use simple passwords like 123456 and other common passwords include people’s favourite band or artist. People often use the same password for multiple websites and services, and if one is hacked or data leaks, everything that uses the same password is also at risk. Never use the same password twice.
Change your password if it is weak or is used elsewhere. A password should be 8 characters or more and contain upper and lowercase letters, one or more numbers, and a symbol or two if allowed, like plus, minus, exclamation, comma and so on.
The best passwords are impossible to remember of course, so a password manager is recommended. LastPass is a popular choice and here are some great tips for making LastPass even more secure. Password managers are great for making complex and secure passwords, and then remembering them for you.