Email Safety: What do I do if I get hacked?

📧 Properly Managing Your Email  

• Keep a minimum of three email accounts. Your first email account should be used for personal conversations, social media accounts, and contacts. 

• Your second email account should be your work account that is used exclusively for work-related conversations.  Don’t risk your company’s security by using a personal computer or other “non-work” email address at work. 

• Your third ‘catch-all’ account should be used to sign up for email newsletters, contests, etc. You should plan on having to dump and change out this account every six months. 

Important: Make sure that you practice proper email safety on all three accounts.   

• Delete any unused accounts. A dormant email account is a security weakness you don’t need. In fact, finding and deleting all the old accounts you don’t use, from social media profiles to photo-sharing sites, is one of the easiest ways to protect your privacy and security. 

• Reduce the amount you share online. The less you share, the harder it is for hackers to guess your passwords or security questions. 

• Delete any email with attachments that contain your personal information.  Your email folders can contain tax information, government benefits that include your Social Security number, medical records, pay stubs, tax forms, vacation rental deposits, receipts, DocuSign requests, online banking information, federal taxes, medical bills, online purchases, etc.  If there’s anything you want to save, print it out and store it in your file cabinet. 

• When you are checking your email at a public computer, you need to log out of your email, and close the browser window completely. Delete browser cache, history, and passwords. 

• Do not use vulnerable email accounts to send and receive sensitive corporate information. Unless you need a written record of something or are communicating across the globe, consider whether a simple phone call rather than an email is a better option. Compared with accessing email through a public computer, a phone call is more secure option. 

👥Emailing the Right People 

• Don’t use the Blind Carbon Copy (BCC) option.   

• Don’t use the “Reply All” button.   

• Be careful when forwarding email.  Forwarding emails can create a significant security threat for yourself and the earlier recipients of the email. As an email is forwarded, the recipients of the mail (until that point in time) are automatically listed in the body of the email. As the chain keeps moving forward, more and more recipient ids are placed on the list.  

🎣Avoiding Phishing Emails 

Phishing is a type of online fraud wherein the sender of the email tries to trick you into giving out personal information or clicking on a link as a method to try to steal your identity or your money. 

• Don’t send personal and financial information via email.  Financial institutions and online stores provide, almost without exception, a secured section on their website where you can input your personal and financial information.  

• Never email sensitive information.  Avoid writing any company that requests that you send them private financial or personal information via email. 

• Be careful when unsubscribing to newsletters you never subscribed to.  If you don’t specifically remember subscribing to a newsletter, you are better off just blacklisting the email address. 

• If you receive an email from a friend or trusted source via email or social media, it is NOT always safe to click on a link or attachment within that email. The email account of your friend or trusted source could have been compromised and is being sent to you by a criminal with the intent of getting information or to have you click a link or open an attachment. 

• If you accidentally open a phishing email, do not reply or click on the link in the email. Open your browser and manually enter the official website address of the company to verify the information safely. 

🚨 Signs of phishing include: 

• A logo that looks distorted or stretched. 

• An email introduction that refers to you as “Dear Customer” or “Dear User” rather than including your actual name. 

• An email that warns you that an account of yours will be shut down. 

• An email threatening legal action. 

• A company email lookalike that uses a similar account name, but different from the typical one. 

• An email that claims ‘Security Compromises’ or ‘Security Threats’ and requires immediate action. 

• Review the signature.  An illegitimate email signature. Legitimate businesses will provide contact information. 

• Hyperlinked addresses are different from the address that is displayed. 

• Any email asking you to make a donation. 

• An email with a subject line that indicates that you initiated or requested the action to receive the email 

🛡️Avoiding Email Malware 

• Don’t always trust an email from someone you know.  Malware and viruses can be circulated by people who have no idea they are sending it because hackers are using their computers as a zombie.  

• Blacklist spam instead of deleting it.  When you ‘blacklist’ an email sender, you tell your email client to assume that they are spam.  

• Don’t disable the email spam filter.   

• Scan all email attachments.  Many free email clients provide an email attachment scanner built-in. You can first forward your attachments to that account before opening them. 

🏷️Brand-Phishing  

A brand-phishing email is designed to impersonate the official websites of prominent brands – such as those within the technology, banking, shipping, and retail industries. The purpose is to trick consumers into revealing sensitive personal account information.  The email will contain malicious code that will redirect to a fake website (scam page) that requires consumers to log in to verify information. Links to these scam pages are sent through emails, text messages, or via web and mobile applications and may spoof the identity or online address to resemble the genuine site. The scam pages may then use login forms or malware to steal users’ credentials, payment details, or other personally identifiable information (PII). 

• Navigate to the website using the secure URL to review any logs, messages, or notices when receiving account alerts. Be sure to avoid clicking links within the email right away until you have confirmed manually. 

• Closely verify the spelling of web addresses, websites, and email addresses that look trustworthy but may be imitations of legitimate websites, including the username and/or domain names/addresses (i.e., capital “I” vs small “L”, etc.). 

• Use strong unique passwords, and do not re-use the same password across multiple accounts. 

• Avoid storing important documents or information in your email account (e.g., digital currency private keys, documents with your social security number, or photocopies of a driver’s license). 

• Enable 2FA and/or multi-factor authentication (MFA) options to help secure online accounts, such as a phone number, software-based authenticator programs/apps, USB security key, or a separate email account (with a unique password that does not link to other consumer accounts) in order to receive authentication codes for account logins, password resets, or updates to sensitive account information. 

• Create unique usernames whenever possible to avoid using your primary email address for account logins. 

🔐Keeping Hackers at Bay 

• Don’t share your account access information with others.   

• Don’t use simple and easy-to-guess passwords.   

• Encrypt your important emails.   

• Encrypt your wireless connection.   

• Use a digital signature whenever you sign an important email.  

🚩Red flags you’re about to get scammed 

• Links that are the only content in the body of an email. 

• Bit.ly or otherwise shortened links.  

• Hyperlinked text. 

• Inordinate number of recipients. 

• Vague, generic or nonexistent subject lines. 

• Intense enthusiasm. 

• Grammar and spelling errors. 

• Strange requests. 

• Urgent message. 

• Sensitive information requests. 

• Surefire guarantees promise. 

🙋Have Questions? 

We understand the world of fraud can be a complex topic. We’re here to help. Always remember, when in doubt, throw it out! Remember to regularly monitor your financial statements and credit reports for any unusual or unauthorized activity. If you notice any discrepancies or suspicious behavior, promptly report it to your financial institution. 

If you have other questions, give us a call at 800.442.2800, or visit our Contact Us page for other options to talk with us!