News & Information

Sign up here to receive our newsletter and other money saving tips.

Common Email Security Mistakes

Internet security is a topic that we all know to be important, but it often sits way back in the recesses of our minds, fooling ourselves into believing that “it won’t happen to me”. Whether it’s the destructive force of the newest virus or just the hacking attempts of a newbie, we’re always just one click away from dealing with a security mess that we’d rather not confront. Nowhere is this truer than in our emails. Here are some simple yet important security tips you should know in order to keep your email account as secure as possible.

  1. Using just one email account.
    Individuals often think about their email account like they do their home address, you only have one home address, so you should only have one email. Instead, you should think about your email address like you do your keys; while it may be OK to use the same key for your front and your back door, having a single key open everything is both impractical and unsafe.

    A good rule of thumb for the average email user is to keep a minimum of three email accounts. Your work account should be used exclusively for work-related conversations. Your second email account should be used for personal conversations and contacts, and your third email account should be used as a general catch-all for all hazardous behavior. That means that you should always sign up for newsletters and contests only through your third email account. 

  2. Forgetting to delete browser cache, history and passwords.
    After using a public terminal, it is important that you remember to delete the browser cache, history, and passwords. If this information falls into the wrong hands, it can lead to identity theft and stolen bank and email information. Because the stakes are so high, it is important that users be aware of how to clear a public computer's browser cache so that they can delete private information before lurking hackers can gain access to it.

    For those of you using Mozilla Firefox, simply press Ctrl+Shift+Del. And users of Internet Explorer need to go to Tools>>Internet Options then click the 'Clear History', 'Delete Cookies', and 'Delete Files' buttons.

  3. Believing you won the lottery … and other scam titles.
    Spammers use a wide variety of clever titles to get you to open emails which they fill with all sorts of bad things. Users often make the mistake of opening these emails. So in an effort to bring you up to speed:
    ·         You have not won the Irish Lotto, the Yahoo Lottery, or any other big cash prize.
    ·         There is no actual Nigerian King or Prince trying to send you $10 million.
    ·         Your Bank Account Details do not need to be reconfirmed immediately.
    ·         You do not have an unclaimed inheritance.
    ·         You never actually sent that "Returned Mail".
    ·         The News Headline email is not just someone informing you about the daily news.
    ·         You have not won an iPod.

  4. Not recognizing phishing attacks in email content.
    Phishing is a type of online fraud where the sender of the email tries to trick you into giving out personal passwords or banking information. The sender will typically steal the logo from a well-known bank or PayPal and try to format the email to look like it comes from the bank. Usually the phishing email asks for you to click on a link in order to confirm your banking information or password, but it may just ask you to reply to the email with your personal information.

    Whatever form the phishing attempt takes, the goal is to fool you into entering your information into something which appears to be safe and secure, but in fact is just a dummy site set up by the scammer. If you provide the phisher with personal information, he will use that information to try to steal your identity and your money.

    If you suspect that an email is a phishing attempt, the best defense is to never open the email in the first place. But assuming you have already opened it, do not reply or click on the link in the email. If you want to verify the message, manually type in the URL of the company into your browser instead of clicking on the embedded link.

  5. Unsubscribing to newsletters you never subscribed to.
    A common technique used by spammers is to send out thousands of fake newsletters from organizations with an "unsubscribe" link on the bottom of the newsletter. Email users who then enter their email into the supposed "unsubscribe" list are then sent loads of spam. So if you don't specifically remember subscribing to the newsletter, you are better off just blacklisting the email address, rather than following the link and possibly picking up a Trojan horse or unknowingly signing yourself up for yet more spam.

  6. Using simple and easy-to-guess passwords.
    Hackers often create programs which cycle through common English words and number combinations in order to try to guess a password. As a consequence, passwords that consist of a single word, a name, or a date are frequently "guessed" by hackers. So when creating a password use uncommon number and letter combinations which do not form a word found in a dictionary. A strong password should have a minimum of eight characters, be as meaningless as possible, as well as use both upper and lowercase letters. Creating a tough password means that the hacker's computer program will have to scroll through tens of thousands of options before guessing your password, and in that time most hackers simply give up.
  7. Not encrypting your wireless connection.
    One of the most vulnerable points in an email's trip from you to the email recipient is the point between your laptop and the wireless router that you use to connect to the internet. Consequently, it is important that you encrypt your wifi network with the WPA2 encryption standard. The upgrade process is relatively simple and straightforward, even for the novice internet user, and the fifteen minutes it takes are well worth the step up in email security.
  8. Sending personal and financial information via email.
    Banks and online stores often provide a secured section on their website where you can input your personal and financial information. They do this because email, no matter how well protected, is more easily hacked than well secured sites. This same rule of avoiding placing financial information in emails to online businesses also holds true for personal emails. If, for example, you need to give your credit card information to your college student, it is far more secure to do so over the phone than via email. 

    FSB has recently added a secure email feature. If you ever need to send secure information such as an account number or social security number to anyone at the bank, please click on the "Secure Email" link located on the bottom left corner of the homepage.