Penetration testing, also referred to as pen testing, is a simulation of a cyber attack that organizations conduct to identify security vulnerabilities within their systems. By
Your email is a goldmine for cybercriminals because of the extensive amount of information an attacker can gain from it, making it important to protect your email from unauthorized access. To prevent scammers from accessing your email, you should use a passkey to log in (if available), enable MFA and have an email recovery option set up.
Continue reading to learn the importance of protecting your email and the steps you should be taking to protect your email account.
The importance of protecting your email
Protecting your email from unauthorized access is important because if a scammer were to gain access to it, they would possibly be able to gain access to your other online accounts as well. When you create a new account, you are typically asked to provide your email address to use as your username or as a way to receive emails from the company you just signed up for. If you were to forget your password for the account, the option “Forgot Password?” is always available. Clicking this button prompts you to enter your email so you can receive a password reset email.
If a scammer were to gain access to your email, they could easily use the “Forgot Password?” option to send a password reset email, enabling them to change your passwords and gain access to your other accounts. Just like that, they’ll be able to compromise almost any of your online accounts.
6 ways to prevent scammers from accessing your email
Here are six ways you can prevent scammers from accessing your email.
1. Use a passkey to log in to your email
A passkey is a passwordless authentication method that allows you to sign in to your account without having to enter a password. Passkeys leverage biometric information, such as fingerprint or facial recognition, to confirm your identity. Passkeys are more secure than passwords because they are phishing-resistant, error-proof and support Two-Factor Authentication (2FA) by design. Therefore, they should be used as a sign-in method for every account they’re supported on. Some email service providers that support the use of passkeys as a sign-in method include Gmail and Outlook.
If your email service provider doesn’t support passkeys, you’ll need to create a strong password for your email account. We recommend using a password generator to create a unique, strong password that can’t be easily guessed or cracked.
2. Enable MFA on your email account
Multi-Factor Authentication (MFA) adds multiple layers of security to your account by requiring that you provide one or more methods of authentication. If you’ll be using a password for your email account, it’s important that you also enable MFA to prevent unauthorized access. Some of the best MFA methods include the following:
- Time-based One-Time Password (TOTP) codes from an authenticator app
- Hardware security keys
- Passkeys (if they’re only available as an MFA method)
3. Add or update your email account’s recovery options
If you were to get locked out of your email account, you’ll need to have a recovery option set up so you can regain access to it. Most email service providers allow you to set a recovery option in your email account’s settings. Your recovery option could be a secondary email address or your phone number. Once your recovery options are set up you’ll be able to update them whenever you need to.
4. Always log out of your email account
Whether you’re signed in to your email on your device or not, it’s a security best practice to always log out of your accounts when you’re no longer using them. If your device is stolen or your browser becomes compromised, this would keep your email account safe from being accessed by a scammer or someone else with malicious intent. If you’re logged in to your email on your email service provider’s mobile app, it’s not necessary to log out of your account. Just make sure your phone is secured with a strong passcode and can’t be accessed by anyone other than yourself.
5. Be wary of unusual account activity
In addition to making your email account secure, it’s also important to be wary of unusual account activity. If you receive a notification that one of your recovery options was changed or someone is attempting to log in to your account from a different location, it’s important to take immediate action by updating your password and adding an extra verification method. Also, be sure to regularly check the devices your email is logged in from. If you see any that you don’t recognize, sign them out and reset your password.
6. If you’re a part of a data breach, update your password
If your information is ever leaked in a public data breach, the best security precaution to take is updating all of the passwords you believe could be at risk of compromise. For example, if your email service provider suffers a data breach, you’ll need to update your email account’s password immediately.
What to do if a scammer has already accessed your email
If you believe a scammer has already gained access to your email account, you should take the following steps.
Regain access to your account by using your recovery option
If the scammer has changed your password, you may be able to use your email account’s recovery option to regain access. This will only work if the scammer hasn’t altered your recovery options.
Update your password immediately
After regaining access to your account, update your email account’s password to one that is strong and unique. As an extra security precaution, you should also update the passwords for any accounts associated with your email address. If you struggle with creating and remembering your passwords, it might be worth investing in a password manager. A password manager can help you create strong passwords and securely store them for you. The only password you’ll need to remember is your master password.
Enable MFA if you haven’t already done so
If you haven’t enabled MFA on your email account, you’ll want to enable it. MFA can prevent 99.9% of account compromise attacks so it’s important that whenever you’re given the option to add MFA to your account, you add it. MFA ensures that even if a cybercriminal somehow gets a hold of your password, they still wouldn’t be able to compromise your account, because they won’t be able to verify your identity without the additional factor.
Remove unknown devices from your email account
Next, remove any unknown devices logged in to your email account. You can do this by going to your email account’s security settings under “Your Devices” or similar. If you notice any devices that don’t belong to you, remove them.
Send a warning to your email contacts
There’s no way of knowing what a scammer did while they had access to your email account. For example, they could have sent phishing emails to your contacts pretending to be you to get them to reveal sensitive information. Let your email contacts know that your email account was compromised. If they receive any emails from you asking for personal information, they should ignore them and not click on any links or attachments, because they could contain malware.
Protect your email account from unauthorized access
If you don’t take the necessary steps to protect your email account, several of your accounts could be at risk of being compromised. While using a passkey as a sign-in method is the most secure option, using a strong password with MFA enabled also helps to protect against unauthorized access.
Managing multiple online accounts can be overwhelming, especially when you’re trying to keep track of them all by yourself. A password manager like Keeper® can help. With Keeper you can store your passkeys, passwords and other important data in an encrypted vault that you can access from anywhere and on any device. Keeper Password Manager is zero trust and zero knowledge so only you have the means to access your stored data – no one else.
To see how Keeper Password Manager can help you protect and manage your online accounts, take our short quiz to see which password manager plan is right for you.