Electronic mail is an incredibly useful communication method, but it does come with certain risks. In 2019, according to Verizon’s 2020 Data Breach Investigation Report, 94% of malware was delivered by email.
Email hacking in one form or another is an all-present danger, so it’s more than useful to know how to increase the safety of mail accounts so they can’t be hacked, and that’s exactly what this article is all about.
Can I Get Hacked by Opening an Email?
If you are afraid to open an email for fear of getting hacked, let me put your mind at ease. You can’t get hacked by simply opening an email.
Whatever email client you are using, whether it be Gmail, Outlook, Yahoo, Listmonk, ProtonMail, etc., no matter how unfamiliar the email client looks to you (or even suspicious), an email is nothing more than an HTML document, much like a web page. No harm can be done if you open it.
For instance, if you get an email like this:
Opening it won’t do any damage.
However, should you click on the link there, that’s where you’re playing right into the hacker’s hands.
There are two main ways people get hacked via email. They either:
- Click on a malicious link, or
- Open an attachment.
By clicking on a link sent in an email message (like the one above), the unsuspecting email user will usually be sent to a website or web page under the hacker’s control.
Once he has the victim here, the hacker will look to get as much personal and sensitive information about the user.
Depending on the cyberattacker’s motivations, they might go for different PII (personally identifying information) about their victim, such as:
- Credit card numbers
- Passwords
- Social security number
- Trading information
- Bank account information
- Intellectual property
- Medical records
According to Experian, each can be worth from a few dollars on the dark web (for SSN) to $1-2,000+ for medical records.
Another way you can be hacked through your email is by opening an attachment. Kaspersky points to four types of biggest malware-carrying files, which are:
- ZIP and RAR archives
- Microsoft Office docs (in particular .doc, .docx, and to a lesser extent .xls .xlsx, .xlsm)
- PDF files
- ISO and IMG
What happens if you open an attachment like that?
Typically, these attachments will contain a hidden script that will start running or downloading on your computer, which the hacker can use to wreak all kinds of chaos, steal your info, and more.
X Tips to Prevent Email Hacking
Prevention is usually the best form of protection, so here are 5 useful tips to prevent your email from being hacked:
- Avoid clicking on suspicious email links or opening and downloading attachments
We already talked about how anonymous hacker emails can use links or attachments to hack your email, but the good news is that these will be harmless if you don’t click on them. How do hackers get you to click? They might use different tactics, but in general, it all boils down to two:
- An enticing, “one-in-a-lifetime” offer, like “don’t miss this get-rich-quick opportunity” or
- Using scare tactics, such as claiming you are due with some payment or your taxes and that you’ll get sued if you don’t do it right away, or using sextortion (claiming to have you on video watching porn).
- Limit the use of public WiFi
Yes, your plane got delayed, and now you have to wait for two hours at the airport, so why not use the free WiFi? Well, there’s nothing wrong with that if all you’re going to do is browse the Internet.
However, suppose you’re using public WiFi to log in to your email or make online payments to your bank. In that case, you are becoming a target for a potential hacker nearby who monitors unsecured traffic for someone to steal their information.
- Use a strong password
Hackers will try to brute-force your email or other online passwords. Don’t make it easy on them by using easy passwords like “1234567890” or “qwertyuiop”.
TeamPassword evaluated the passwords people most often use, and these are their top 50 worst passwords in 2019.
How should your password look like, then? It’s best to avoid using your name, your spouse’s or your children’s names, or anything that might easily be connected to you. A password should be easy to remember but not for others to connect you.
- Use a password manager
Of course, as you probably have dozens of online accounts and it’s hard to keep track of all the passwords, password managers like LastPass can be a useful tool in keeping track of them all.
Remember that a password manager, too, can be hacked, so make sure to use a strong master password and update the service regularly.
- Use 2FA
Even the strongest password can be hacked. You need an additional layer of protection in “two-factor authentication” or 2FA.
What does 2FA do?
There are 3 types of 2FA:
- Additional login credentials only the account owner knows, like a security question (name of your first pet), PIN, etc.
- Another device that the account holder owns, like a mobile phone. If 2FA is on, you’ll get an SMS message or security token whenever someone enters your login info.
- Biometrics. These include fingerprints, iris, voice recognition, and other biometrics unique to the account owner.
Remember that even 2FA is not 100% secure and can be bypassed, as we already discussed in another blog post.
What to do When Email is Hacked?
Ultimately, people are fallible, and despite all the precautions you take, a single misclick, a small lack of vigilance, or plain old curiosity (maybe you actually might win that $100,000?) can get your email hacked.
What to do when email is hacked? If you clicked or downloaded something in a suspicious email, there are three things that you should immediately do:
- Scan your device for malware and viruses.
If you downloaded an attachment, it’s possible that you also downloaded malware with it. To find it and remove it, use a malware scanner and removal program like Malwarebytes, AVG, Avira, or others.
- Check if your settings changed.
In particular, look if your emails are being forwarded to an anonymous hacker email. If you’re using Gmail, you’ll find forwarding by going to Settings > See all settings > Forwarding and POP/IMAP > Add a forwarding address. If you see an email address here that you don’t recognize or remember putting, delete it.
- Change your password.
One of the first things hackers will do when they hack your email account is to change your password and deny you further access to your email. However, sometimes they won’t do that, or they don’t do it on time. If that’s the case, you can use the “forgot password” link on the login page and set a new password.
Looking for an anonymous and encrypted email service? Try Listmonk Armored Email today.