Photo by gutter.
E-mail privacy is a hot topic these days, and the buzz about it has been rekindled by the latest news that Gmail, Hotmail, and Yahoo e-mail account passwords had been phished and posted online (which we covered here and here). This is neither the first nor the last time security has been or will be compromised by malicious individuals online who want to steal identities. However, it has certainly ignited an interest in the security of popular online websites.
How At-Risk Are You?
The odds are slim that you will fall prey to a phishing or hacking scheme on your hosted e-mail if you just use common sense. In fact, “[t]he vast majority of people do not fall prey to phishing attacks and the success rates are around one per 1,000,” Amichai Shulman, a security expert with the company Imperva, told the BBC.
The average person can stay on guard from phishing schemes by keeping alert of malware (which can log keystrokes and capture passwords), ensuring that they only type their passwords in reputable websites, or changing their password regularly.
For example, if an e-mail purportedly from Gmail or Hotmail gives you a link to validate your information, go instead straight to the actual URL. Always make sure that the URL of the page you are viewing is the actual website you’re trying to view (and not something like http://gm.ail.com).
OnGuardOnline.gov provides a wealth of techniques you can employ to ensure that your private information will not be compromised by phishing techniques. If you stay in line with these standard security procedures and use common sense, you and your account will likely be just fine.
The threat from within
It is worth exploring the possibility that the greater risk to your account’s integrity is not from external sources, but from the mail hosting companies themselves. In 2006, it was reported that Yahoo aided the Chinese communist government in the arrests of journalists. In this instance, the accounts were not phished, their passwords were not keylogged, and the e-mail accounts clearly were not hacked.
No, the security threat came from within – not outside – the company.
Improving security
One alternative is to use email encryption. The most widely used technologies when it comes to email encryption are GnuPG and PGP, where GnuPG is an open-source implementation of PGP. The good thing with this approach is that even if your mailbox gets compromised, the emails are useless without the decryption key.
If you are really concerned about the integrity of your emails, there are better options than commonly used email hosting providers, such as Gmail. There are email providers which focus on security. Perhaps the most popular ‘secure’ email provider is Hushmail, but there are other alternatives. You can host your e-mail offshore, such as with NeoMailbox.
It’s your privacy. Don’t let it go to waste – take precautions and ensure that your e-mail’s privacy is in the hands of those who will treat it with security.
You don’t have to live your life in fear that someone – the government or otherwise – is going to hack into your account. Just take precautions and treat your online life with as much security as you would treat your private property. Just as you would lock your house, change locks if you suspected that someone might have gotten a copy of your key maliciously, and treat your home with utmost security, so too should you treat your e-mail account with care.
