It happened to Hillary, it can happen to you – the risks of unencrypted email

Gatekeepers’ blog

All of us internet users face a major risk that is still largely unrecognized: the vulnerability of the use of unencrypted and unauthenticated email. Whether you’re a private person, a company employee or the president – leaving your email unguarded is like leaving the back door of your home unlocked while you go skiing for the weekend. It’s an open invitation for thieves.

Email is the dominating formal communication tool in the world today. The sent and received messages and attachments often include personal or official data, and sensitive information that we would like to keep confidential. Unguarded, this data has a bigger risk than ever before of ending up in the wrong hands. In fact, due to the risks related to unencrypted email, the use of email without proper encryption is already forbidden in many fields like health and social care.

The 4 ways of entering your mind and mail

According to Joanna Stern, Wall Street Journal’s personal tech columnist, the chances of being hacked grow every year. Yet, most individuals and companies still have not adopted end-to-end email encryption. Why knowingly expose your email communication to breaches?

Unencrypted and unauthenticated emails pose 4 kinds of threats:

  1. 1. Email message(s) is intercepted
  2. 2. Email account is hacked
  3. 3. Email server is hacked
  4. 4. Targeted spear phishing

An email often passes multiple servers before reaching the receiver. It could possibly be intercepted at ANY of those locations. Additionally, how many times have you used a free WiFi in a café or restaurant? At least once, let’s be honest. Well, this always poses a threat. For a hacker it’s fairly easy to sniff unsecure wireless networks and capture the data traffic. Another way to intercept email traffic is to set up a fraudulent WiFi hotspot pretending to be the network that devices are connecting to. Time saving and effective for the hacker – a fraudulent public WiFi hotspot could end up affecting large amounts of people.

Many of us use weak passwords or the same password on multiple sites. Different online platforms are constantly hacked and in a matter of minutes a hacker can gain access to your accounts on numerous sites, just by hacking into one of them. Phishing is also a common email account hacking tool. The email account holder is tricked by a phishing message to reveal his email login credentials.

The same methods that are used to gain access into a single email account can be used in order to get administrator account credentials. This gives hackers access to the organization’s whole email server. The attacker can also exploit the vulnerabilities of a faulty email server. It’s extremely important for companies to instantly patch vulnerabilities found in company servers – before a hacker take advantage of the situation.

Sending a spoofed message which seems to be coming from a trusted friend or colleague is called targeted spear phishing. The sender address can easily be modified to show for example your friend’s address or the company CEO’s address instead of the real source. These messages may try to trick the recipient to reveal information or include malware or ransomware attachments. Traditionally these attacks have been conducted manually by cybercriminals but lately it has been discovered that bots have been developed to automate this. Internal phishing can also be carried out by tampering intercepted messages.

Keeping those cybercriminals out

Whether it’s a hacker that intercepts an email containing usable and valuable information, a hacker that gains access to your whole email account and commits identity theft, a hacker that manages to penetrate your organization’s email server or a hacker that spoofs you via targeted spear phishing – cyberattacks are a scarily growing phenomenon.

In 2013 all YAHOO’s 3 billion customer accounts were hacked. Yahoo didn’t reveal the true number of the affected accounts until this year. One of the most media covered incidents and examples of email server hacking are the leaking of Hillary Clinton’s email communication in early 2016 – probably losing her the American Presidency and the hacking of Deloitte’s email servers in 2017. Probably the costliest targeted spear phishing attack against Finnish companies happened when Konecranes fell as a victim for a CEO fraud and lost €17,2 million due to paying fraudulent invoices in 2015.

These examples are just the tip of the iceberg. One can find countless other examples reported in the news on a regular basis. The scary part is that a big part of data breaches is never made public because they are not reported, and in some cases even go unnoticed. In fact, many experts have stated that it is no longer a question IF you will be hacked but WHEN you will be hacked.

There is NO GUARANTEE that a private or a company email account, the correspondence between the sender and the recipient, or the email server hosting all our information and messages is safe without a proper email encryption solution to guard our privacy and our information. Be cautious and be smart – don’t leave your backdoor open. I know I’m keeping my own closed and guarded with EEZY KEYZ® end-to-end email encryption.

The only way to prevent the presented threats is to use authenticated and end-to-end encrypted email which also stores the messages encrypted. This is what the easy-to-use EEZY KEYZ® email encryption software does. It works with your existing email on Android, iOS and Windows PC (as a MS Outlook plugin) so you don’t have to change your email. It automatically encrypts the email messages, attachments and message-related metadata between users. The messages and attachments are also stored encrypted in the user’s mailbox both on the device and in the cloud always remaining protected. EEZY KEYZ® also automatically digitally signs the messages so the sender is always authenticated. The best part is that all this is done automatically so you don’t have to take any extra steps – the user experience is seamless and just like normal unencrypted email. EEZY KEYZ® encrypted and authenticated emails are protected both in transit and at rest.