When it comes to security and privacy, email is one of the most common points of entry in a cyberattack.
In fact, research has shown that 92% of malware is delivered via email.
And according to researchers at Proofpoint, nearly 30% of the most targeted malware and phishing attacks were directed at generic email accounts like “firstname.lastname@example.org.”
Thankfully, there are ways to prevent or avoid spam, malware, phishing, and other malicious content in your email, and we’ll tell you how.
Learn how to spot phishing
Wombat Security’s State of the Phish 2018 report found that, in 2017, more than three-quarters of surveyed organizations and businesses were targeted by phishing scams.
However, there are many ways to spot fake emails and the simplest method is to look at who the email is addressed to. For example, many phishing emails either have no name or begin ‘Dear customer.’
Something else to look out for is urgency. Phishing emails often rely on you — the end-user — taking some sort of action. So, the email will try to convince you that one of your accounts has been locked or suspended for “security reasons” or “late payment.”
Do not reply or click on anything in the email.
If the phishing email is impersonating a company like Apple or Amazon, speak to a customer service representative to see whether or not your account has, indeed, been locked or suspended.
Learning to spot fake emails can go a long way to securing your accounts and increasing your safety.
Be careful with links
Malicious actors sometimes use links to spread malware to your computer. So, you should be very careful with links in emails, especially in situations where you have not specifically asked someone to send a link or you don’t know the sender.
Instead of clicking on the link, let the mouse hover over it in the email and usually, the URL is displayed in the bottom left corner of the mail or browser window.
But don’t be fooled, even if the link looks legitimate at first glance — URLs are often designed to fool you into thinking they are real.
If the link is to a site you know, like Amazon, Apple, PayPal, your bank and so on, type it into the address box of the browser instead of clicking a link in an email.
Don’t send private information
I know this seems like something we all should know by now, but sadly, it’s worth repeating.
Especially because data from a Stroz Friedberg survey found, almost three-quarters of office workers admitted to uploading their business files to personal accounts — and senior managers were even worse, with 87% of them failing to use their company’s servers to store sensitive company documents.
So, for the people in the back — DON’T SEND PRIVATE INFORMATION IN EMAILS!
Aside from the fact that anyone that gains access to your inbox could read that private information, it’s also possible for third-party tools such as add-ons and extensions for browsers and email services to read your emails. And they just might see something you would rather be kept secret, so, again, don’t send private information in emails.
Use a VPN
First and foremost, you should never use pubic WiFi — especially to access company information.
But if you absolutely can’t help it, use a VPN.
A Virtual Private Network (VPN) is a utility installed on your computer that creates an encrypted internet connection and it keeps out anyone attempting to spy on your internet activities.
With a VPN, you will get additional protection for your devices and personal information. Try our demo and start browsing securely and anonymously today.
Choose a strong password
This is another thing that seems silly to repeat, but again, for the people in the back, 123456 is NOT a strong password. Also, ‘password’ is not a strong password (even if you make the letter p uppercase).
Strong passwords are a mix of letters (upper and lower case), numbers, and symbols, with no ties to your personal information, and no dictionary words.
We know passwords are hard to remember, but look at it this way: passwords that are too easy to remember can be easy to guess or to identify with a brute-force attack.