In today's world, we manage a significant part of our lives through emails. We use them to communicate with friends, family and colleagues. We also use email to sign up for online accounts and services.
Checking and managing your emails may seem like a mundane and repetitive task. But if you don't stay vigilant, someone else could access and control your email account. This can lead to devastating personal and financial impacts.
Cybercriminals can learn a lot about you from your emails. It is crucial to secure your email account, apply good habits, and know how to protect yourself from scams.
Understand the threats
Poor cyber security makes it easier for someone to hack your email account. This can expose you to identity theft, fraud and further attacks. Learning about online threats is a first step in protecting yourself from cybercriminals.
Phishing
Phishing is when someone tricks you into giving them your personal information by pretending to be a person or business you trust. They may ask you to open a malicious link or attachment to steal your login or other details.
Learn more about phishing.
Account compromise
You need your email to access many online services such as banking and shopping. But if a cybercriminal gains access to your email account, they could get into any account linked to your email. They can then lock you out of these accounts and steal your money and personal information.
Unusual account activity may be a sign of a compromise, such as a password reset or bank transfer you didn't make.
Learn about account compromise.
Identity theft
Identity theft can occur when a cybercriminal gets access to your personal information. Common details they steal include your date of birth, address and tax file number. They can then use these details to impersonate you for financial gain.
Learn more about identity theft.
Malware
Cybercriminals use malware (short for 'malicious software') to gain access to your data. You might open a link or attachment that downloads malware without you knowing. Some malware may even pose as antivirus or security products.
Learn more about malware.
Business email compromise
Cybercriminals can impersonate a business by using a fake or compromised email account. This is a form of targeted phishing made to look like a real company or employee. Their goal is to trick victims into providing sensitive information, money or goods.
Learn more about business email compromise.
Know the warning signs of email compromise
- Your login details don’t work.
- Your password recovery details have changed.
- You notice multiple login attempts at unusual locations or times.
- You get an unexpected email to reset your password.
- Your contacts are receiving emails from you that you didn’t send.
If you notice any of these signs or suspect your email is compromised, reset your password and sign out of all sessions. Then continue following our advice below.
Strengthen your email account security
There are several ways to make your email account more secure. Start by using multi-factor authentication and a strong password.
Multi-factor authentication (MFA) is one of the best ways to protect your email account from cybercriminals. MFA means you need 2 or more steps to verify your identity before you can log in. For example, using your login details as well as an authentication code. This makes it hard for cybercriminals to gain access to your account if they know your login details.
Learn more about MFA.
If MFA is not an option, use a strong password such as a passphrase to protect your email account. A passphrase has 4 or more random words like ‘crystal onion clay pretzel’. Passphrases are easy to remember but hard for someone to guess.
Don’t include personal details in your passphrase or share it with anyone. This includes the answers to your security questions if you need to recover your account.
You may also want to consider using a password manager. A password manager can help protect, create and store strong and unique passwords. We recommend you to search online to compare their security features and the reputation of the service provider. If you are unsure, ask a friend, co-worker or IT professional for a recommendation.
Learn more about passphrases.
Make sure to set up recovery options for all your email accounts. If you lose access to your account or it is compromised, you can reset your login using your recovery option.
Find out how to set up recovery and verification options for these common platforms:
Regular updates are important for keeping your email accounts secure. Cybercriminals hack devices by using known weaknesses in systems or apps. Updates have security upgrades to fix these weaknesses.
Make sure your devices and software are up to date. Check automatic updates are on and install updates as soon as possible. The longer you leave it, the more vulnerable you could be to a cyber attack.
Learn more about updating your devices.
Practice secure habits
Improving your email account security is only the first step. You also need to be aware of what to do and what not to do when using your email at home and in public.
Make a habit of checking your email login activity often. This will allow you to catch any suspicious activity that can lead to an account compromise. This may include frequent login attempts, or login from an unrecognised device or location.
If you notice any suspicious activity, sign out of all sessions and change your password. But be aware, it's possible for your device to detect a different location than what you expect. For example, it may display your location based on the closest data centre in a major city.
Find out how to check recent login activity for these common platforms:
Antivirus software provides protection against malware. It helps to keep your devices secure and protect your personal information.
Your devices likely come with built in antivirus software. Third-party antivirus products can also offer more security features over free versions. If using these, make sure you research the provider online. Pay close attention to the services they offer and terms of service. Also, look for customer reviews and feedback.
Learn more about antivirus software.
Public networks are convenient but can also be unsecure. Cybercriminals will target public networks to gain access to your sensitive information. If you are working in public spaces such as an airport or café, avoid using their Wi-Fi or use a VPN.
Only use trusted networks such as your home Wi-Fi or your personal hotspot. Where this isn’t an option, think twice about what you share or access on a public network. Don't save your login details on public devices and make sure you log out when done.
Learn more about public Wi-Fi and hotspots.
Get rid of old email accounts you no longer use. Leaving them active can expose your personal information since you're not checking them.
Remember that uninstalling the app doesn't delete or deactivate your account. You will need to do this through the official app or website.
Find out how to deactivate or delete your account for these common platforms:
Consider removing emails with any sensitive or personal information. If a cybercriminal gains access, they can find and steal this information. This includes any documents that show who you are, where you live and work, or what your bank details are.
You can store sensitive emails and attachments in a password protected zip file or offline storage.
Protect yourself from scams and malicious emails
Cybercriminals will often pretend to be someone you know or trust. Learn how to reduce, identify, and handle scams or malicious emails.
Spam is any unsolicited message sent to your email, phone or social media account. They promote real products and services or can be fake and malicious in nature. Avoid opening spam messages as they can track if you have opened it. This could lead to you getting more spam messages.
Cybercriminals may use malicious emails disguised as spam to trick you into sharing your personal or banking details. One of the best ways to protect yourself is to reduce the amount of spam you get. Only share your real email address online if necessary. To help protect your main email account, you could use an alternative or alias email for general use.
You can use a filter to catch spam or junk mail before they get to your inbox. Find out how to change your filter settings on these common platforms:
Even if you use spam and junk mail filters, you may still get malicious emails. It is important you know how to spot these emails to protect your information. Things to look out for include:
- generic greetings that don't use your name, such as "Dear customer", "Dear sir/madam" or "Hello"
- incorrect email addresses, such as @amazon.live instead of @amazon.com
- messages with a sense of urgency or threat, such as a limited prize giveaway or demand for money.
Never open email links or attachments from people you don't know. Cybercriminals often use this to spread malware or steal your sensitive information.
If you are unsure if a message is real, contact the person or company in another way. For example, through their official phone number or website. To protect yourself and others in future, you should report scams to Scamwatch.
Learn more about scams.
Scamwatch is run by the National Anti-Scam Centre. They collect reports about scams to help warn others and stop scams. They also have the latest advice on how to spot and avoid scams, such as email scams.
More information
Review your email account security
How to check your email account security for Gmail and Outlook.
Recovering a compromised email account
Email accounts are valuable targets for cybercriminals. Not just because they store sensitive messages, but also because they can be used to impersonate the account owner, to spread scams, and to perform password resets.
Report and recover from business email compromise
Step-by-step guidance on how to respond to and recover from email compromise and impersonation attempts.