How to Keep Your Email Safe from Hackers and Identity Thieves

Email Security

Believe it or not, most hackers are lazy. They use tools that automate much of the hacking process, and focus primarily on low hanging fruit, easy targets. Unfortunately, because the average person has little formal security training, a savvy hacker has numerous advantages and far too many people are easy targets.

One of the most common methods of hacking an individual starts with email, so we are going to cover a few key tips for keeping your email accounts (and the other accounts connected to that email) safe and secure from hackers.

1 – Beware of Email Attachments – One of the most common tactics hackers use is sending a legitimate sounding email with an attachment (Word doc, PDF, ZIP file, etc.). Upon opening said attachment, a malicious script can run, infecting your computer with a virus or malware.

At this point, numerous things can happen, depending on the virus or malware used. You could be locked out of your computer, forced to pay a ransom to unencrypt your hard drive. A key logger could be installed to capture everything you type going forward. Your web cam could be activated remotely to spy on you…lots of nasty things are possible.

To avoid this, you have two options. Option one, simply never open attachments, from anyone, period. This is extreme, but will keep you safe on this front. Option two involves buying anti-virus software that is capable of monitoring your mailbox, and/or of scanning specific files or attachments.

This way, if someone sends you an attachment, you can direct your anti-virus software to scan that file for malicious code prior to opening it. Some anti-virus software can even give you access to a sandbox, a safe place on your computer to open files in a way that they can’t infect your computer even if they are compromised. Avast is one of the best anti-virus options on the market, and can easily do all of these things once you have it.


2 – Be Careful When Clicking Links in Emails – If a hacker or identity thief can’t get you to open a malicious attachment, their next line of attack is to get you to click a link that points to a compromised website, a site that can inject malware into your machine as it loads.

There are a few ways in which they do this; they may buy a website that looks close to a legitimate site, say or, substituting zeros for O’s. They may disguise the link with a URL shortener, such as They may even use fancy code to show you a different URL when you hover over a link than the actual URL, making you think you are going to a legitimate site.

Another possibility is the use of phishing emails, emails designed to look like they come from legitimate companies. It’s possible to spoof an email header, to make it look like an email came from a legitimate source. With phishing emails, they will often say something like “Your account is on the verge of being suspended. Please click here and log-in to verify that you still actively use this account”. The link will go to a page and URL that appear to be legitimate, say, a clone of, and will then capture your email and password when you type it in.

When in doubt, don’t click links in email. If you aren’t certain, you could also use the sandbox feature of your anti-virus software, as mentioned above, to open the link in a sandboxed browser.


3 – Configure Two Factor Authentication (2FA) – Typically, all you need to log-in to an email account is a name and email address. Since there are numerous ways to hack or otherwise bypass that, it is safest to have a secondary line of defense, two factor authentication.

2FA ties a physical device, usually a phone, to an account. Then, to access an account, you need not only the username and password, you also need a code that is either texted to your phone, or generated by an app on the device. Without that code, the username and password won’t be enough. If for some reason you lose your device, you can also usually download a set of backup codes, to cover you in just such an eventuality.

We strongly recommend setting this up for any account that supports it. You can find a decent list of sites that support 2FA here.


4 – Use a Strong Password on Your Email Account – In general your password should consist of a combination of upper and lowercase letters, numbers, and symbols, should not be comprised of a common word or number sequence, and should never be shared between multiple sites.

While there are numerous other factors, we’ve already written an article that covers how to create secure passwords that goes more in-depth on this topic.


5 – Don’t Check Email on Public WiFi – You can have the best password, the best anti-virus software, and 2FA setup on all your accounts…but if you use public wifi with taking additional steps to protect yourself, you are begging for trouble. This video does a great job of explaining why:

If you need to use public wifi, the best way to stay safe is to use a VPN like SurfEasy or Hide My Ass. A VPN creates a secure, encrypted tunnel through public wifi, allowing your data to travel safely regardless of who else is on the network. It also helps to anonymize your surfing, and can even help you to get around country-specific browsing restrictions (or, you know, to let you explore more of Netflix’s catalog). These can even be configured to work on phones and tablets, so you can be safe regardless of what device you are using.

At the end of the day, remember this: hackers tend to be lazy. While there is no such thing as hack-proof, if you make yourself a sufficiently difficult target, you should be safe.