Surf Securely: Email Security

Surf Securely: Email Security

Welcome to the third installment of Surf Securely, a multi-part security guide created by Canary. We developed this guide because when it comes to protecting yourself, it’s easier for most people to pinpoint physical risks than digital ones.

We’re happy to share our experience and insight about how best to keep yourself safe online and avoid some common digital pitfalls. The first step in protecting your accounts is to understand common techniques used by hackers and people who want to exploit your private information.

In our first installment, we shared our tips and tricks for safer passwords. Our second installment reviewed how to keep criminals out of your computer. Today, we’ll continue with email security.

You’ve probably heard a lot of talk about protecting your email accounts, but why is email security so important? There are a number of ways criminals can use your email to their advantage, but by staying alert and following these guidelines, you have a much better shot at keeping hackers out of your account.

Email is a gateway to other accounts

If a hacker takes over your email, he can reset your password, making it difficult for you to regain control of the account and exposing you to a major security risk. Hackers can learn a lot about your preferences and habits by reading your email, and once they know where you bank or what social media sites you use, they can attempt to reset your passwords (which are typically emailed to your primary account). By putting your personal details together and hacking your passwords, these criminals can use your email as a gateway, giving themselves open access to your online life.

If you use the same password for multiple sites (which we don’t advise), please at least make sure the password to your email account is fully unique and follows our recommendations.

Don’t email private information

Don’t use email to send critical data including credit card numbers, passwords, sensitive personal details, or any other information that a criminal (or anyone with a grudge against you) could exploit. The safest plan is to assume your email account isn’t secure; while that’s probably not the case, being overly cautious will save you a lot of headaches if you get hacked. Our email accounts are already a treasure trove of private data, so don’t make your inbox a greater liability by carelessly sharing critical information in an unsecured space.


Phishing is a technique where criminals pretend to be legitimate organizations to obtain credit card numbers and other personal information from you. A phishing email will direct victims to a fake website where they’re instructed to submit information such as passwords or credit card numbers. These official looking emails may warn users that their account will be shut down unless they confirm certain private information. In other cases, a link will send users to a fake site resembling a popular e-commerce site, and will collect the credit card numbers of anyone who places “orders.”

Exercise caution if you receive an email that unexpectedly asks you to re-enter or confirm private information. Most reputable organizations will let you know what types of emails they send out to customers, and won’t randomly contact you to request personal details. Before you provide any information, call the company directly to confirm the authenticity of the information request.

Spam and scam emails

Most email clients these days have a spam or junk mail filter, but they don’t always work perfectly. One of the most effective tricks used by spammers is to make you think the email is authentic and was sent by someone you trust. If you ever receive an odd email that appears to be sent from someone you know (either a friend or a company you do business with), be wary and exercise caution when opening attachments or clicking on unfamiliar links. If the language seems off, your friend’s email may have been hacked, or the email may have been sent by someone who’s spoofing your friend’s email.

Similar to spam, scam emails may promise outrageous rewards, offers, and prizes, or beg for your financial help. Scammers will often try to appeal to your sympathies or guarantee you fame or monetary gain, but their real goal is to cheat you out of your money. The rule of thumb here is that if it sounds too good (or bad) to be true—“You just won $4.5 million in the Euro Lottery!” or “My vacation took a really bad turn, and I need you to PLEASE send money ASAP.”—it probably is.

There are a few red flags that can help you to recognize a spam or scam email. (Of course, if the message ends up in your spam filter, that’s a pretty good indication, but as we mentioned, junk mail filters can make mistakes.) The sender’s email address can often indicate whether or not it’s a scam/spam; for example, if the email address doesn’t match the sender—imagine a message from “Wells Fargo Bank” sent from “”—you should question the legitimacy of the message.

Spam and scam emails can also be recognized by looking at the content of the message. Spelling and grammatical errors, excessive use of capital letters, impersonal (or overly personal) greetings, and mysterious links to websites you’ve never heard of are good indicators that the message is spam or a scam.

Bringing it all together

When a hacker gains access to your email, your other online accounts aren’t far behind. If you want your account to be safer, make your password unique, be careful what you share via email, stay skeptical about spam and scams, and don’t take the bait when you’re phished.

What are your tricks for keeping your email account safe? Share your tips in the comments.