email security

How does Gmail use OTPs for security?

Gmail offers its 425 million plus active users worldwide the ability to strengthen the security of their accounts through “2-step verification” with one-time passwords (OTPs). According to Gmail, “It’s an extra step, but it’s one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know—your username and password—and something that only you should have—your phone.”


What do I do if I think I have been phished?

If you believe you’ve received a phishing email, do not respond, download any attachments, or click any links within the email. You can file a complaint with the Federal Trade Commission (FTC) online or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.


My email box was hacked, what can I do?

If your email has been hacked, there are several steps you can take to regain control of your account.

• First, change your password and make it strong (See, How do I choose a good password?).

• Also change any security questions you have associated with this account. A good rule of thumb with security questions is to not answer them honestly, so the answers are harder to guess. If the question asks the name of your first dog, answer with your favorite song, for example.


How to Tell If an Email Is a Phishing Scam

As email users grew wary of phishing attempts, cybercriminals have had to change their tactics and their lures. Today, phishers are churning out much more convincing and effective emails. Not only are the most persuasive specimens well-written, they are also often personalized, addressing the recipient by name. In addition, they replicate the look and feel of authentic emails from legitimate businesses down to the fonts, footers, logos and copyright statements those companies use in electronic correspondence with their customers.

Email Giants Move to Slash 'Phishing'

Email-service providers Google Inc., Yahoo Inc., Microsoft Corp. and AOL Inc. are backing a new effort intended to dramatically reduce "phishing" emails—which attempt to trick recipients into thinking they come from a legitimate source. The companies—along with others such as financial-service companies Bank of America Corp., FMR LLC's Fidelity Investments and eBay Inc.'s PayPal—are hoping to create an environment that allows the recipient of an email from, say, a bank, to feel secure that it isn't a trick.

How do I manage my personal data on my webmail service?

Web-based email (also called webmail) services like Gmail, Windows Live Hotmail and Yahoo Mail are free and you can access them from any computer and even your mobile phone. When using these services, there are many security considerations. First, you want to protect your account from being accessed by someone other than you. Use a strong password - it should also not be words found in a dictionary, but rather a mix of at least eight letters and numbers, changing cases and using symbols ($!* etc.) if allowed.

How can I report a fraud, spam, or identity theft on the Internet?

If you are being phished, spammed, for a criminal is otherwise attempting to commit a crime through email correspondence with you, you should report it to your Internet and email provider. They can also help you to prevent these kinds of attacks in the future. Today most anti-virus programs also include spam protection features. Many national governments also provide help and advice on the Internet, so visit your government's official web site.

How private are my emails?

Email is very private, however, it is possible that a system administrator at the company hosting your email could potentially read your mail. In addition, email moves through the Internet on servers controlled by thousands of government, education and private sector organizations. It is possible, though unlikely, that a system administrator somewhere in that path could capture and read email. It would be difficult and random, as individual emails move across the Internet in different paths.


Subscribe to email security