Loading...
Menu

Your Guide To Email Security 2017

 

YOUR GUIDE TO

EMAIL SECURITY 2017

(WHAT YOU SHOULD KNOW)

FREE GUIDE

FIRST EDITION

By

TECHAAI.COM

https://techaai.com/

Copyright © 2017 Techaai.com LLC

All rights reserved.

T echaai is a technology blog focused on solving the everyday tech problems that affect tech users in their daily activities both online and offline.

We are dedicated to sharing information, the knowledge, the insights, and many of the strategies we have uncovered that have changed our lives, and given us a power to create and live freely that unfortunately many do not see.

There are technology issues that affect people daily and there is a possibility that people are able to solve them on their own without going into a struggle to hire technical personnel who are usually costly and may even charge a high cost on just a simple problem that can be solved by anyone. This is the main reason we exist, to give you solutions to technology issues.

That’s who we are and why we exist

Techaai Team

https://techaai.com/

At Techaai, we believe that technology is an art that is everywhere and therefore, everyone is affected by any technical error in one way or the other. This is why in our “must read” blogs we discuss different issues that people face in their daily lives. Be it articles/posts on Technology tips and tricks, WordPress, Photography, Self-improvement among others.

With email security, it is very evident that most people spend most of their time on the internet. This is either for business, for information, for many more other reasons. Therefore, we use our email accounts to connect with different people, clients, business partners and many others.

At techaai, we believe that email security is a priority for every internet user since your email accounts contain the most details that could link a hacker to other accounts connected to other users’ accounts.

Why this Ebook?

In technology, security is very essential, this is why we recommend that you read our email security guidelines shared in here. We believe they will help you in securing your email account.

In addition to this as a technology blog, this e-book will let you be aware of the many risks that you may encounter when you develop poor internet usage habits.

This e-book therefore covers a big structure of your email security and this is the main reason to have it on your to-read list.

[] INTRODUCTION

Regardless of your email provider, whether Gmail, Yahoo, Outlook, AOL, and many others, from your personal profile to the information in your inbox, your email account contains practically all the information there is to know about you. Therefore, from your email, an intruder / attacker / hacker can learn about your work, your bank account details, your relationships, your vacations, and your medical problems. Someone in control of your email account could impersonate you and scam your friends and business partners, as well as reset passwords to any account linked to your email address.

A hacker can learn about your work, your bank account details, your relationships, your vacations, and your medical problems. With the growing threat of hackers, viruses spam, phishing and identity theft, you do not have to first fall a victim in order to set up measures, or your email account may have already fallen a victim of insecurity. All the same, you need to set up measures to restore or secure your email from any un authorized access.
p<>{color:#000;}. This e-book includes among others security breaches that have been faced by the biggest email providers; the two massive Yahoo data breaches and the Gmail phishing attack. With such attacks on the most used email service providers, as a Yahoo mail user or Gmail user, you need to know the security features and guidelines that have been put in place by Yahoo and Gmail. In addition to this, you need to follow general email security guidelines to secure your account. This e-book will take you through all the security guidelines that you need to ensure that your account is safe.

TABLE OF CONTENTS

INTRODUCTION x

TABLE OF CONTENTS xii

CHAPTER 1 1

What is email security? 2

Who is a hacker / intruder? 3

CHAPTER 2 5

Why intruders/ hackers want your email account? 6

The nature of a Phishing Email 8

Signs indicating that your email has been hacked. 10

CHAPTER 3 14

Immediate steps to take when you discover your email has been hacked. 15

Simple guidelines to secure your email 20

CHAPTER 4 26

Common password mistakes to avoid 27

How to create a strong password 30

Secure internet email habits to adopt 31

CHAPTER 5 32

What are the most used email providers? 33

i.Gmail.com 34

ii.Yahoo Mail 39

iii.Outlook.com 42

iv.AOL Mail 45

Recommendations of the most secure email provider 46

End to End encryption 46

Conclusion 49

REFERENCES 50

DISCLAIMER 51

[]CHAPTER 1

[] What is email security?

In simple words, email security is the process of securing an email account from any malicious attacks especially intruders as well as hackers that enter into your email account without your knowledge to steal your personal information and other relevant information.

Google defines email security as the collective measures used to secure the access and content of an email account or service. It goes on to explain that email security allows an individual or organization to protect the overall access to one or more email addresses/accounts.

In 2016, Yahoo confirmed two massive incidents of data breach that involved hacking into users’ email accounts and stealing information. According to Yahoo, the stolen user account information may have included names, email addresses, telephone numbers, and dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. This is evidence of a hack that threatened email security.

[] Who is a hacker / intruder?

Image credit-Pexels.com

The term hacker/ intruder means someone who attempts to break into computer systems to access information meant to be private to only the user. Usually, a hacker/intruder is a proficient programmer or engineer with sufficient technical knowledge to understand the weak points in a security system.

His/her ability to do more with your personal information and data is limitless W hen a hacker/ intruder gets an opportunity of getting access into your email account, his ability to do more with your personal information and data is limitless.
p<>{color:#000;}. Hackers/intruders have different reasons for acquiring your personal information. Whichever reason an intruder or a hacker has for getting access to your personal information, the end result may not be a good experience on your side. For example, an intruder/ hacker may impersonate you, steal your identity, solicit for funds from your accounts, or use your personal information to enter into your other accounts like your bank account. This is why email security is essential for your email account.

[]CHAPTER 2

There are many reasons why you should secure your account. Whether your email has been compromised or not. This chapter discusses the reasons why you need to secure your email account. We will discuss this by sighting out the reasons why intruders/hackers want your email account.

[] Why intruders/ hackers want your email account?

Email hacking is a way to get access to your personality. Hacking into your email account enables the intruder/ hacker to steal your personality from the internet. This is what intruders/ hackers want, getting access to your personal information. You should always remember that your email account possesses your sensitive data. This is a big fact to worry about the safety of your email account.

Here are the reasons why intruders/ hackers want your email account.

Email account take over

An intruder can email your contacts and other email accounts as if they were you. The intruder can use your emails to your contacts as ordinary spam, or attempts to gain even more personal information. An intruder/ hacker can even change your password so you can’t access your own account, and can delete your email messages and contacts. This is what most intruders and hackers do, and this is a big threat to make you worry about your email account security. For example, if you are a yahoo user, then you ought to have started already on securing your account.

Here are 4 Tips On How To Secure Your Yahoo Email Account

Other accounts take over

Other account takeover means that a hacker/intruder can use your hacked account information to get to your other accounts. Imagine a hacker got your email password. Your email account was connected to your credit card accounts and used in other communications where personal information was exchanged. This literally means that knowing the name of your credit card issuer and your other personal information, the hacker could take over the credit card account changing the address on the account and requesting a new credit card to be sent to that address.

Targeted Phishing

If a hacker/intruder can see the businesses that you’re associated in, they can call or email you posing as one of those businesses and try to steal even more information from you. Or even do carry out some transactions using your identity. This can be dangerous to your account and your identity.

Wordfence, the maker of a security plugin for WordPress discovered a Gmail phishing attack which is one of most common methods used by hackers to compromise online security of Gmail users.

How this phishing attack works is that your email is targeted via an email to your Gmail account, which may include an attachment or image, and it might even come from a contact or company that you recognize. When you click on, it takes you to a well-disguised website that disguises as the Gmail login page (This page appears exactly like the Gmail log in page and it is very hard for you to recognize that it is fake) and asks you to sign in once more. Immediately you enter your password, attackers gain access to your emails and contact list.

[] The nature of a Phishing Email

Phishing is a type of online fraud wherein the sender of the email tries to trick you into giving out your personal passwords or banking information. The sender will typically steal the logo from a well-known bank or any other entity and try to format the email to look like it comes from the bank. Usually the phishing email asks you to click on a link in order to confirm your banking information or password, but it may just ask you to reply to the email with your personal information.

Here are ways how phishing scammers come into your email account.

*
p<>{color:#000;}. Making you believe you won the lottery and other scam titles.

Spammers use a wide variety of clever titles to get you to open emails which they fill with all sorts of bad things. New email users often make the mistake of opening these emails. For example, such emails may include, “you have won the Lotto, or any other big cash prize or that your bank account information have to be confirmed immediately.”

Whatever form the phishing attempt it takes, the goal is to fool you towards entering your information into something which appears to be safe and secure, but in fact is just a dummy site set up by the scammer. If you provide the phisher with personal information, he will use that information to try to steal your identity.

Signs of phishing include:

*
p<>{color:#000;}. A logo that looks distorted or stretched.

*
p<>{color:#000;}. Email that refers to you as “Dear Customer” or “Dear User” rather than including your actual name.

*
p<>{color:#000;}. Email that warns you that an account of yours will be shut down unless you reconfirm your billing information immediately.

[] Signs indicating that your email has been hacked.

Here, we intend to show you the signs that may indicate that your email account has been hacked so that when you notice them, you can easily know what to do and ensure restoration and security of your email account.

Any one of these signs means there’s a likelihood your email account has been hacked. If you notice any of these at any time, change your password immediately.

Image credit: Pexel.com

#
p<>{color:#000;}. When you try to sign in but get a message from your email provider, like Gmail, Yahoo, AOL and many others saying, ‘We have detected unusual activity on this account’. This clearly indicates that your account may have been compromised.

#
p<>{color:#000;}. When people in your contacts list are telling, you they are receiving strange email from you, but you do not find any strange email in your Sent Folder: Your account has most likely been hacked.

#
p<>{color:#000;}. When your inbox is full of mailer rejection notices for messages you didn’t send or messages in your sent folder that you didn’t send. This also shows that someone may have tried to send these massages that were rejected.

#
p<>{color:#000;}. When there are outgoing messages in your Sent, Drafts or Outbox folder that you didn’t create or send. And also, this is obvious, if you didn’t send these messages, then someone with an access to your account, owns these massages.

#
p<>{color:#000;}. When your account folders (Sent, Deleted, Spam, Inbox, etc.) have been emptied or deleted. The fact that you didn’t do this, means that someone did it in your account. A clear indication that it has been hacked.

#
p<>{color:#000;}. When your contacts list has been erased. Who would do this, other than someone who hacked into your account.

#
p<>{color:#000;}. During sign-in or when sending a message, you’re asked to pass an image challenge (a box asking you to, type the characters you see below). This shows that your account has been compromised.

#
p<>{color:#000;}. When emails you try to send are suddenly getting refused and returned to you.

#
p<>{color:#000;}. When there are email addresses in your contacts list that you didn’t add.

#
p<>{color:#000;}. When you keep getting bumped offline when you’re signed into your account.

#
p<>{color:#000;}. When your email signature suddenly has a link you didn’t put there.

#
p<>{color:#000;}. When you’re not getting new mail, OR your new mail is going straight into your Saved IMs folder.

With these indicators, you have to take immediate action to secure and restore your email account. You have to immediately change your password.

[]CHAPTER 3

  • * Immediate steps to take when you discover your email has been hacked.

Many times you may not discover that your email account has been hacked until one of your contacts tells you that they have been receiving strange messages from you. Or you may notice unusual use of your email account and know that your account has been compromised just like I have discussed in the previous chapter.

When you discover that your email account has been compromised, you should follow the following steps immediately to secure and restore your account.

Step 1: Change your password

The very first thing you should do is keep the hacker from getting back into your email account. You therefore have to change your password immediately to a strong password that is not related to your first password. Do not make any mistake here (like changing your password into something that is related to your previous password or a short password) because hackers are good at guessing passwords.

Step 2: Reclaim your account

There are two cases here, firstly, the hacker may only log into your account to send a mass email to all of your contacts. Second case is that the hacker may change your password too, locking you out of your account. If that’s the case, you’ll need to reclaim your account, usually a matter of using the “forgot your password” link and answering your security questions or using your backup email address.

Depending, on the email provider you are using, different procedures by different email providers will help you reclaim your email account.

Step 3: Enable two-factor authentication / two factor verification

To strongly secure your email account, set your email account to require a second form of authentication (two factor authentication) in addition to your password whenever you log into your email account from a new device. When you log in, you’ll also need to enter a special one-time use code the site will text to your phone or generated via an app.

This will limit hackers from logging into your account in case they guess your password correctly.

Step 4: Check your email settings

Sometimes hackers might change your settings to forward a copy of every email you receive to themselves, so they can watch for any emails containing login information for other sites. Check your mail forwarding settings to ensure no unexpected email addresses have been added.

Next, check your email signature to see if the hacker added a spammy signature that will continue to peddle their dubious wares even after they’ve been locked out.

Last, check to make sure the hackers haven’t turned on an auto-responder, turning your out-of-office notification into a spam machine.

Step 5: Scan your computer for malware

Run a full scan with your anti-malware program. You do have an anti-malware program on your computer, right? If not, download the free version of Malwarebytes and run a full scan with it. We recommend running Malwarebytes even if you already have another anti-malware program; scan other computers you log in from, such as your work computer, as well.

If any of your scans detect malware, fix it and then go back and change your email password again.

Step 6: Find out what else has been compromised

Most of us have emails buried somewhere that contain this type of information. Search for the word “password” in your mailbox to figure out what other accounts might have been compromised. Change these passwords immediately; if they include critical accounts such as bank or credit card accounts, check your statements to make sure there are no suspicious transactions.

It’s also a good idea to change any other accounts that use the same username and password as your compromised email. Spammers are clever enough to know that most people reuse passwords for multiple accounts, so they may try your login info in other email applications and other common sites.

Step 7: Inform all your contacts that your email account was hacked.

Let everyone in your contacts list know that your email was hacked and that they should not open any suspicious emails or click on any links in any email(s) that were recently received from you. Most people will probably have already figured out that you were not really the one recommending the suspicious suggestions but there are other people who won’t get informed until you let them know. This is why you need to inform each and every one in your contact list.

Step 8: Prevent it from happening again

Unfortunately most people still choose common passwords and passwords based on readily available information, making their accounts hackable with a few educated guesses. Easy passwords make for easy hacking, and spammers use programs that can cycle through thousands of logins a second to identify weak passwords.

Here is how to prevent hacking from happening to you again.

*
p<>{color:#000;}. Picking a strong password is your best protection from hacking. It also is prudent to use a different password for each site or account, or, at the very least, use a unique password for your email account, your bank account and any other sensitive accounts. If you’re concerned about keeping track of your passwords, find a password management program to do the work for you.

*
p<>{color:#000;}. Limit the amount of personal information you share publicly on social media. Hackers use this publicly available personal information to help answer security questions that protect your accounts.

*
p<>{color:#000;}. Bookmark websites that you use frequently to access personal information or input credit card information. This will prevent you from accidentally landing on a site that hackers set up to catch people mistyping the site address.

[] Simple guidelines to secure your email

Whether your email account has been compromised or not, there are some cautious guidelines to help you not be a victim of hacking. Hacking is usually a form of getting access to your personal information from your email account or even using your email to demand money or anything from your email account.

*
p<>{color:#000;}. Use a Strong Password

This may sound like “everyone knows this” but, this has never made people adopt this great idea of a strong password. By a strong password, I mean long password with more than 8 characters. Even hackers/intruders feel insulted when they come across obvious passwords like “1234567”, “[email protected]” and many more others that are very simple to guess.

While it may seem like an obvious, simple solution, having a strong password that cannot be easily guessed or hacked is essential. Many people use simplified words or phrases that are connected to their personal data, like their birthday or anniversary. Using easily discoverable information for your password is not the best choice and should be avoided. Many email service providers require you to use a mixture of various letters, numbers and capital letters to strengthen your email security. For example, a strong password looks like this, “i*L#[email protected]’t;gM2!h” and a weak password is like, “abcd9876” stronger passwords are harder to guess.

*
p<>{color:#000;}. Setup two factor verification

Google will send you the password reset code whenever somebody tries to reset your password With this, I will use an example of Gmail.com. Go to your account settings and add your mobile number to receive SMS alerts. Once that’s set up, Google will send you the password reset code whenever somebody tries to reset your password. Alternatively, if you are a smartphone user, you can rely on these SMS alerts and disable password recovery via email altogether. Email accounts are always vulnerable to an intruder/ hacker from a remote place but your mobile phone is not. Yahoo provides the same feature free too. Hotmail has a similar feature but is not supported in a lot of countries.
p<>{color:#000;}.

*
p<>{color:#000;}. Check Filters and Forwarding Addresses

In the event of a hack and after reclaiming the account, go through the existing filters to check if there are some sneaky filters set up that forward all your credit card, login info, bank account and other sensitive correspondence to an email address that is not yours. Go to the forwarding page and see that all your incoming mails are not forwarded to the hacker either. This helps you avoid getting hacked in the future too.

*
p<>{color:#000;}. Avoid Public Wi-Fi

Public Wi-Fi may give you relief of free connection, but it is very dangerous to your online security. Avoid using public Wi-Fi for accessing email or transacting online with a credit card. Casual browsing and YouTube watching (without logging in) are Ok. Accessing emails is a big risk, in fact the hacker may be waiting right away for your email account.

Image credit: Techaai.com

When you log on to the free Wi-Fi at your favorite restaurant or at the local coffee house, you are essentially giving anyone connected to that public network access to your computer. Although free Wi-Fi is convenient, the security risks are just not worth it. If you have to use a public hotspot, be sure to keep your surfing to a minimum and be sure to have an active firewall and antivirus program running. This will help protect you while you are out on the town.

*
p<>{color:#000;}. Do not share your login information

Another obvious fact, sharing your login information is one way of opening the door of your account. It is the same as giving many people, copies of keys to your house. This will definitely make your house insecure. This usually happens in businesses, companies and generally most places with coworkers, colleagues and people who can easily access your log in information.

*
p<>{color:#000;}. Adopt Safe Email Habits

Adjusting your personal computing habits and methods is the best way to protect your personal information and emails. Never leave your email open or unattended, especially at work or in a public place, and make sure to lock your computer while you are away. You should not open emails that look fishy or fake, and always be sure to click the spam button to report phishing and scam emails in your email program.

Images credit: Pexels.com

Regularly scanning your computer for viruses, Trojans, malware and spyware helps keep your computer safer and running faster, and it reduces chances for hackers to get a hold of your information. If you are using a browser-based email service on a public computer, make sure to log out before you close the browser so that the person after you has less of a chance to get in through your history.

*
p<>{color:#000;}. Login regularly

Even if an intruder gets hold of the answer to your security question, they cannot use it immediately to reset the password and break into your Gmail account. Password reset with security question is possible only after 24 hours of your account being inactive after receiving the password reset instructions. So for once, checking your mail regularly is a good thing. Also, it will help reset the Hotmail account’s expiry date. Unfortunately, Hotmail and Yahoo do not have this useful restriction in place.

*
p<>{color:#000;}. Use Encrypted Email Servers

Many email service providers offer secure email connections, giving you added protection. A secure connection, referred to as Secure Sockets Layer (SSL) encryption, can be recognized by looking at the web address bar in a web browser. If your web page is secure, you will see a padlock icon next to the status bar, next to the web address or displayed at the bottom of the page.

h1<>{color:#92d050;}.

h1<>{color:#92d050;}.

[]CHAPTER 4

[] Common password mistakes to avoid

The online field is becoming a place where almost everything requires a password. However, most people take password security lightly and just use short, easy to remember passwords that hackers/ intruders can even figure out within seconds.

It is very secure to create a strong password that no one can easily guess. It should be long, difficult and made up of a jumbled letters, small, capital, digits and symbols.

Here are the common password mistakes that most people make.

1. Personal data

Many people create passwords based on personal information that’s all too easy to find out. Never use a password that includes personal details, such as your birthday, your address or the names of your spouse, pet or children. Using such, gives hackers an easy clue to figuring out your password and your other passwords for other accounts.

2. Common passwords

They may be easy to remember but passwords such as ‘123456’ , ‘abcdefg’, ‘qwerty’, ‘password’, letmein’, ‘and many others that top the list of the most common passwords people use, surprisingly, they may be the first passwords even a learner hacker / intruder will try. Also, you ought to know that grabbing a dictionary to choose a password is also an easy way to let in hackers easily. Hackers can quickly check hundreds of thousands of entries in seconds using software. Choose a complex, random password that includes symbols, capitals, lower case, digits and shot forms.

3. Easy to find

Writing down your password on a sticky note or piece of paper and keeping it next to your computer is a bad idea it is like leaving your front door key in the lock. Choose passwords that are memorable enough that you don’t need to write them down, but if you must, then keep them in a secure location or use a password manager.

4. Too short

The shorter your password, the less secure it is. Hackers use software to crack passwords and the longer it takes, the more likely they are to give up and move on to easier prey. Each additional character in your password dramatically increases the time it takes to crack. So use a password with at least eight characters, although 12 or 14 characters are better.

Don’t simply add a couple of digits to the end of a password to lengthen it as hackers expect this.

5. Not complex enough

Avoid using passwords containing all letters or all numbers, especially if sequential, such as ‘1234abcd’. Make sure your password includes both upper and lower case letters, numbers and keyboard symbols. However, avoid common patterns easily spotted by hackers, such as putting two or four numbers before or after the letters or adding just one symbol, such as ‘!’, at the end of the password.

6. Too old

Using the same password for years can be a mistake as someone may acquire your password and use it to snoop or steal over an extended period of time. Regularly changing your password prevents this from happening, however creating a strong but memorable password each time can be challenge, so consider using a password manager.

7. One password

Using the same password for multiple accounts poses a security risk. If a hacker cracks your password, he can then access all your other accounts that use that same password.

Always use a unique password for each of your online accounts.

[] How to create a strong password

Using a strong password is the best and easiest way to make sure your account stays secure. Here are some tips to help you create a great one.

*
p<>{color:#000;}. Have 12 or more characters

*
p<>{color:#000;}. Not be obvious

*
p<>{color:#000;}. Avoid sequences or repeated characters

*
p<>{color:#000;}. Be different from your password for other sites

Your password is weak. If you follow these guidelines and still get a message that says your password is weak or too easy to guess, add other few letters.

[] Secure internet email habits to adopt

*
p<>{color:#000;}. Always use strong and different passwords for your accounts

*
p<>{color:#000;}. Minimize storage of important information.

*
p<>{color:#000;}. Never click on unknown links or reveal your passwords to any link.

*
p<>{color:#000;}. Use computers that are protected with a secure anti-virus

*
p<>{color:#000;}. Avoid using public Wi-Fi

*
p<>{color:#000;}. Never download or install unknown software

*
p<>{color:#000;}. Always backup your files and important documents

[]CHAPTER 5

[] What are the most used email providers?

There are many email providers and you may be having different accounts with different email providers. The most used email providers include Gmail.com, Yahoo mail, Outlook, AOL, Mail.com and many others.

In this chapter, we intend to discuss the different email security features from different email providers as we bring out examples of email insecurity that have occurred to some of the email providers. An example is the Yahoo data breach and the recent Gmail phishing attack.

#
h3<>{color:#595959;}. [] []Gmail.com

Google’s Gmail email security features

Google offers quite a few tools to help you keep hackers out of your account, but they only work if you activate them and utilize them. Google has the most features that are aimed to keep your account your own with many recovery options and two factor authentication.

*
p<>{color:#000;}. Account Recovery Options.

Recovery email address:

Similar to your mobile phone number, this is a different email address where Google will send security codes and other important security messages, like when you’ve forgotten your username and/or your password. If you don’t have a second email address, you can always use the email address of someone you trust (like a spouse).

Alternative email address:

This is different from the recovery email address in that this is a second address that you can use to sign in to your Google account. It also cannot be a Gmail account or an address that is associated with a different Google account.

Two-Step Verification

2-step verification greatly reduces the risk of unauthorized access by asking you for additional proof of identity when you are signing into your Gmail account. This Gmail security key feature offers another layer of security for your account, by requiring you to provide a physical key or code from your phone number. The key sends an encrypted signature or a code, helping to guard against phishing.

In addition to two-step verification, Gmail lets you manage account permissions (for example, if you log in to websites using your Google account) and view security-related events (adding a phone number, changing your password or turning on two-step verification). Gmail will also send phone alerts if your password has been changed or it notices suspicious activity, such as an attempted login from a foreign IP address.

Spam filters and malware detection

Google has one of the best spam filters available. They use machine learning to detect and block even the most advanced types of spam. Less than 0.1% of email in the average Gmail inbox is spam, and incorrect filtering of mail to the spam folder is even less likely (under 0.05%).

To help prevent malware, Google automatically scans every attachment for viruses prior to a user downloading it. Gmail even checks for viruses in attachments queued for dispatch. This helps to protect everyone who uses Gmail, and prevents the spread of viruses.

Google Mail Phishing

Google mail phishing, like I had briefly introduced it to you in the first chapter, this could result into a threat to your account as a Gmail user. The attacker will send an email to your Gmail account. That email will probably come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar and you see accounts.google.com in there. This will automatically, make you sign in again without hesitating. When you log in again, the attack will have completed its mission. They will steal your password and any other information relevant to them.

How to outdo the Gmail phishing attack

Out doing this Gmail phishing attack, you need to be alert every time you log into your Gmail account. Checking the link before you log in is a crucial thing. You have to be vigilant about the right Gmail link. That link in the tab that we mentioned has accounts.google.com in there, but it is not from google. It looks like this,

Source: WordFence

The most appropriate way to outdo this attack, is to always check the link in the tab to be sure it is from google. The link from google has https and it appears like this,

Source: Techaai.com

Another way to outdo this attack is by enabling the two-factor authentication. By doing so, it makes much more difficult for an attacker to sign into a service that you use, even if they manage to steal your password using this technique. However, to avoid anything related to this, always check the google link before you log in or click on any link.

However, google is putting up all security measures to help its users not fall victims of this attack. It is also your role as a Gmail user to put efforts to secure your email account.

#
h3<>{color:#595959;}. [] []Yahoo Mail

[Grab your reader’s attention with a great quote from the document or use this space to emphasize a key point. To place this text box anywhere on the page, just drag it.] Yahoo reported two massive data breaches the first in September 2016 that had occurred sometime in late 2014, and affected over 500 million user accounts. The second data breach was reported in December 2016, and affected over 1 billion user accounts. These data breaches are believed to be the biggest in the internet history.
p<>{color:#000;}. Yahoo encourages its users to follow the following security recommendations:

*
p<>{color:#000;}. Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.

*
p<>{color:#000;}. Review your accounts for suspicious activity. 

*
p<>{color:#000;}. Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.

*
p<>{color:#000;}. Avoid clicking on links or downloading attachments from suspicious emails.

*
p<>{color:#000;}. Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.

*
p<>{color:#000;}. Using Yahoo Account Key

*
p<>{color:#000;}. Update your account recovery information

*
p<>{color:#000;}. Be sure your alternate email address and mobile number are up-to-date.

*
p<>{color:#000;}. Add an alternate email address and mobile number to your account.

*
p<>{color:#000;}. Having an alternate email address or mobile number helps us quickly confirm your identity using a verification email or SMS message so you can get back into your account.

*
p<>{color:#000;}. Safely access your Yahoo account on a shared computer

If you ever sign in to your Yahoo account from a public computer, it’s a good idea to sign out after each session.

Additional guidelines.

*
p<>{color:#000;}. Turn on two-step verification

Add an extra layer of protection to your Yahoo account with two-step verification. Two-step verification uses both your password and an extra security code (sent to your mobile phone number or email address) to verify your identity whenever sign in to your account. If someone other than you attempts to access your account, even if they guess your password, still wouldn’t be able to get in.

Create an app-specific password

Some 3rd party apps, like iOS Mail, Android Mail, and Outlook, don’t work with Yahoo two-step verification. To use these apps with your Yahoo account, you’ll need to generate an app-specific password.

*
p<>{color:#000;}. Check your account’s sign-in activity

Periodically check the login activity for your account to make sure you recognize the locations of each sign in. If you see unfamiliar locations and devices, check to make sure that they’re your own. If you think the account was hacked, then follow the steps to I mentioned in chapter 3.

Related Articles:

4 Tips On How To Secure Your Yahoo-Email Account

2 Things to Know About The 2015 Yahoo Security Breach

#
h3<>{color:#595959;}. [] Outlook.com

Microsoft Outlook Security Features

Microsoft Outlook provides a solution for organizing and managing digital communication tools such as email, newsgroups, and instant messaging, along with all day-to-day organizational information from calendars and contacts to task lists and notes. Outlook controls the deluge of email, appointments, and contacts, helping the user to manage his time and tasks more effectively, while making it easier to share information and communicate with others.

Below are some of the most important security features of Microsoft Outlook

1. Encryption

When the encryption box is checked and you mark the message for encryption when writing new mail, Outlook uses the public key of your contact receiver to encrypt it. Your receiver would then use his private key to decrypt the message and display it. This way confidentiality is assured because no one without your receiver’s private key can decrypt the message.

2. Digital Signature

If you wish to digitally sign your email message, Outlook allows encrypting message with your private key, then append the sender’s public key to the message so the receiver need not bother look it up in the directory. But to prevent impersonation, the public key is signed by the certificate authority (like VeriSign) so that the reader can be sure this is the correct public key.

3. Email Attachment Screening

Outlook automatically blocks emails with attachments of certain executable extensions known to possibly carry viruses like .exe, .scr, .vbs, etc. It issues warnings to your email when you try to open suspect attachments or read HTML mail containing scripts directing them to restricted areas. This sort of blind discrimination is annoying to many users who think security should be left to the discretion of the intelligent user.

4. Spam Protection

Whenever an outside program tries to use the “Send” feature without the knowledge of the user, a flag is raised and the user is automatically prompted if he’d allow this possible outgoing spam. Also, to counter the ever increasing efficiency of “dictionary attacks” on email addresses, Outlook also has a “Junk-filter” feature which deletes incoming spam which wastes the time of the user.

#
h3<>{color:#595959;}. [] AOL Mail

AOL Mail offers a spam filter feature that’s simple; you choose Off, Low, Medium and High. AOL recommends keeping your filter on Medium. AOL found out that on this setting, all their emails were routed to the appropriate places in the service. If spam does slip through, it’s an easy fix. Additionally, with AOL’s Security Suite download, you get virus protection in your emails and on your computer, along with phishing protection, parental controls, AOL’s firewall, pop-up controls and spyware protection.

[] Recommendations of the most secure email provider

The best email provider is that with the right collective measures to ensure safety of your information. All email services in Gmail, Yahoo mail, Outlook.com, with the exception of AOL Mail, offer two-step verification as an additional layer of security beyond a password.

[]End to End encryption

i mage credit- Pexels.com

End-to-End encryption (E2EE) is a method of secure communication that prevents third-parties from accessing data while it’s transferred from one end system or device to another. In end to end encryption, the data is encrypted on the sender’s system or device and only the recipient is able to decrypt it. Nobody in between, be the Internet service provider, application service provider or hacker, can read it or tamper with it.

Most popular email providers like Gmail, Yahoo, AOL and outlook do not offer this privacy, even when your email message is deleted from your inbox, it can still be viewed by the service providers if they want to because generally, these messages are not encrypted and they could therefore view them if they wanted to.

your messages are encrypted and only the receiver can view the messages However, there are service providers who offer end to end encryption. Your privacy is their highest priority. These offer you anonymity and privacy because your messages are encrypted and only the receiver can view the messages. Email service providers with end to end encryption are so far, the most secure.
p<>{color:#000;}. Image credit: Pexel.com

If you are looking for the best email providers with the safest end to end encryption, they include,

Proton mail, Tutanota, Counter Mail.com, Ghostmail, Open mailbox, Mailbox.org, Posteo.de, Runbox.com, Neomailbox.com, Startmail.com, KolabNow.com, CryptoHeaven.com and many others.

[]Conclusion

Securing your email address is a way of protecting your personal information. Whether you have detected malicious threats in your email account or not. Taking measures to secure your email account is a great way to make your email free from any threat. Regardless of your email provider, the security of your email account is influenced by how you handle your email security.

While you will never be one hundred percent protected, you should still follow the security guidelines. With the relevant security guidelines like we have discussed in this e-book, it is possible to keep your personal information safe. Following these suggestions and methods will significantly increase your email security and help you keep the phishers and hackers at bay.

[] REFERENCES

Brandon, Deliverability Engineer: Introduction to Email Security

John E. Canavan: Fundamentals of Network Security

William Stallings: Cryptography and Network Security Principles and Practices, Fourth Edition

[+ http://lifehacker.com/simple-guidelines-for-protecting-your-gmail-account-1528061490+]

[+ https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/?utm_source=list&utm_campaign=011817&utm_medium=email#officialupdate+]

[+ https://www.techworm.net/2017/01/gmail-phishing-scam-users-tricked-handing-personal-info.html+]

[_ https://fossbytes.com/smartest-gmail-phishing-attack/_]

[+ https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security+]

https://help.yahoo.com/kb/SLN2080.html

[+ http://thetechreader.com/tech/top-4-free-email-alternatives-to-gmail-that-protect-your-privacy-best-gmail-alternatives-2016/+]

[+ http://neurogadget.net/2016/01/18/gmail-vs-aol-mail-which-service-do-you-prefer-to-use/22573+]

[_ http://www.laptopmag.com/articles/best-free-email-service_]

[+ https://www.techworm.net/2016/02/here-are-the-12-best-email-services-which-will-provide-you-anonymity-and-privacy.html#comment-171109+]

http://www.pcmag.com/article2/0,2817,2368484,00.asp

[+ http://www.pcadvisor.co.uk/how-to/internet/how-create-strong-password-1password-3357177/+]

[] DISCLAIMER

The information provided within this eBook and on our website, is for general informational purposes and educational use only. While we try to keep the information up-to-date and correct, there are no representations or warranties, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the information, products, services, or related graphics contained in this eBook for any purpose.

Every effort has been made to ensure that the content provided is accurate and helpful for our readers at publishing time. No liability is assumed for losses or damages due to the information provided. You are responsible for your own choices, actions, and results.

NB: No part of this eBook may be reproduced or transmitted in any form or by any means, electronic or mechanical, without written permission from the author.

Facebook: https://www.facebook.com/techaai/

Contact email: [email protected]

Website: https://www.techaai.com

51

 


Your Guide To Email Security 2017

Email Security is generally a collective measure of keeping private information sent through emails secure against unauthorized access or loss. Reading our email security e-book will let you discover that because your email is such a commonly used form of communication, it is a popular channel for the spread of malware, spam, and phishing attacks; such as using deceptive messages to entice recipients into divulging sensitive information, opening attachments or clicking on links that install malware on your device. Here are 10 reasons why you should read our Email Security E-book. How it will help you and what you can do about email insecurity and unauthorized access. We have compiled some of the most recent email security breaches and phishing attacks on Yahoo and Gmail and we have put them all in one place. 1. Get to Know About the Massive Yahoo Mail Data Breaches And Gmail Phishing Attack In this e-book, you will get to know about the two Yahoo data breaches and how to protect your Yahoomail account. Also, for the Gmail users, you will be introduced to the Gmail phishing attack that was/is targeting Gmail users. You will learn how this phishing attack work/s (ed) and security guidelines to protect both your Yahoomail and Gmail account from falling a victim. 2. Get Guidelines on Securing Your Email When you read our email security e-book, you will be able to get guidelines on how to secure your email account. These guidelines will make you be aware of the different measures that you can put in place to ensure safety of your email account. It is true that your email provider maybe having security measures for your email account, however the security measures that you put as an email user determine the security strength of your email account. 3. Know the Safety Measures of Your Email Provider Our email security e-book will guide you through your email account provider security features. Some people just use their email accounts but never utilize the available security features from their email providers. For example, the two factor verification where your email account requires a code from your phone every time you are to login. This means that a hacker would not easily enter into your email account unless they have your phone. For many more security features, you ought to read our e-book. 4. Know the Most Secure Email Providers When you have the knowledge about the most secure email providers with the most secure features, then the next time you are to open an email account, you will know the right choice in case you are focusing on having the most secure account. Here, the e-book introduces you to “End to End encryption” and the email providers that avail this strong security measure. 5. Know the Current Email Security Features for Your Email Account You may be still relying on the outdated email account security features yet there are updated ones that you are missing out. An example, is for the Yahoo mail users who may have not yet taken up the updated Yahoo mail security features since the massive Yahoo data breach that affected billions of yahoo users. Reading our e-book will avail you with the updated security features for your email providers including Gmail.com, Outlook.com, AOL mail and many others. 6. Identify Whether Your Email Account Has Been Compromised or Not Our e-book will help you identify the common signs of a compromised email account. Some people’s email accounts are hacked into and they do not usually notice until it’s too late and maybe one of their contacts has alerted them first about receiving unusual emails from them. Or when they are unlucky and the hacker has changed their password and they try to log in and fail to access their account. This e-book will help you with tips to identify whether your email has been compromised or not.

  • Author: techam
  • Published: 2017-02-16 12:50:23
  • Words: 7285
Your Guide To Email Security 2017 Your Guide To Email Security 2017