Email Security: How to Keep Your Email Secure from Hackers

Email Security: How to Keep Your Email Secure from Hackers

Hackers are a nuisance. Like it or not, they are a real threat. They do not think twice before destroying someone’s arduous work or stealing someone’s hard earned money.

They will not think twice before stealing personal and professional information or do reputation damage.

The worst part is that they mostly do not do this out of vengeance. They just want to have fun.

Honestly, in an ideal world, hackers should not exist, but our world is far from being ideal and hackers exist. They are a real threat.

Imagine what happens when someday someone gets access to your email account and uses it to send an email to your bank requesting a full withdrawal!

Or imagine what happens when some random hacker with access to your email account sends out horrible emails to your office coworkers, or perhaps, deletes all your official emails beyond recovery!

Scary scenario?

Well, you should be scared!

These cyber criminals do not worry or care about your Networth. They will hack your email the very moment they get a chance. So, you should be prepared to thwart those hacking attempts.

How do you do that? How do you keep your email secure from hackers?

I am going to give you the answer you need to know. But before I do, it is essential for you to know some quick facts.

Let us learn them first.

Email Security Facts Everyone Must Know

  • Emails are always vulnerable as they attract hackers the most. Why? Because emails remain the most preferred communication tool in the business world.
  • More than 80% of the email related security incidents come in form of sophisticated phishing attacks, accounting for $9,303,120,000 in losses every year. Further broken down, that is $17,700 in losses per minute!
  • Email phishing attacks remain the top security threat even to this day.
  • Hackers try to take advantage even during the COVID-19 pandemic using email scams. Hackers sent fake emails pretending to be officials from WHO (World Health Organization) or the Center for Disease Control (CDC), trying to make people click on bogus links from where the hackers could steal something or the other.

If you do not want to become a victim, you need to focus on securing your emails from the following:

  • Theft of sensitive information.
  • Theft of passwords.
  • Theft of personal information.
  • Unauthorized access to confidential documents.
  • Ransomware.
  • Viruses.
  • Spam.
  • Malware.
  • Password theft, and more!

How to Keep Your Email Secure from Hackers

Passwords – Use Strong Passwords

A weak password is the worst thing you can do to yourself and your email account. A weak password is one of the major reasons for having email accounts hacked.

People have a nasty habit of using one-word passwords or passwords made of using date of birth or marriage anniversary date, and so on. They are easy to guess.

Stop being silly. Here are some of the most common passwords that people use, and they are almost always hacked:

  • 1234
  • 123456789
  • Jesus
  • Password
  • Abc123
  • Name followed by year of birth

And so on!

Anyone can guess the password. No one needs to be a professional hacker to grab your password.

You need to create secure passwords. A secure password follows specific rules. If you want to learn about creating secure passwords, you can read my entire guide.

Also, do not forget that using the same password for multiple accounts (email or otherwise) is never a bright idea, but around 66% of the people do that anyway. Please do not do that. If one of your online accounts gets compromised, all others are compromised as well.

Well, you may read on the Internet that you need to change your password frequently. That is true in the sense that changing your password frequently can prevent easy guessing but may not necessarily stop hackers from finding your password.

So technically, changing passwords frequently is a fool’s errand. It is not a foolproof method of safeguarding your email account.

On the contrary, using a strong and secure password gives you better protection from password theft.

Warning: Do Not Download Everything

If you know the person sending you an email with an attachment, it is quite okay to immediately download the attachment. But still, exercise caution.

However, it is not unnatural to receive unsolicited emails from unknown senders with attachments. Those attachments may loo benign in the form of Word documents (mostly) or other known file types.

Be careful about them. Even those known file formats can have viruses or malware. For instance, a macro-enabled Word document can have malicious codes hidden in them.

Downloading such documents can immediately launch the malicious code (that can be a virus, a malware, a ransomware, etc.). These malicious codes can stay hidden and steal information from your emails and from your computer.

Do not take that risk!

According to, if you see an unsolicited email in your inbox with an attachment, you can assume that it is coming from a hacker.

According to them, an authentic institution will mostly never send an attachment. Instead, they will use a link to redirect people to their website to enable file or document download.

Bottom line?

Do not download every attachment you see in your email inbox. You can get into trouble.

Links from Unknown Sources

I believe you have come across emails with links from people or companies that you do not know. The question is, how do they get your email address?

Well, there is a simple answer – data mining and data selling. Various companies like Facebook use your data and monetize it by selling it to third parties without your consent.

Once your email address is out, it will keep circulating. There is nothing you can do except creating a new email account. But creating a new email address is not always an ideal solution for a problem like that.

But that does not mean you will not face challenges. Once your email is out, you will start receiving unsolicited emails quite frequently. Clicking on such links may push you in the danger zone.

Such links can redirect you to websites laced with malware that will download on your computer without your knowledge directly from the browser.

Even if the browser shows some notification, people have a tendency of allowing downloads without even going through the information that the browser provides.

So, clicking on any and every link you see is not an ideal thing to do. Even when you receive emails with links from know people or organizations, exercise caution. One miscalculated move and you are doomed.

Watchout for Sophisticated Phishing Scams

Phishing scams are nothing new. They have existed for decades. The only problem now is that they are evolving and becoming more and more sophisticated.

Phishing attacks have different variants, and you should be aware of the most popular one. Here are a few of those attacks that have gained attention of security personnel in recent times.

Spear Phishing

It is a type of attack in which hackers do not send out thousands of emails. Instead, they target specific individuals.


Hackers send out SMS or text messages to trap and fool the unsuspecting people.


Here, the hackers use phone instead of emails to target people using similar strategies.


In this, hackers target people who hold important positions (for example, company CEOs or MDs). People holding such positions have greater information assets compared to anyone else in the company, making them the most important targets for hackers.

Business Email Compromise (BEC)

It is a type of scam in which hackers will send out emails that will appear to be coming from legitimate sources such as a supervisor, a colleague, or even a vendor working for a company.

Business Email Compromise scams are the worst of all in terms of financial damage the cause.

It is not unnatural for hackers and scammers to spoof email account or even websites making people believe that they are real. For instance, hackers will send emails with exclusive offers or free items, or they will tell people that their accounts are on hold and they need to make a payment, etc.

Put Brakes on Sharing Information

People share all kinds of information on social media platforms like Facebook, Twitter, Instagram, etc. Is that a wise thing to do? You may have a notion that sharing your name or your dog’s, or cat’s name is benign. You may think that sharing your birth date or the name of your spouse and your marriage anniversary will not harm

Think again!

I told you earlier about the terrible password practices globally. Such seemingly innocent information is unbelievably valuable for hackers. They often use such information to guess passwords. Not just that, hackers can even try to create a personal connection through shady emails using such information.

So, be careful about the information you share through social media platforms.

Call and Verify

You may receive emails asking you to verify your personal information by clicking on a link and the sender may appear to be a legitimate sender.

Usually, reputed organizations do not do that, especially, banks will never do that. If you are in doubt, do not hesitate to call the organization or the person sending such emails. But make sure that you never give out information during the phone call.

If you feel that things are not adding up or if a few things spark your suspicion, disconnect the call and report everything to the responsible authorities.

They actively collect such information to understand the patterns that these hackers and impersonators use for fooling people so that they can hold the responsible people accountable and punish them.

Antivirus Program is Important

Spend some money to get a top-of-the-line antivirus program such as Kaspersky. Do not think that they are useless, and never think of using a cracked or a nulled version of any antivirus.

These antivirus programs are sophisticated, and they help in preventing email scams and stop a wide range of cyber threats including malware, ransomware, viruses, etc.

The best antivirus programs offer different layers of security and help to thwart hackers and scammers.

Talking of cracked or nulled antivirus programs, they themselves always bundled with malicious codes. Just think one thing – why will someone go through all the trouble to crack a legit software program and share it with people? Why would someone spend such enormous amounts of time for others?

Please buy a legit antivirus program and ensure that you keep it up to date.

Use an Email Encryption Software

Emails are exchanged in plain text format. That means when they travel between servers, a hacker can easily grab the information and read it.

This reason is good enough to ensure that you do not share sensitive information through emails. But we already know that for businesses, emails are the most important mode of communication even when it involves sharing confidential.

I do not need a third-party study to understand this. I worked in an organization where my MD used to send me emails related to vital digital marketing strategies. Those emails used to have all kinds of information including budget, target groups, end-of-sales-funnel customer details, and what not.

So yes, business emails contain a lot of information that can be valuable for hackers. Thus, it is important to encrypt the messages using email encryption software.

These encryption technologies can easily encrypt plain text messages and attachments and keep them protected during transit (server to server transfer) or rest (that is, before the email is sent and after the email reaches its destination).

If you are looking for the best email encryption services, you are free to check my list of the six best options you can use.

Learn from Past Experiences

Think of investing in an email archiving solution for your organization. This will give you three benefits:

  • You can preserve email correspondences for regulatory compliance.
  • In the event of a possible litigation, email archiving will give you the access needed for eDiscovery.
  • Use the search function to find out all the emails during a specified time frame.

The last option is quite important from the standpoint of data breach. You can search the archives and go through the emails to find out who shared sensitive data over emails. You can even find out how many times such sensitive information was shared via emails.

The information will be vital to understand how well-informed your employees are about cybersecurity threats and their practical solutions. You can then arrange for awareness training programs.

Logout of Your Email Account

Like it or not, people do have a callous approach of not signing out of their email accounts when they are done using it. While not signing out is simply fine in a home environment, it is a horrible idea in a professional environment.

Anyone in bad terms with you can access your email in your absence and misuse it. Do not give people this opportunity.

What else? You should logout (do not just rely on closing the browser tab) of your email account, especially if you are someone else’s computer.

Lock Your Damn Computer.

You can enhance the security of your email by simply locking your computer. In a work environment, whenever you leave you disk, even if it is for just a minute, lock your computer.

A particularly evil passerby can quickly steal your information or delete it during your 1-minute absence. Locking your computer screen should not take long.

On a Windows computer, press down the Windows key and hold it. Now, press the L key. It will instantly lock your computer. If you are using a Mac, the key combination that you can use is Control + Command + Q.

How difficult do you think it is to do that? Pressing a simple key combination can go a long way in your attempts to secure your emails.

Avoid Public Networks

Using public networks to access your emails (business or personal) or other online accounts is the worst idea of all. Public Wi-Fi connections pose a real threat because they are breeding ground for unsuspecting victims.

Since public networks are unprotected networks, it is extremely easy for hackers to breach public networks and gain access to user information. If you are left with no choice, you should consider using a reputed VPN like Nord VPN or ExpressVPN.

If you use your phone for email communications, try to have a VPN installed on it too! Do not forget to use a proper antivirus program on your phone.

Learn the Art of Spotting Suspicious Emails

One of the best things you can do to keep your email secure from hackers is to learn the art of spotting suspicious emails. There are several ways that you can use for spotting suspicious emails. Let us learn them.

Spot the typos

Most of hackers do not have sufficient command over English. They tend to make spelling errors. Read every word of the emails properly and try to find typos.

Again, Joseph Steinberg – a cybersecurity expert says that many scammers will deliberately leave typos in their emails so as to allow smart people to spot the errors. These smart people are not sufficiently gullible, and hence, not so easy targets for the hackers.

But those who are not smart enough to spot the typos are usually the ones that become easy victims.

So, if you see an email with the words ‘Coco Cola’ instead of ‘Coca Cola,’ avoid opening that email.

You get the point, right?

Unusual URLs

Scammers try impersonating legit organizations, but they cannot afford to use the URLs of those companies. So, instead of giving the URL directly, a hacker will use an anchor text and create a hyperlink.

Hover your mouse over the link and check the URL. The URL shows up at the bottom of the browser. If the URL does not match the URL of the legit company in question, it is a scam.

More Clues

  • Check whether the email ID of the sender corresponds to the organization’s domain name or not. If not, that is a scammer. Usually, a legitimate person from a company will use the company’s email address that will include the domain name of the company.
  • Check the company name at the email footer. Do you see the correct spelling, or do you see a slightly different name that one can easily overlook? If the spelling is not right, the email you are receiving is a scam.
  • Email formatting is another important clue. Legit companies sending out newsletters will have proper email formatting. If you do not see proper formatting or if the layout does not seem right, that might very well be a scam email. Stay away!
  • Multiple requests to click on a link is a giveaway sign. An authentic company will never request you to click on a link multiple time! In fact, its call to action will be very subtle.
  • Grammatical errors are usually absent in emails coming from authentic and big brands, because they usually have a whole team of specialized people do this thing every day. If you spot multiple grammatical errors or notice mixed uppercase and lowercase letters in the email header, quickly act and avoid opening the email or downloading any of its attachment.
  • Authentic companies will not ask for you personal information. They are very much aware of the privacy laws and do not want to get into legal tussles. If the email you received is asking for your personal email, you better report the incident and help the law enforcement organizations to fight these cyber criminals.


Email security is a real concern. Never take it lightly. Identity theft, loss of money, loss of sensitive information, theft of personal belongings (digital photos and videos), etc. can cause immense troubles. Imagine what happens when a terrorist steals your identity and uses it for terror attacks. Do I need to explain the consequences?

So, it is time you take email security seriously and do everything in your power to prevent such mishaps from happening. Start by changing your weak password. You can implement other countermeasures one at a time.

Scroll to Top