What are the two security risks of sending confidential files via email?

What are the two security risks of sending confidential files via email? Learn how to avoid the biggest weak points of your online communication.
According to Verizon, most cybercrimes involve targeting email accounts, causing billions of dollars of damage each year. This statistic is especially concerning because email is the default mode of formal communication for most businesses and individuals.By hacking into email accounts, cybercriminals can access sensitive data like banking information, confidential documents, and login credentials for other accounts—making email security and privacy critical aspects of online safety.This in-depth guide to email security will provide answers to the following questions:
Create a secure channel with SkiffWhether you want to store or share data, entrust it only to the strongest encryption method
Sign up

Top two email security issues and solutions

Sending files containing sensitive information via email is risky due to two major security threats:
  1. Phishing attacks
  2. Malware distribution

What are phishing attacks?

Hackers use various techniques to impersonate legitimate businesses, people, and organizations via email. This common type of cyber attack, called phishing, aims to trick you into revealing confidential data.The most commonly stolen information includes:
  • Login credentials for email and other accounts
  • Personal address
  • Phone number
  • Social Security number
  • Scans of passports or other IDs
  • Credit card number
  • Bank account details
When targeting a business, hackers sometimes impersonate higher-ups or colleagues and request proprietary information, intellectual property, or other classified data.Attacks can differ depending on the specifics of their approach. The table below presents a quick overview of the most common ones:
Phishing attackExplanation
SmishingA type of attack that relies on SMS to scam victims using the phishing technique
WhalingPhishing attempts on high-profile targets, like company executives, politicians, and celebrities
PharmingEmails linking to fake websites of real institutions and organizations. They trick targets into providing login credentials in fraudulent forms
Software automation helps hackers hit many targets simultaneously, especially when they discover vulnerabilities in mainstream email services, such as Gmail, Outlook, and Yahoo.Due to the severity of these attacks, sending confidential files via email is not advisable. There’s always a small chance of hackers intercepting your message. If you must send sensitive files as email attachments, always verify the recipient first.

What is malware, and why is it dangerous?

Receiving files can be as risky as sending them since cybercriminals often use email attachments and links to spread malicious software, also known as malware.The table below breaks down some of the most common types of malware:
Type of malwareDescription
ScarewareViruses that infect your operating system and produce fake prompts asking for information or specific actions
SpywareMalware that collects data through keystroke recording, data scraping, and similar activity trackers
RansomwarePrograms that lock files on your computer. The only way to regain access is to pay a ransom to the hackers
AdwareAggressive advertising software that generates ad revenue for hackers by displaying annoying pop-ups on infected devices
These viruses are constantly evolving, so you can’t rely on your anti-virus software to deal with every threat.This is a great concern because hackers often infect browser extensions with viruses to infiltrate your email account. In 2023 alone, Google removed 32 malware-infected extensions that 75 million people downloaded.

Why is sharing confidential files via email dangerous?

Using email to share files containing sensitive information is extremely dangerous, even if you confirm you're communicating with the intended recipient.If their account has been breached, someone might have unauthorized access to their email and, with it, the personal data you send. Even if this is not the case, you have no guarantee that their device is not infected with malware, which could severely compromise their, as well as your, security.Sending files with confidential information as email attachments is also dangerous because the emails can be intercepted in transit.
Control who can access your emailsWith its advanced encryption technology, Skiff guarantees full protection at all stages of communication
Sign up

How to share files via email securely

You can take several safety measures to ensure files you share online stay secure:

How to password-protect a document

This type of protection ensures only the password holder can access the document. Because of this, it's imperative to be wary of how and where you store and share your code.Most document editors provide this security measure. If you’re sending a PDF, you can use Adobe Acrobat’s free password service. Follow these steps to set up a passcode:
  1. Visit Adobe Acrobat’s password protection page
  2. Click Select a file
  3. Choose a PDF from your device
  4. Click Set Password
  5. Download the password-protected file
Source: Adobe AcrobatFor DOC files, you can use Microsoft Word to add a password:
  1. Open the File submenu
  2. Select Info
  3. Click Protect Document
  4. Choose Encrypt with Password
  5. Type the password in the dialog box
Source: ScreenshotThere are two downsides to password-protected documents to consider:
  1. Passwords can be cracked
  2. You may forget your password
With powerful modern hardware, cybercriminals can crack a password in a matter of hours. That doesn’t mean passwords are useless, but it’s a vulnerability to be aware of.Regardless of how conscientious you are, there’s also a chance you’ll forget your password. It happens to everyone, and unfortunately, there’s no way to retrieve a lost password for a PDF or a Word file.

How to password-protect your emails

Password-protecting your emails is an excellent security measure—if your email provider supports the feature. Out of the four most popular email services, only one provides optional password protection for emails, as presented in the following table:
Email clientPassword-protected emails
Yahoo MailX
Apple MailX
You must enable Confidential Mode to use this feature with Gmail.Besides password protection, this mode employs several other security measures. The Confidential Mode prevents recipients from:
  • Forwarding the message
  • Printing it
  • Downloading attachments
The recipients can only preview the attached documents in Gmail, and you can set an expiration date, after which access to the email will be revoked.To turn on Confidential Mode in Gmail, follow these steps:
  1. Compose a new email
  2. Click the padlock icon at the bottom of the screen
  3. Choose an expiry date
  4. Check the SMS passcode option
Source: ScreenshotGmail’s Confidential Mode doesn’t stop recipients from taking screenshots of your emails or attachments, making most of its restrictions easy to bypass. Its main advantage is the protection from most phishing attempts via the SMS passcode.

Using an encrypted email service

Email encryption is the most effective safety measure for protecting your messages and attachments. Encryption entails using special codes—encryption keys—to scramble your emails and make them illegible to anyone except the intended recipient.Only the legitimate recipient has the key to decrypt the text and turn it back into regular, readable sentences. If someone intercepts the message, they won’t be able to understand it or access its encrypted attachments.The biggest issue with most encryption methods is the location of the keys. Most email service providers store the keys on their servers, putting your email security at risk in case of a server breach.End-to-end encryption (E2EE) is the only security method that addresses this vulnerability because it entails generating and storing the encryption keys on user devices instead of the provider’s servers.To ensure total email security and privacy, consider an E2EE email platform like Skiff Mail.

Encrypt your confidential emails with Skiff

Unlike most mainstream email services, Skiff protects emails with two keys:
  1. Public encryption key—Shared with the recipient automatically when sending an email
  2. Private decryption key—Unique to the recipient and never shared with anyone
Skiff provides encryption on a device level. The encryption takes place on the sender’s device, and the decryption key is generated and stored by the recipient, ensuring no one else can access it. Gmail, Outlook, and other low-security providers keep encryption keys on their servers, so your messages could be decrypted by a hacker who penetrated the server firewalls.This is what makes security-first email providers like Skiff incredibly reliable. Everything is encrypted on your device before being uploaded to a server, including your login credentials.Skiff uses zero-knowledge logins, so the provider can’t see or access your login information. Even password recovery is device-based. As a result, no one has access to your passwords.

Secure your workflow with Skiff's E2E encrypted ecosystem

A free Skiff account gives you access to Skiff Mail and three other E2EE products rivaling Microsoft Office and Google Workspace. You get a complete productivity suite, including:
  • Skiff Pages—Encrypted text editor with invite-based collaboration for total access control
  • Skiff Drive—Up to 1 TB of encrypted storage on a secure cloud platform, with seamless syncing between devices
  • Skiff Calendar—Scheduling app for private time-tracking and confidential video conferences in an encrypted space
Skiff Pages also supports password protection, allowing you to further secure any confidential document before you share it. After adding a password in Skiff Pages, you can freely send the document via Skiff Mail as an attachment.Your work is automatically saved while you’re connected to the Internet, so you don’t have to worry about losing anything while switching between Skiff tools.Skiff offers designated macOS, iOS, and Android apps if you prefer to work on the go. Any changes you make in your browser will automatically be reflected in the mobile apps and vice versa.
While all tools and features of Skiff's productivity suite are available within the generous free plan, you can easily upgrade to one of the affordable paid plans to get more:As an open source provider, Skiff is fully dedicated to transparency. You can access the entire codebase on Skiff’s GitHub, and the encryption algorithm is laid out in a publicly available whitepaper.

Create a Skiff account in three easy steps

You can start using all Skiff products in a few quick steps. All you need to do is:
  1. Visit the signup page
  2. Enter your desired username and password
  3. Start collaborating in a secure environment with Skiff’s E2EE products
Check out Skiff’s website to learn more about the platform’s features!

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required