No vacation for email security

May 13, 2016

Whether you are sunning yourself on a tropical beach, camping in the Northwoods, or sightseeing in Europe, taking a break from school should not mean taking a break from information security. Below are five common email security mistakes according to  Keep these tips in mind as you travel in the coming months.

Not closing the browser after logging out from public computers

When you are checking your email at a library or cybercafé you not only need to log out of your email when you are done, but you also need to make sure to close the browser window completely. Some email services display your username (but not your password) even after you have logged out. While the service does this for your convenience, it compromises your email security.

Forgetting to delete browser cache, history, and passwords from public computers

After using a public terminal, it is important that you remember to delete the browser cache, history, and passwords. Most browsers automatically keep track of all the web pages that you have visited, and some keep track of any passwords and personal information that you enter in order to help you fill out similar forms in the future. If this information falls into the wrong hands, it can lead to identity theft and stolen bank and email information.

Unsubscribing to newsletters you never subscribed to

A common technique used by spammers is to send out thousands of fake newsletters from organizations with an "unsubscribe" link on the bottom of the newsletter. Email users who then enter their email into the supposed "unsubscribe" list are then sent loads of spam. So if you don't specifically remember subscribing to the newsletter, you are better off just blacklisting the email address, rather than following the link and possibly picking up a [virus] or unknowingly signing yourself up for yet more spam.

Deleting spam instead of blacklisting it

An email blacklist is a user-created list of email accounts that are labeled as spammers. When you 'blacklist' an email sender, you tell your email client to stop trusting emails from this particular sender and to start assuming that they are spam.

While not every piece of spam is from repeat senders, a surprising amount of it is. So by training yourself to hit the blacklist button instead of the delete button when confronted with spam, you can, in the course of a few months, drastically limit the amount of spam that reaches your Inbox.

Using simple and easy-to-guess passwords

Hackers use computer programs that scroll through common names to compile possible user names, and then send spam emails to those usernames. When you open that spam email, a little hidden piece of code in the email sends a message back to the hacker letting him know that the account is valid, at which point they turn to the task of trying to guess your password.

Hackers often create programs which cycle through common English words and number combinations in order to try to guess a password. As a consequence, passwords that consist of a single word, a name, or a date are frequently "guessed" by hackers. So when creating a password use uncommon number and letter combinations which do not form a word found in a dictionary. A strong password should have a minimum of eight characters, be as meaningless as possible, as well as use both upper and lowercase letters. Creating a tough password means that the hacker's computer program will have to scroll through tens of thousands of options before guessing your password, and in that time most hackers simply give up.

ITS staff would add that incorporating symbols like the exclamation point (!) is an easy way to increase a password’s complexity.  And of course, you should never share your passwords with anyone.  For our purposes, ITS will never ask for your password – in person or in an email – never, ever. Seriously!

For more common email security mistakes, check out the full article at


Subscribe to RSS FeedSubscribe to Discover IT using our RSS feed.

Footer Anchor