Home > Identity Theft and Scams > 11 Really Dumb Things You Do With Your Email

Comments 2 Comments
Advertiser Disclosure


As political battle lines are drawn over the case of Edward Snowden and the NSA’s sophisticated program of electronic surveillance, it’s easy to forget our simplest and most common vulnerability to spying eyes: email.

Just in the past few months, databases at LivingSocial and Evernote were hacked, exposing roughly 100 million email addresses to identity thieves. Facebook allegedly exposed 6 million users’ emails to unauthorized users, a “glitch” the company admitted was not detected for a year. All this comes on the heels of mega-breaches like the one at Epsilon, which provides marketing services for more than 2,500 financial and lifestyle companies. Epsilon admitted hackers stole “only” 2 percent of its customer data. But since its databases may contain upwards of 250 million email addresses, that means “only” 5 million people were placed at risk.

So what’s the big deal, you may ask? Email has grown up. It’s no longer a convenient secondary conduit for saying hello to friends. It’s plugged directly into our lives. Messages sitting in our email accounts can expose not just our address and contact numbers, but also our bank and brokerage account numbers, credit card information, online financial transaction receipts and confirmation of forgotten or changed passwords in all of our other accounts. That’s why email is now the single most common vector of attack for fraud, according to the Federal Trade Commission. It’s ubiquitous. It’s laden with valuable data. And scammers know their chances of getting caught are slim to none.

Bottom line: The best way to stay safe is to aggressively protect yourself. No one else can guard your email better than you. Here are the top 11 things you can do right now to reduce your risk of getting your email either hacked or scammed.

1. Checking your email on an unsafe network.

A computer in an Internet café, library or any other business may be loaded with malware to steal your passwords. Public WiFi systems are vulnerable too, even at places like coffee shops, airports, hotels and conference centers that require passwords, since any ID thief can afford a $3 cup of coffee and get the same password.

What to do: Unless the computer and network you’re using belongs to you or your employer, don’t sign into email. (While your employer’s network may give you more security, it may not assure your privacy, as many employers reserve the right to review email on their computers and network.)

2. Staying signed in.

Signing into email every time you pick up your phone can be a real pain in the butt. Deal with it. By staying constantly signed in, a hacker can gain immediate access to the most important information of your life.

What to do: Signing out is inconvenient. Do it anyway.

3. Repeating your email login name and password.

Just this year, hackers cracked databases containing the passwords of up to 50 million LivingSocial users, and another 50 million users of Evernote. If the password to your checking, credit card, social media or any other account ends in @gmail.com, @yahoo.com or any other email address, those thieves possess an important piece of your identity puzzle. Since many people mistakenly use the same password or User ID for multiple accounts, identity thieves know the skeleton key that may fit many doors.

What to do: Never use your email address and corresponding password for any other accounts. Beyond that, don’t use passwords based on things like your birthday, your kid’s name or your street. The more random, the better.

4. Not deleting old emails properly.

Many people never delete old messages in their inbox, or delete their caches of trashed and sent emails (though most email systems purge deleted email after 30 days). Those messages may contain addresses, account usernames and passwords, contact information for all your friends, financial data and a host of other sensitive information.

What to do: Delete sent, trashed and old messages. Delete email with any sensitive information (like your tax paperwork, health insurance applications, etc.) immediately after sending it.

5. Falling for a “guaranteed” loan or credit card offer.

If an email promises a loan or credit card worth a guaranteed amount of money at a low interest rate, it’s a scam. Nobody will give you credit without first checking your credit report.

What to do: In credit as in life, there are no guarantees. Don’t click on links in these messages, and delete them posthaste.

6. Clicking on ambiguous emails from “friends.”

Since hackers have raided our email contact lists, even messages from our best friends could be vectors of attack. Hackers often pose as friends stuck penniless in Europe or Asia and in need of an immediate wire transfer, or friends imploring us to “Check out this funny video!” with links stuffed with spam or laden with malware. Sometimes the tipoff is an email from a “long-lost friend,” or a close buddy using a very old account. Some of these emails come with no text at all… just a link.

What to do: Read emails from enemies closely, and emails from friends even more closely. If you receive a suspicious email from a friend, don’t click on any links or download any files. Delete the email, and call your friend. If it turns out the email was legit, he or she can resend it.

7. “Verifying” personal information via email.

It could be your bank or credit card company asking to verify your account information. Or it could be from UPS or FedEx trying to “confirm” your address for a missed delivery. It could even be from the IRS claiming you owe them, or they owe you, money. None of these institutions send personalized emails, and none ask you to “verify” personal information by email.

What to do: If an institution handles important things like money or packages, it doesn’t use email to communicate, and certainly not to confirm personal information. Delete the suspicious email, and call the business or institution in question to inquire about the matter at hand.

8. Talking to strangers about money.

Many scams involve sending money to people we’ve never met. There’s the “Wall Street insider” with the hot investment tip, the foreign company that needs you to cash a check or process transactions, the marketing company asking you to be a secret shopper or offering an irresistible work-at-home or franchising opportunity, the email chain letter inviting you to “get in early” on a pyramid scheme, the Irish Lottery, even the lawyer of a deposed politician trying to get his money out of the country (this age-old ruse is actually growing more sophisticated, with better-written emails and virulent malware). Every one of them is a scam.

What to do: If someone you’ve never met offers you money, run… that is, delete!

9. Getting tricked into thinking your credit card has been stolen.

You may receive an email that says “Thank you for your recent order!” Except — you never ordered anything. You assume your credit card has been stolen and in a panic, you open the email and click the button that says “Cancel Order.” Congratulations, you just became an ID theft target.

What to do: Think twice before clicking any button, link or attachment in an email. Even if it’s from a business you know, or one from which you have ordered something. If you need to cancel, call the company and cancel, or do so on their website. If you’re really worried that you’ve been victimized, you can check each of your credit reports for free once a year at AnnualCreditReport.com, or you can use Credit.com’s free Credit Report Card monthly for an easy to understand overview of the information in your credit file.

10. Donating to fake charities.

After Hurricane Sandy and the giant tornado in Oklahoma, fraudsters sent emails requesting donations for relief efforts. The money went instead to scammers all over the world.

What to do: Only donate to established, well-known aid groups, and do so on their website or over the phone. Don’t navigate to these sites from emails, and don’t call the phone number in the email. Look those up.

11. Clicking on too-good-to-be-true travel deals.

Many of us receive legitimate emails alerting us to cheap flights, hotels and cruises. But when the offers seem just unbelievably low, and they come from companies and email addresses you don’t know, don’t get sucked into the waterspout.

What to do: What’s that old line about something seeming too good to be true? If some new travel site is running a special deal, rather than click a link in an email, search for the deal on the Web. Find out if anyone has reported it as a scam. If it checks out, then you can dip your toe in.

There’s no silver bullet here (even if you do all of these things). If you are on the wrong database at the wrong moment and the wrong person gains access, you may still have your personal information stolen. That said, the better you can minimize your exposure and operate cautiously, the longer you can hold off the Cyber Barbarians at the Gates.

Image: iStockphoto

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team