When you are affected by an email attack, it is rarely as obvious as someone breaking into your house. There is no shattering of glass or loud footsteps, but you can look for certain signs. Given the many paths available for attackers to target email accounts and the users behind them, knowing the best practices in this field should help you come up with an adequate response for each threat. Let’s go over some relevant tips:
1. Use comprehensive encryption
Sending mail without encryption is dangerous nowadays, considering that interception at any stage of the process (from message creation to delivery) can cause the loss or leak of confidential data. Fortunately, any respectable mail provider should offer some form of encryption, either at the transport level or end-to-end. Transport-level does a good job of protecting messages in transit, but does not protect data at rest, and defaults to plaintext transmission if a secure connection cannot be established. This is why end-to-end encryption is considered the gold standard.
2. Apply strong password protection
Many users make the mistake of thinking that hackers will go through some elaborate plan to hack an email account, gathering information and creating a web of lies. In reality, many attacks require hardly any effort on the part of hackers, as they take advantage of weak account protection. The biggest culprit is a short and easy-to-guess password. Even if you change up a few letters, automated brute force and dictionary attacks can break through quicker than you expect.
Thus, the solution is to use a password that meets multiple complexity requirements like length, uniqueness, and the presence of uppercase/lowercase letters, digits, and special symbols. And to top it off with an additional layer of protection: it might be 2FA codes, biometric authentication, or a hardware key device.
3. Perform relevant education & testing
Even the finest digital security defenses can be penetrated through simple human error or ignorance, so any organization worth its salt combines technological security solutions with various forms of user education. For example, they could host workshops and lessons on how to respond to various situations, as well as perform penetration testing – simulated attacks testing the preparedness of staff and security personnel.
4. Keep up with patches and updates
One important thing to understand about the modern threat landscape is that hackers are constantly looking for new vulnerabilities in software and firmware, while the creators of the ware ideally provide regular updates and patches voiding dangerous exploits. As a mail service user, you should strive to keep your software updated all the time, while mail server administrators should do the same for all the components of their system.
5. Don’t put your trust in public networks
A free and open wireless network can look tempting to a user looking for easy connectivity, but also carries significant dangers. Firstly, there are no guarantees that the network you connect to will belong to the organization mentioned in the network name (SSID). If indeed the network was created by a hacker, any mail and data you transmit over it can be intercepted and copied. In conclusion, it is best to avoid unknown networks and those with no password protection, and use a traffic-encrypting VPN if you have no other alternative.
6. Avoid engaging with suspicious correspondents
One of the most common strategies used by spammers and scammers is to send messages that are unclear and confusing. This makes it difficult for the recipient to tell if they are legitimate, and often encourages their sense of curiosity to see where this correspondence might lead. But just because you can respond to suspicious emails doesn’t mean it’s a smart idea, and this is certainly a decision that you may end up seriously regretting.
If the sender sees you as a viable target, they will only increase their efforts to swindle you, so you will likely see even more plausible and persuasive writing if you respond. However, in the rare case that the message received genuinely might be from someone you know, you can just contact them through another verified contact, mentioning why the email set off your “spider sense”.
7. Block instead of unsubscribing
Have you ever clicked on an unsubscribe link only for the request to go nowhere? Undoubtedly, the functionality is infuriatingly broken for some services, but in some cases, this is even intentional. The reality is that spammers send out thousands of emails at once, without knowing which of the messages will reach their sender. Accordingly, your opening of the unsubscribe link lets them know that there is an active email address here and a responsive user.
As a next step, you are more likely to make it into a new category of the spammer’s mailing list (verified active) and become exposed to more elaborate scams and messaging. It will be much easier to carry on with your normal email activity by using the block/mute functions of your mail service.
