Email safety
Skip to main content Skip to main menu Skip to footer

Email safety

Email safety

Decrease Text Size Increase Text Size

Page Article

Properly Managing Your Email 

  • Keep a minimum of three email accounts. Your first email account should be used for personal conversations, social media accounts, and contacts.
  • Your second email account should be your work account that is used exclusively for work-related conversations.  Don't risk your company's security by using a personal computer or other "non-work" email address at work.
  • Your third 'catch-all' account should be used to sign up for email newsletters, contests, etc.  You should plan on having to dump and change out this account every six months.
Important:  Make sure that you practice proper email safety on all three accounts.  
  • Delete any unused account. A dormant email account is a security weakness you don’t need. In fact, finding and deleting all the old accounts you don’t use, from social media profiles to photo-sharing sites, is one of the easiest ways to protect your privacy and security.
  • Reduce the amount you share online. The less you share, the harder it is for hackers to guess your passwords or security questions.
  • Delete any email with attachments that contain your personal information.  Your email folders can contain tax information, government benefits that include your Social Security number, medical records, pay stubs, tax forms, vacation rental deposits, receipts, DocuSign requests, online banking information, federal taxes, medical bills, online purchases, etc.  If there’s anything you want to save, print it out and store it in your file cabinet.
  • When you are checking your email at a public computer, you need to log out of your email and close the browser window completely. Delete browser cache, history and passwords.
  • Do not use un-secure email accounts to send and receive sensitive corporate information. Unless you need a written record of something or are communicating across the globe, consider whether a simple phone call rather than an email is a better option. Compared with accessing email through a public computer, a phone call is more secure option.

Emailing the Right People

  • Don’t use the Blind Carbon Copy (BCC) option.  
  • Don’t use the "Reply All" button.  
  • Be careful forwarding email.  Forwarding emails can create a significant security threat for yourself and the earlier recipients of the email. As an email is forwarded, the recipients of the mail (until that point in time) are automatically listed in the body of the email. As the chain keeps moving forward, more and more recipient ids are placed on the list. 

Avoiding Phishing Email

Phishing is a type of online fraud wherein the sender of the email tries to trick you into giving out personal information or clicking on a link as a method to try to steal your identity or your money.
  • Don’t send personal and financial information via email.  Financial institutions and online stores provide, almost without exception, a secured section on their website where you can input your personal and financial information. 
  • Never email sensitive information.  Avoid writing any company that requests that you send them private financial or personal information via email.
  • Be careful when unsubscribing to newsletters you never subscribed to.  If you don't specifically remember subscribing to a newsletter, you are better off just blacklisting the email address.
  • If you receive an email from a friend or trusted source via email or social media, it is NOT always safe to click on a link or attachment within that email. The email account of your friend or trusted source could have been compromised and is being sent to you by a criminal with the intent of getting information or to have you click a link or open an attachment.
  • If you accidentally open a phishing email, do not reply or click on the link in the email. If you want to verify the message, manually type in the URL into your browser.

Signs of phishing include:

  • A logo that looks distorted or stretched.
  • Email that refers to you as "Dear Customer" or "Dear User" rather than including your actual name.
  • Email that warns you that an account of yours will be shut down.
  • An email threatening legal action.
  • Email which comes from an account similar, but different from, the one the company usually uses.
  • An email that claims 'Security Compromises' or 'Security Threats' and requires immediate action.
  • Review the signature.  Legitimate businesses always provide contact details.
  • The hyperlinked address is different from the address that is displayed.
  • The email asks you to make a donation.
  • You didn't initiate the action of the email subject.

Avoiding Email Malware

  • Don’t always trust an email from someone you know.  Malware and viruses can be circulated by people who have no idea they are sending it because hackers are using their computers as a zombie. 
  • Blacklist spam instead of deleting it.  When you 'blacklist' an email sender, you tell your email client to assume that they are spam. 
  • Don’t disable the email spam filter.  
  • Scan all email attachments.  Many free email clients provide an email attachment scanner built-in. You can first forward your attachments to that account before opening them.

Brand-Phishing 

A brand-phishing email is designed to impersonate the official websites of prominent brands – such as those within the technology, banking, shipping, and retail industries. The purpose is to trick consumers into revealing sensitive personal account information.  The email will contain malicious code that will redirect to a fake website (scam page) that requires consumers to log in to verify information. Links to these scam pages are sent through emails, text messages, or via web and mobile applications and may spoof the identity or online address to resemble the genuine site. The scam pages may then use login forms or malware to steal users’ credentials, payment details, or other personally identifiable information (PII).
  • When receiving account alerts, rather than clicking a link within an email or text, opt to navigate to the website using the secure URL to review any logs, messages, or notices.
  • Closely verify the spelling of web addresses, websites, and email addresses that look trustworthy but may be imitations of legitimate websites, including the username and/or domain names/addresses (i.e., capital “I” vs small “L”, etc.).
  • Use strong unique passwords, and do not re-use the same password across multiple accounts.
  • Do not store important documents or information in your email account (e.g., digital currency private keys, documents with your social security number, or photocopies of a driver’s license).
  • Enable 2FA and/or multi-factor authentication (MFA) options to help secure online accounts, such as a phone number, software-based authenticator programs/apps, USB security key, or a separate email account (with a unique password that does not link to other consumer accounts) in order to receive authentication codes for account logins, password resets, or updates to sensitive account information.
  • When possible, do not use your primary email address for logins on Websites. Create a unique username not associated with your primary email address.

Keeping Hackers at Bay

  • Don’t share your account access information with others.  
  • Don’t use simple and easy-to-guess passwords.  
  • Encrypt your important emails.  
  • Encrypt your wireless connection.  
  • Use a digital signature whenever you sign an important email. 

Red flags you're about to get scammed

  • Links that are the only content in the body of an email.
  • Bit.ly or otherwise shortened links. 
  • Hyperlinked text.
  • Inordinate number of recipients.
  • Vague, generic or nonexistent subject lines.
  • Intense enthusiasm.
  • Grammar and spelling errors.
  • Strange requests.
  • Urgent message.
  • Sensitive information requests.
  • Surefire guarantees promise.



Page Footer has no content