In today’s world, we manage a significant part of our lives through emails. We use them to communicate with friends, family and colleagues. We also use email to sign up for online accounts and services.
Checking and managing your emails may seem like a mundane and repetitive task. But if you don’t stay vigilant, someone else could access and control your email account. This can lead to devastating personal and financial impacts.
Cybercriminals can learn a lot about you from your emails. It is crucial to secure your email account, apply good habits and know how to protect yourself from scams.
Understand the threats
Poor cybersecurity makes it easier for someone to hack your email account. This can expose you to identity theft, fraud and further attacks. Learning about online threats is a first step in protecting yourself from cybercriminals.
Phishing
Phishing is when someone tricks you into giving them your personal information by pretending to be a person or business you trust. They may ask you to open a malicious link or attachment to steal your login or other details.
Account compromise
You need your email to access many online services such as banking and shopping. But if a cybercriminal gains access to your email account, they could get into any account linked to your email. They can then lock you out of these accounts and steal your money and personal information.
Unusual account activity may be a sign of a compromise, such as a password reset or bank transfer you didn’t make.
Identity theft
Identity theft can occur when a cybercriminal gets access to your personal information. Common details they steal include your date of birth, address and tax file number. They can then use these details to impersonate you for financial gain.
Malware
Cybercriminals use malware (short for ‘malicious software’)to gain access to your data. You might open a link or attachment that downloads malware without you knowing. Some malware may even pose as antivirus or security products.
Business email compromise
Cybercriminals can impersonate a business by using a fake or compromised email account. This is a form of targeted phishing made to look like a real company or employee. Their goal is to trick victims into providing sensitive information, money or goods.
Know the warning signs of email compromise
- Your login details don’t work.
- Your password recovery details have changed.
- You notice multiple login attempts at unusual locations or times.
- You get an unexpected email to reset your password.
- Your contacts are receiving emails from you that you didn’t send.
If you notice any of these signs or suspect your email is compromised, reset your password and sign out of all sessions and follow this advice below.
Strengthen your email account security
There are several ways to make your email account more secure. Start by using multi factor authentication and a strong password.
Turn on multi factor authentication
Multi factor authentication (MFA) is one of the best ways to protect your email account from cybercriminals. MFA means you need 2 or more steps to verify your identity before you can log in. For example, using your login details as well as an authentication code. This makes it hard for cybercriminals to gain access to your account if they know your login details.
Use a strong password
If MFA is not an option, use a strong password such as a passphrase to protect your email account. A passphrase has 4 or more random words like ‘crystal onion clay pretzel’. Passphrases are easy to remember but hard for someone to guess.
Don’t include personal details in your passphrase or share it with anyone. This includes the answers to your security questions if you need to recover your account.
You may also want to consider using a password manager. A password manager can help protect, create and store strong and unique passwords. We recommend you to search online to compare their security features and the reputation of the service provider. If you are unsure, ask a friend, co-worker or IT professional for a recommendation.
Set up account recovery options
Make sure to set up recovery options for all your email accounts. If you lose access to your account or it is compromised, you can reset your login using your recovery option.
Keep your devices and software up to date
Regular updates are important for keeping your email accounts secure. Cybercriminals hack devices by using known weaknesses in systems or apps. Updates have security upgrades to fix these weaknesses.
Make sure your devices and software are up to date. Check automatic updates are on and install updates as soon as possible. The longer you leave it, the more vulnerable you could be to a cyberattack.
Practice secure habits
Improving your email account security is only the first step. You also need to be aware of what to do and what not to do when using your email at home and in public.
Check your recent login activity
Make a habit of checking your email login activity often. This will allow you to catch any suspicious activity that can lead to an account compromise. This may include frequent login attempts, or login from an unrecognised device or location.
If you notice any suspicious activity, sign out of all sessions and change your password. But be aware, it’s possible for your device to detect a different location than what you expect. For example, it may display your location based on the closest data centre in a major city.
Use antivirus protection
Antivirus software provides protection against malware. It helps to keep your devices secure and protect your personal information.
Your devices likely come with built in antivirus software. Third party antivirus products can also offer more security features over free versions. If using these, make sure you research the provider online. Pay close attention to the services they offer and terms of service. Also, look for customer reviews and feedback.
Avoid public WiFi
Public networks are convenient but can also be unsecure. Cybercriminals will target public networks to gain access to your sensitive information. If you are working in public spaces such as an airport or cafe, avoid using their WiFi or use a VPN.
Only use trusted networks such as your home WiFi or your personal hotspot. Where this isn’t an option, think twice about what you share or access on a public network. Don’t save your login details on public devices and make sure you log out when done.
Delete your unused accounts
Get rid of old email accounts you no longer use. Leaving them active can expose your personal information since you’re not checking them.
Remember that uninstalling the app doesn’t delete or deactivate your account. You will need to do this through the official app or website.
Remove sensitive information
Consider removing emails with any sensitive or personal information. If a cybercriminal gains access, they can find and steal this information. This includes any documents that show who you are, where you live and work, or what your bank details are.
You can store sensitive emails and attachments in a password protected zip file or offline storage.
Source: Australian Cyber Security Centre