3 ways hackers get into your email — and how to prevent it

If you’re someone who uses their email for just about everything in their work and personal life, you’re far from alone. Email is a wonderful tool, and it’s definitely made our day-to-day lives easier in many ways. With this reliance on email, at some point, you’ve probably wondered: How do I secure my email? How often do emails get hacked?

The answer is: pretty often. Here, the cybersecurity experts at ESET share the 3 main ways emails get hacked, and what to do if your email has been hacked.

#1 They send you phishing emails

Hackers often gain access to email accounts through phishing emails. These emails look authentic and appear to be sent from trustworthy sources that you’re used to hearing from via email, such as banks, online stores, social media sites or healthcare facilities. They usually feature familiar logos and names, as well as content you’d expect to hear from that company.

Cybercriminals often embed malicious code — also known as malware — within phishing emails in the form of links or attachments. With the help of call-to-actions and enticing, emotional or panic-inducing content, they do everything in their power to get you to click on those links or download those attachments.

If you fall victim to a phishing email, you could end up installing malware on your device. Hackers can create code that allows them to access your email once your device is infected with malware.

Phishing scams have become a persistent threat since the pandemic. Why? Because we’re all online and relying on our emails more than ever.

As for how to avoid email hacking, suspicious emails tend to have a few things in common. Here are the red flags to look out for:

• The email has typos in the subject line or body copy.
• It features odd or grammatically incorrect language.
• It was sent from a different email address than emails you’ve previously received from the company.
• It was sent from an email address that doesn’t match the company’s URL.
• It asks for sensitive information, like passwords or credit card numbers.
• It includes unsolicited links or attachments. If you hover over the link and see an unusual URL or file type (like .exe), the email might be a scam. The same goes for links that begin with “http://” and not “https://.” The “S” stands for secure, and it’s a simple way to determine whether a link is taking you to a safe site.

If you get an email from a person or company you don’t recognise, avoid opening it. And if you do open it by accident, don’t reply or click on anything. Mark it as spam, and if you’re using a work email address, report the email to your company’s IT department to investigate.

#2 They crack your easy-to-guess passwords

There’s nothing stopping a hacker from trying to log into your email by guessing your password. Once they’re in your account, they can then reach out to your contacts, change your password and update your privacy settings to make it harder for you to regain control of your account.

Unfortunately, guessing passwords is an effective strategy a lot of the time. There are a few reasons for this:

• People often create passwords with identifiable information, such as their child’s, pet’s or street names. The problem? With a little digging, a hacker could find this information online and on social media, especially if the victim tends to overshare.
• People use simple passwords because they’re easier to memorise. The issue is, they’re just as easy to crack for a determined hacker.
• People are guilty of recycling passwords across accounts. Again, while it’s easier to commit passwords to memory this way, it means a hacker only needs to guess one password to gain access to multiple accounts, like your email.

To prevent a hacker from guessing your password, the goal is to create complex, unique passwords for every single account you use — and change them frequently.

When you’re thinking of a new password, aim for 12 characters or more and include a mix of uppercase and lowercase letters, numbers and symbols. Use sentences and random words that don’t mean anything next to each other, and try working in words from other languages.

Need help? ESET’s free password generator tool can create strong, complicated passwords for you.

#3 They tap into unsecure internet connections

As tempting as it is to hop on the free WiFi at public places like airports, cafes and libraries and save your data, this is like leaving the door open for hackers. Public Wi-Fi networks don’t have the same protections in place as secure connections, so talented hackers can intercept your email login details while you’re using them.

Luckily, there’s a simple fix for this — and you won’t need to run up your data usage! Whenever you’re planning to take advantage of public WiFi, connect to a Virtual Private Network (VPN) before choosing that option. A VPN will secure your WiFi network, encrypt any data you send and receive and hide your IP addresses so you can stay anonymous online. You can connect to a VPN on your desktop, laptop or smartphone, so you’ll have peace of mind when you’re checking emails on the go.

Lock down your email with premium antivirus software

To keep your email safe and secure, consider investing in third-party software with full protections. ESET’s Smart Security Premium is an antivirus software and a password manager rolled into one. It generates, stores and secures passwords for you, so you don’t have to remember them all. Along with organising your passwords, it monitors and responds to a range of cyber threats, including malware, ransomware and phishing scams, to keep you and your devices safe.