Are You Truly Safe? The Reality of Email Security in Canada
Many Canadians operate under a false sense of security regarding their email accounts. They might not have noticed any suspicious activity and assume their accounts are safe. However, unseen events, such as corporate data breaches, can expose email addresses. These addresses, combined with potentially compromised personal data, may circulate on the dark web for years before cyber-criminals attempt to exploit them.
The Treasure Trove: Why Hackers Target Your Email
Your email account is a goldmine of personal and financial information. Once hackers gain access, they can quickly identify your bank, credit cards, address, and the types of emails you receive. They can even intercept multi-factor authentication (MFA or 2FA) messages, becoming a major threat.
It’s important to note that the scale of targets is broad, and anyone in Canada is a potential target. Scammers cast a wide net, not focusing solely on high-value accounts. As Octavia Howell, vice-president and chief information security officer for Equifax Canada, points out, “The jackpot is when they get someone with substantial assets, but anyone can be a target for scammers”. Her company provides credit scores and reports based on consumer data.
Cyber-criminals also seek information on as many accounts as possible, including those of your friends, colleagues, and other contacts. A common scam involves creating fake co-worker email addresses, based on the victim’s contact list, and requesting banking information, often under the guise of an expense reimbursement or paycheque. Such emails appear innocent, but they’re a gateway to fraud. Advanced computing power allows scammers to simultaneously attack millions of accounts, cross-reference information, and try vast numbers of password combinations.
As Howell notes, for scams to pay off, “…they only have to be correct once.”
Safeguarding Your Account: Practical Steps for Canadians
Fortunately, there are effective ways to improve email security. Here are some simple practices that Octavia Howell recommends:
- Password Hygiene: Change your email passwords frequently, ideally every few months. If you learn that a company you deal with has been breached, change your password immediately.
- Recognizing Phishing: Never click on suspicious emails. Use your email server’s tools to report and delete such messages. Verify the sender’s address, keeping in mind that scammers increasingly use cloning tools.
- Scrutinize Addresses: Check email addresses for slight irregularities, like extra letters or misplaced punctuation.
- Website Blockers: Install website blockers on your computer and phone to prevent accidental clicks on suspicious links.
- Know Your Digital Footprint: Google yourself periodically to see what personal information is publicly available. If your email address is listed, remove or change it.
- Fraud Protection Services: Consider subscribing to a fraud protection service to monitor your accounts for any suspicious activity.
- Social Media Caution: Avoid posting your email address on social media. As Howell explains, “That gives someone the ability to know exactly where your personal information is.” Also, be mindful of other personal details shared on social media, as these can be used to craft phishing emails and crack passwords.
- Unique Usernames: Do not use your email address as a username on other sites. If possible, change the default username to something else.
The AI Factor
Artificial intelligence (AI) technology is being adopted by cyber-criminals at an alarming rate.
