Email Safety (or Lack Thereof)

According to statistics, approximately 3,930 million people all over the world use email on a daily basis. So, considering that, as well as the fact that our email contains most personal and highly confidential information, you would think that it must be safe, sound and secure, right? Wrong.

Email is governed by the so-called SMTP, or Simple Mail Transfer Protocol, which poses as the internet standard for regulating all email transmissions. A lot of big words in one sentence, especially considering the fact that SMTP itself doesn’t contain any security or safety mechanisms whatsoever. So, if you were wondering whether your email is safe or not – it is not. In fact, it is completely insecure and unsafe by default.

Most of you probably remember the time when you were scared to open a simple email because the computer of someone you know got infected via email virus. We are all aware that those times are over now, and whether you use Gmail, Hotmail, Outlook, Yahoo Mail, Thunderbird, or some other email client it is safe to receive and open an email. However, this still doesn’t go for attachments.

Attachments may have malicious programs, links to malware websites, etc. Basically, you should only open trustworthy attachments, and avoid running any file attachments with a .exe file or some other program file. In other words, better safe and sorry. This is something you probably already knew, and if you think about it, it triggers a question: How safe email is in general? So in the spirit of bringing some necessary dread into your everyday lives, let me tell you another story…

If you’re anything like me, then you are a huge buff for conspiracy theories. I like finding new ones on YouTube, on the street and by dismantling some media news and reports. However, I’m well aware that most people coming up with them tend to be total nutcases, so a majority of them are just fun to think about and should be taken with a grain of salt. So when a Wall Street Journal expose told us that some huge companies use actual humans to read our emails, so they can improve their apps and services, I was kind of: Hm, it could be bogus…but… Right after the said reveal, Google came out with a blog post in which it reassured its users that their Gmail accounts are completely safe.

Needless to say, if it hasn’t been for numerous Google privacy mishaps over the recent years, most of us would even believe that. It is important to note that Google is practically the same as Facebook when it comes to privacy handling. Google doesn’t even hide the fact that it’s allowing developers to read your emails. In the said blog post, Google basically states that you shouldn’t worry, because your data is safe, EVEN if other parties access them via email:

“We make it possible for applications from other developers to integrate with Gmail – like email clients, trip planners and customer relationship management (CRM) systems, so that you have options around how you access and use your email. We continuously work to vet developers and their apps that integrate with Gmail before we open them for general access, and we give both enterprise admins and individual consumers transparency and control over how their data is used.“

Throughout the rest of the blog post, Google explains how it’s examining these Gmail developers through both manual review and automated process. Uh huh. Sorry Google, not enough. No one should be able to read your private correspondence with someone else. Google predicted that some of us would react this way, so the blog post also reminds us that we can always turn off the type of access some apps might need to read your email.

In response to that, let me ask you a question: When was the last time you read, actually thoroughly read ANY privacy policy? Don’t feel guilty, I barely ever read them too. Furthermore, Google also states that it itself won’t read any of your private emails unless you give your consent or unless there is a reasonable reason to do so. Once again – hm. Does anyone still remember that Cambridge Analytica scandal? I bet it doesn’t seem that long ago now, doesn’t it?

At this point, you’ve probably started thinking about how to eliminate the usage of email altogether, but that is not necessary, and furthermore, it is also barely even possible. We already stated a number of people using emails, and a large number of those people use their emails for internal communication within their respective companies. Needless to say, emails can contain any kind of information, a lot of which are probably highly confidential.

Whether you are sending an email to your family member, fellow employee, a client or vendor, you want it to be secure and private. Most of us fire off tens of emails during the day without giving it much thought. Those emails with their attachments travel across a variety of networks and servers before finally hitting the intended inbox. These particular pause points are what makes email so vulnerable and exposed to attack. These attacks usually happen due to insecure servers or networks, as well as people tech-savvy enough to hack them.

Most email messages aren’t encrypted, so hackers who break into a server or network can read those emails without virtually any effort. At this point, you are probably thinking that since many emails are deleted after a while, the hackers may not obtain or even directly target email messages. However, even if they don’t, hackers can easily go after the password needed to enter a particular email account since a large number of providers don’t require two-factor authentication. In regards to all of the above, all of your emails are saved on the server of your email provider. Most of us blindly trust our email providers but keep in mind that all it takes is one rogue employee, one hack, or one court order to have your emails fully exposed to unwelcome parties.

Some of you out there probably use PGP or S/MIME to acquire some email encryption. Really? Still? Don’t you read the news? Last year researchers discovered some major problems with PGP and the follow-up reports weren’t promising at all. Researchers called this vulnerability EFAIL and explained that it exposes all encrypted emails in plain text, even those emails that were sent in the past. For those of you who are not sure what I’m rambling on about, OpenPGP and S/MIME provide end-to-end encryption for sensitive email communication. I’m just your average writer/blogger, so I personally never felt the need to work with PGP or its ridiculously sounding alternative.

Once the…raspberry juice hit the fan last year, I wasn’t affected one bit, but the whole matter did shed new light on the overall issue of email security. See, people using PGP and S/MIME thought they were fully protected and the data they were exchanging were potentially harmful and very important. Most of the people who use these encryption methods are people in hostile environments, who rely on the confidentiality of digital communication. On the other hand, when someone says that something is ”pretty good”, I tend to wonder why isn’t it awesome? Why just “pretty good”? In case you didn’t get the gist of it, PGP stands for Pretty Good Privacy. Lol! C’mon now…

Most of you also remember the famous (or infamous, depending on your take on it) Fappening movement, also known as the “Celeb Gate”. This particular scandal turned out to be necessary for us to take a more insightful look when it comes to our online safety and the security of our data. It always takes some kind of celebrity nonsense to make us mortals realize that it could happen to anyone. I mean, sure. On the same note, Brie Larson truly is the “captain” of the modern-day feminism, SJWs all over the globe and the sickening-nudes-squad. Good for her. Now that I’ve triggered some crybullies, we can continue focusing on why this is significant.

The hackers used a special script developed in Python. They cleverly called it iBRUTE, as it is supposed to point out the “Brute Force” with which attacks were done. The script allowed the hackers to decipher the key of a particular account by a number of repetitive attempts until it’s finally revealed. All of the attacks happened by the Apple cloud storage service, or iCloud. So once the said raspberry juice was all over the place, one thing became clear, all of the celebrities had very weak passwords. (*insert one of the most sarcastic “awwww”s of all times)  One of the most laughable facts connected to this whole mess was that Mark Zuckerberg himself was hacked and suffered the complete identity theft because he used the same password for all of his social networks. C’mon dude. Even I don’t do that.

However, if these huge hacks, scams and thefts can happen to them, what guarantees you that you email, which is unsecured by default, won’t be hacked. Most of us ordinary Joes and Janes rely on the fact that we are not that important to the hackers of the world. However, does that mean that you wouldn’t have a problem with some random reading your stuff?! No! It’s my stuff. Whether if it’s a new article I should submit on Monday or my (best in the whole world) goulash recipe, I don’t want anyone reading it, but the person I’m sending it to. The bottom line is, I might not be Beyonce (more like young Uma Thurman) and I might not send highly confidential company data (more like latest Deadpool memes), but I want my emails to be private and secured.

See more

Like #theFappening ? When thousands of pictures from iCloud were stolen from famous people.. not that long ago? God bless you…

— n_oway (@n_oway_) April 23, 2019

In conclusion, the safety afforded to your ordinary email today is provided thanks to a complex system of a variety of optional add-ons, but most of the said add-ons aren’t in the proper place automatically. It is up to you to make sure that your email is secure. It’s a good thing you’re not alone.

In order to provide you with more safety and ensure that you are protected when it comes to your email usage, WebFactory Ltd came up with two highly useful and easy to navigate WP plugins: Email Encoder and WP Mailto Links.

Email Encoder – Protect Email Address

This particular plugin is used to encode mailto links, your email addresses, your phone number, or for that matter, any text, to hide it from data harvesters and spam-bots. The plugin is very easy and simple to use. Once you activate the Email Encoder all of your mailto links will be protected automatically. Furthermore, you can use shortcodes or template functions for the protection of plain email addresses, other texts or phone numbers. You can check out some more awesome facts about the Email Encoder plugin here.

The total list of features includes:

• Protection of your mailto links and ordinary email addresses
• Protection of your phone numbers, as well as any texts or html
• Supports special chairs, Chinese characters etc.
• Protects your RSS feeds
• Uses shortcodes, as well as template functions, and action and filter hooks
• Uses the Encoder Form to created encoded scripts manually

If you’re still not sure if you really need this plugin, or you might be repulsed by some ”big” words up there, here are a few more. Malware, URL-based threats, phishing, business email compromise, etc. How do ya’ like them apples? Because “them apples” might get into your basket if you don’t upgrade your email security.

This is 2019, but email is STILL the primary method hackers from all over the world use to deliver damaging programs to individuals and companies. Statistics say that the whopping 75% of identified cyber threats are entered via email, and 46% of cyber-attacks are executed by web links sent through emails. On average, a business user gets approximately 4,380 potentially harmful emails each year, and just one is enough to wreak havoc to your business. Soooo, let’s talk about another awesome plugin.

WP Mailto Links – Manage & Protect Email Links

WP Mailto Links plugin is easy to use out-of-the-box without any necessary configuration. The list of features of this marvelous plugin includes.

• Automatic protection of your mailto links
• Protection of email addresses as well as the conversion of plain email addresses to mailto links
• Protection of RSS feed
• Setting icons for all mailto links, as well as supporting Font Awesome Icons and Dashicons
• Shortcode support
• Template tag support

Basically, the plugin combines solely the nest protection methods, including CSS and JavaScript techniques, to ensure the safety of your email addresses. If you want to know more about the terrific WP Mailto Links plugin click here.

Conclusion

Still not convinced? If someone asked you to list all of your most sensitive and vulnerable online accounts, you would probably mention brokerage, banking and health accounts. Chances are you wouldn’t even remember to mention your email account. At first glance, you wouldn’t be wrong. Your precious banking account is the gateway to real money, and your health account could potentially be valuable to many ongoing online scams. You probably think of your email accounts don’t contain anything of crucial importance, so it is easy to oversee them.

However, every hardworking cyber-criminal knows that an email account is a goldmine of a variety of valuable information, from passwords to other accounts and pieces of sensitive data. Your email address is the default way you identify yourself online. If you think about it, most sites let you register with just your email address, without a separate username. There are also numerous other sites that are associated to your email address including online banking, shopping sites such as Amazon and iTunes, social networks such as Twitter and poor Facebook (mhm), etc. Once someone has your email, it can potentially access all of these websites.

In other words, secure your emails people! Plugins like WP Mailto Links and Email Encoder are free and easy to use, so why not? Better to be safe than sorry.