How many times during the past 6 months someone I know personally called to tell me “MY E-MAIL ACCOUNT GOT HACKED AND I CAN’T LOG-IN!”
The loss of your treasured e-mail history and contacts might easily be remedied with a tub of your favorite Ben & Jerry’s and the reluctant acceptance that you will now have the difficult task of piecing it together all over again. However, the bigger issue at hand is that you most likely exposed the most of your login credentials to a criminal and compromised sensitive information of many of your friends or co-workers. And piecing it together won’t prevent it from happening again since this all was totally your fault!
Your e-mail login can be revealed in many ways. Sometimes all it takes is a quick check of your inbox from a local coffee shop where someone is “monitoring” network traffic. Sometimes it could be as simple as someone or something – a person or surveillance camera – peeking over your shoulder without you knowing. The bottom line is that when your fat, e-mail account fortress falls, whether it be Hotmail, Gmail, Yahoo Mail, WebMail, you’d better brace yourself.
What are some of the things your adversary might do?
– Search for Credit Card information.
With today’s high paced norm of doing business, it often happens that credit card information belonging to you or your clients is included in e-mails for number of reasons. This information is often contained in forms sent as attachments, frequently kept in archived folders and subsequently not deleted. (even though the fear of leaking credit card information has become more unreasonable lately since it poses the least of the possible harm which may come your way.)
– Search for money accounts.
The crafty thieves will browse 1000′s of your private e-mails looking for useful banking information, money accounts and their corresponding login/passwords, with the intention to wipe them clean or perpetrate other criminal activities.
– Search for online accounts
Many, if not the majority of online accounts such as Netflix or T-Mobile and others, have personal information in the member area section which will assist the internet hoodlums to steal your identity.
– Search for other login/passwords.
This information is often sent in confirmation e-mails when services such as webhosting accounts, blog accounts, etc. are opened. How painful would it be if someone would have full access to your server and all your clients “protected” information including financial information from their online payments?
– Search for personal information.
Your friends and coworkers can be an easy target and recipient of an urgent e-mail request for a few $dollars for “emergency help”. There will almost always be one or two good friends of yours who in the spirit of good will, will Western Union some quick cash before realizing it was a fraudulent request.
– Search for compromising information.
If you used your email for any “naughty” activities, the information properly extracted and presented to you may yield a few thousand dollar ransom.
And the list goes on… Consider how many times people have attached and emailed pre-filled PDFs with the most sensitive personal info i.e.: school, mortgage, job applications. Or how many times your accountant sent your prepared taxes in PDF attachment protected with last 4 digits of you SSN#.
On one hand, retaining all of your e-mails that span several years or even decades is a smart move since later on and at any time it is easy to access important information by using the “search” function. On the other hand, it can be a question of time before your account gets hacked.
It is easy to believe that when your email got hacked, you were not at fault but the opposite is true. Just because you have a strong password, or change it often does not mean that access to your account cannot be obtained. Professional thieves are able to navigate through a software flaw, exploit the leak from your online e-mail account provider, or use your Internet enabled mobile device when you are not watching. Who cares how they did it? The important part is that you did nothing to prepare for it.
What can be done to retain the history of 1000′s of e-mails and at the same time minimize the threat of being totally screwed in the event you are hacked? Store a copy of all your emails locally. Any good PC based e-mail client and old POP3 protocol or IMAP might be just the answer.
Guidelines to follow:
It is OK to have an online email account. You want to take an advantage of their sophisticated spam filters and virus detection which for example Gmail or Yahoo Mail has to offer. This is your 1st and most powerful line of defense against malicious emails and attachments.
How and where to store all e-mails?
Preferably in your computer locally so they are easily searchable in case you need to quickly find a long lost piece of information or forgotten contact. That can be done with the help of numerous PC based e-mail clients like Outlook (the cumbersome and expensive), or Thunderbird (cool and free), which I prefer for its structure. Both can be setup to access your online e-mail account(s) through the IMAP or POP 3 protocol and download all e-mails into you PC.
After all emails are copied in to your PC, delete all emails from your online account and leave only the recent email history so you can quickly follow up with ongoing issues; and those emails you decide to keep online strip from any sensitive information. Preferably all emails, past and present and containing sensitive information should be stored locally only . Then, just remember to open your local e-mail client approximately once each week and let it soak-up all the new e-mail traffic to keep it up-to-date.
Do not use the local email client for anything else.
The idea is to create a secure place that can mass manage all your past e-mails and their attachments as a simple, searchable storage. The moment you start using the local email client to send emails out you are opening a doorway to other possible security issues; and shorting yourself of the advantages of the online version.
If you are relying on your emails to give you quick access to your login/password credentials for your various accounts consider consolidating them under one master-login application. In other words, use an application made just for storing your login/password combinations. Don’t use your emails for that. One such app is mentioned below.
I hope this general outline how to manage emails more securely helped or at least inspired you to a better protection of you email history.
KeePass Password Safe
Check it out, it’s worth it.