Table of contents
Start for free
What is email security? Common threats and best practicesWhat is email security, and how do you achieve it? This detailed guide will help you establish full safety and privacy in your online communication.
According to IBM, the average data breach costs global businesses and organizations over $4.3 million. Since cybercriminals carry out most of these attacks through emails to individuals, learning how email security works is crucial for your protection.To answer the question, “What is email security?” you need a deeper understanding of how to achieve safety and privacy in email communication. This guide will help by exploring the most dangerous email threats and the technologies and best practices we collectively call email security.
Achieve security without breaking a sweatSkiff's rock-solid encryption and privacy-focused features provide a superior defense against email threats
The biggest email security threatsMost hackers use the following techniques to compromise email accounts:
- Data exfiltration
- Brand impersonation
- Domain impersonation
- Conversation hijacking
- Business email compromise
Data exfiltrationCybercriminals conduct unauthorized data transfers via:
- Remote access to a network or device
- Physical access to a device
SpamCountless unsolicited emails arrive in our inboxes daily—according to Statista, around 50% of all emails are spam.Besides unwanted ads for shady businesses, spam messages may carry significant security threats. Here’s a breakdown of the most common issues junk emails can cause:
Modern email service providers protect clients with advanced spam filters that automatically delete unsolicited messages. The problem is that these filters can be overly aggressive, often misidentifying and discarding legitimate emails as spam.
|Lower productivity||Office workers lose valuable time filtering out numerous unwanted messages|
|Increased server traffic||Private email servers have limited bandwidth. Incoming spam messages can quickly fill up the purchased server space|
|Malicious content||From phishing attempts to fraudulent business proposals and malware, spam can be used to deploy many email threats|
Brand impersonationCybercriminals deceive victims into disclosing sensitive information by pretending to represent well-known companies.Service impersonation is the most common subtype of brand impersonation. This attack targets existing product or service users by imitating the associated brand's customer service department.Criminals hiding behind fake email accounts use templates carefully designed to spoof the real brand and lead you to believe you’re communicating with their representatives. The goal is to obtain personal data, such as your:
- Physical address
- Credit card information
- Phone number
- Date of birth
- Social Security number
- Answers to security questions
Domain impersonationA key part of most online scams involving fake emails is domain impersonation. Hackers try to pass off fraudulent email domains as genuine addresses of:
- Trustworthy institutions
- Famous brands
- Individuals from your contact list
MalwareAbbreviated from 'malicious software,' malware refers to different computer programs with one common trait—they harm your device and compromise your safety.You may unknowingly install malware with other software, such as browser toolbars or even fake antivirus software. Hackers still prefer email as a malware delivery method, as people are more likely to open an email link or attachment than download and install software from unknown websites.Here’s a quick guide to the most common types of malware:
Up-to-date antivirus software will lower the risk of being infected with one of these programs, but no solution guarantees 100% security as hackers constantly create new malware.
|Type of malware||Description|
|Trojan||Malware disguised as real software or attached to an altered version of a legitimate program|
|Spyware||Programs designed to gather data from your devices and accounts, such as passwords and personally identifiable information|
|Worm||Viruses programmed to replicate and take control of entire networks by transferring themselves from one device to another|
|Botnet||Networks of previously infected devices, controlled by hackers remotely and used for further criminal activities|
|Adware||Software created to deliver aggressive advertisements, not necessarily dangerous but damaging to your user experience|
|Ransomware||Programs that encrypt your files or restrict access to your device, forcing you to pay a ransom to the hackers responsible for the attack|
PhishingWhile phishing is a general term for any online scam involving criminals disguised as real individuals or entities, these attacks most commonly happen via email. The two other primary channels are:
- Text messages (smishing)
- Phone calls (vishing)
- Spear phishing
- URL phishing
- Lateral phishing
Conversation hijackingOnce hackers gain control of a business email account, they will likely attempt conversation hijacking if the breach isn’t flagged immediately. The attackers go through conversations from the compromised account’s inbox, especially those related to payment procedures, banking details, and similar business operations.They continue the existing conversations and try to scam participants into providing confidential information. Like lateral phishing, conversation hijacking has higher success rates because it involves genuine email addresses.
Business email compromise (BEC)This cybercrime involves several other hacking techniques, including spear phishing, domain impersonation, and sometimes malware.A BEC scam aims to get an employee to make an “urgent” money transfer to the hacker’s account. Criminals usually impersonate a real vendor of the target company or an executive with the power to authorize a transfer.More sophisticated attempts involve accessing an executive’s email account via phishing and contacting employees from the real address. Perpetrators often direct the funds to a cryptocurrency exchange and convert the stolen money, making it difficult to trace.The frequency of BEC scams had increased substantially during the COVID-19 pandemic when most office communication shifted to digital channels. According to the FBI, BEC incidents rose by 69% from 2019 to 2021.
Opt for comprehensive email securitySkiff's powerful encryption ensures your emails remain private, protecting them from common threats and vulnerabilities
How email security works—best practices for protecting your emailNo single security solution can provide complete protection, which is why you need to:
- Create a strong password
- Exercise caution
- Use an end-to-end encrypted (E2EE) email service
How to create a strong passwordA hard-to-crack password is your first line of defense against email attacks. It should be easily memorable for you but impossible for others to guess.To ensure your password is strong, you should:
- Use different passwords for all accounts
- Create longer passwords
- Avoid common words and personal info
- Meaningful series of words
- Book passages
- Movie quotes
- Poem lyrics
- Pet names
- Street names
- Phone numbers
- Important dates
- Your password
- A code, facial recognition, or fingerprint
How to exercise caution in email communicationAccording to Verizon, over 80% of data breaches come from human error. No email security services will keep you safe if you don’t exercise sound judgment and elementary caution while sending and receiving emails.Unsolicited emails should always raise suspicion. Check all emails from unknown senders and unexpected messages from familiar contacts. While verifying senders, check their actual email address instead of the display name.Government institutions and organizations will never request login credentials and similarly sensitive information via email. If an email appears to be from one of these entities and asks for credit card numbers or passwords, it’s most likely a scam.
Email attachments require additional caution because it’s easy to deliver malware through them. Before opening an attachment, consider the following questions:
- Are you expecting the attachment?
- Do you trust the sender?
- Is their email address legitimate?
Use an end-to-end encrypted (E2EE) email serviceEncryption is the ultimate email security and privacy measure. It protects your messages by making them unintelligible to anyone but the intended recipient.Different email encryption protocols provide varying levels of security, mostly depending on two key points:
- When the encryption takes place
- Where the encryption keys are stored
Skiff Mail’s security gives you peace of mind
Skiff offers device-based end-to-end encryption with two keys safeguarding your correspondence:
- Public key encrypts the message. It’s generated on the sender’s device and shared automatically with the recipient
- Private key decrypts the message. It’s generated on the recipient’s device and never shared with anyone, not even the email service provider
- Access user emails
- Open your encrypted email attachments
- Use email content for ad targeting
- Create machine-learning models from emails
Security and anonymity go hand in handSkiff’s Secure Remote Password protocol ensures you don’t have to provide personal information like your phone number or name when signing up, allowing you to remain anonymous. Skiff doesn’t store your login credentials on its servers—they remain on your device, giving you total control of your password.The platform also ensures anonymity through email aliases, allowing you to hide your real email address.As an additional security measure against phishing, Skiff supports 2FA via the Authenticator app. All you need to do is create a strong password, and your login information will remain secure.
Skiff’s E2EE workspaceSkiff is more than an email service. A free Skiff account grants you access to three other encrypted products that rival Microsoft Office and Google Workspace:
- Skiff Pages—A secure document editor with encrypted collaboration and sharing options
- Skiff Drive—Encrypted cloud storage with easy-to-use file organization
- Skiff Calendar—A private calendar with real-time syncing to Skiff Mail
Sign up for Skiff for total email securityYou can join Skiff in three simple steps:
- Go to the Skiff signup page
- Create a username and a strong password
- Start using the entire Skiff ecosystem for free