Email Safety: What do I do if I get hacked?

📧 Properly Managing Your Email

• Keep a minimum of three email accounts. Your first email account should be used for personal conversations, social media accounts, and contacts.
• Your second email account should be your work account used exclusively for work-related conversations. Don’t risk your company’s security by using a personal computer or other non-work email address at work.
• Your third “catch-all” account should be used to sign up for email newsletters, contests, etc. Plan on dumping and changing this account every six months.

Important: Make sure you practice proper email safety on all three accounts.

• Delete any unused accounts. A dormant email account is a security weakness you don’t need. Finding and deleting old accounts you don’t use—from social media profiles to photo-sharing sites—is one of the easiest ways to protect your privacy and security.
• Reduce the amount you share online. The less you share, the harder it is for hackers to guess your passwords or security questions.
• Delete any email with attachments that contain your personal information. Email folders can contain tax information, government benefits (including your SSN), medical records, pay stubs, tax forms, receipts, DocuSign requests, online banking info, etc. If there’s anything you want to save, print it and store it securely.
• When checking email on a public computer, log out, close the browser window completely, and delete the browser cache, history, and passwords.
• Do not use vulnerable email accounts to send/receive sensitive corporate information. If you don’t need a written record, consider a phone call instead—especially on public computers.

👥 Emailing the Right People

• Don’t use Blind Carbon Copy (BCC).
• Don’t use “Reply All.”
• Be careful when forwarding email. Forwarding can expose the entire chain of recipients to new people and create a security risk.

🎣 Avoiding Phishing Emails

Phishing is a type of online fraud where the sender tries to trick you into giving out personal information or clicking a malicious link to steal your identity or money.

• Don’t send personal or financial information via email. Banks and online stores almost always provide a secure section on their website for this.
• Never email sensitive information. Avoid any company that asks for private financial or personal information by email.
• Be careful when unsubscribing from newsletters you never subscribed to. If you don’t remember signing up, you’re better off blacklisting the sender.
• Even emails from friends/trusted sources can be unsafe. Their accounts may be compromised; avoid clicking links/attachments until you verify.
• If you open a phishing email by accident, do not reply or click links. Open your browser and manually enter the company’s official web address to verify.

🚨 Signs of phishing include:

• A distorted or stretched logo.
• Generic greetings like “Dear Customer” or “Dear User.”
• Warnings that an account will be shut down.
• Threats of legal action.
• Look-alike sender addresses that are slightly different from the real ones.
• Claims of “Security Compromises” or “Security Threats” requiring immediate action.
• Illegitimate or incomplete email signatures. Legitimate businesses include contact information.
• Hyperlinks that go somewhere different than what’s displayed.
• Requests for donations out of the blue.
• Subject lines implying you initiated a request you didn’t make.

🛡️ Avoiding Email Malware

• Don’t always trust emails from people you know. Malware can be sent unknowingly from compromised accounts.
• Blacklist spam instead of just deleting it. Blacklisting tells your email client to treat the sender as spam in the future.
• Don’t disable your spam filter.
• Scan all email attachments. Many email services scan attachments automatically—use this before opening files.

🏷️ Brand-Phishing

Brand-phishing emails impersonate official websites of well-known brands (technology, banking, shipping, retail) to trick you into revealing logins or payment details. They may link to fake sites that steal credentials or install malware, and they often spoof sender identities and URLs.

• Manually navigate to the official website to review alerts instead of clicking links in emails.
• Verify spellings of web and email addresses closely (e.g., capital “I” vs. lowercase “l”).
• Use strong, unique passwords—never reuse them across accounts.
• Avoid storing important documents in your email (e.g., SSNs, driver’s licenses, crypto keys).
• Enable 2FA/MFA (authenticator app, SMS, hardware key, or a separate recovery email with a unique password).
• Create unique usernames when possible instead of using your primary email as the login.

🔐 Keeping Hackers at Bay

• Don’t share your account access information.
• Don’t use simple, easy-to-guess passwords.
• Encrypt important emails.
• Encrypt your wireless connection.
• Use a digital signature when signing important emails.

🚩 Red flags you’re about to get scammed

• Emails where the only content is a link.
• Bit.ly or other shortened links.
• Suspicious hyperlinked text.
• An inordinate number of recipients.
• Vague, generic, or missing subject lines.
• Over-the-top enthusiasm.
• Grammar and spelling errors.
• Strange or unusual requests.
• “Urgent” messages demanding immediate action.
• Requests for sensitive information.
• “Surefire guarantees” promises.

🙋 Have Questions?

We understand fraud can be complex. We’re here to help. When in doubt, throw it out! Regularly monitor your financial statements and credit reports for unusual activity. If you notice anything suspicious, promptly report it to your financial institution.

If you have other questions, call us at 800.442.2800, or visit our Contact Us page for more ways to connect.