How to keep your private email account secure

Email accounts aren’t compromised one by one, they’re cracked ‘en masse’ and then sold online.  In case you want a private email account, this will interest you.

According to account monitoring company LogDog, who recently took a fresh look at this burgeoning part of the underground economy, it’s such a lucrative trade that there are Dark Web sites selling nothing but login/passwords. For e.g., this is what accounts are currently worth on the Dark Web:

Service           Min. Price

Max. Price

Yahoo70c$1.20
Gmail70c$1.20
Uber$1$2
Netflix$1$2
Twitter10c$3
Amazon70c$6
Ebay$2$10
PayPal$1$80

Hackers in popular culture are like cyber-swordsmen who penetrate the armor of sophisticated adversaries and use social engineering attacks for dedicated targets.

To secure your private email account in this battlefield, we strongly recommend following steps. Especially if you use your private account for both personal and professional purposes.

How to keep a private email account secure

1. Protect your password
Choose a strong password and don’t reuse it (having a good password manager may assist you in this regard). If you enter your password in some other website and it’s compromised, someone could try to sign in to your Mailfence account with the same information. Also, never share your password (don’t write it down, don’t send it via email …). You should be the only one who knows it.

2. Enable two-factor authentication
Two-factor verification adds an extra layer of security to your account by requiring you to sign in with something you know (your password) and something you have (a code generated on your phone/tablet).

3. Check for unknown activities and review your alternate email addresses
Go to the Home (or click on Mailfence logo) within your Mailfence account and check the details under Account in the right column

Capture

If you notice unknown last connection details, then take it as a red flag and immediately change your password. Also, review your alternate email addresses, make sure they are still accessible/or has not been compromised, and level-up their security – as they will be used to reset your account’s password.

4. Beware of Social Engineering !
Social engineering is the most common attack vector that cyber-criminals use today. Never enter your password after following a link in an email message/attachment from an untrusted site and always go directly to https://www.mailfence.com or https://mailfence.com/pocket/. Also, think twice before clicking on suspicious links from external websites (more details).

5. Check for viruses and keep your machine up-to-date with all the security updates
Check manually or run a scan on your computer with a trusted anti-virus software & remove any detected suspicious applications or programs.  Make sure to catch up with all the security updates (both for your OS and the programs being installed on top of it).

6. Avoid connecting apps to your email account

Giving a third-party app full access to your inbox makes you vulnerable to cyber attacks. The app can be compromised and, as a consequence, cyber criminals would gain unhindered access to all your emails and their contents.

7. Always log-out
Always log-out from all of the devices where your account has been logged-in. It will not only help you in securing your account from ‘cookie‘ based threats, but also from your colleagues/friends who may simply grab your phone to call their mom !

Note: Perform a monthly audit for all of your accounts and delete the one’s  you don’t use. Also use disposable temporary accounts on sites which you just want to test/or use for a day or week.

Staying cautious and following sound practices will significantly reduce the possibility of your account getting compromised. Under this notion, using a secure and private email service remains the foremost step that you should take !

Get your secure email!

 

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team


Spread the word !

M Salman Nadeem

Information Security Analyst
– Security Team | Mailfence

You may also like...

6 Responses

  1. November 29, 2016

    […] Note: If you presently do not keep your email account secure, then our OpenPGP encryption best practices will not help you. We would advice you to check on how to keep your private email account secure. […]

  2. December 7, 2016

    […] Keep your email account private […]

  3. January 25, 2017

    […] Keep your email account secure – 2 min read […]

  4. August 2, 2017

    […] the device into a zombie, allowing it to be controlled by hackers. Zombie devices are part of botnets, which are used to launch denial of service attacks, sending spam, […]

  5. August 2, 2017

    […] use two-factor authentication to secure email and other accounts. In addition always keep your account, data and device secure. Maintaining a backup will help you in recovering your data from hacked […]

  6. August 2, 2017

    […] Note: If you presently do not keep your email account secure, then above mentioned OpenPGP signature best practices will not help you. We would advice you to check on how to keep your private email account secure. […]

Leave a Reply

Your email address will not be published. Required fields are marked *