Why is Email Not Secure?
Your bank never emails your statement, right? Because email is not secure. Email data can be stolen as it travels un-encrypted over the network and could be stored un-encrypted on mail servers, Internet mail relays, as well as end devices.
Stolen data is sold on the dark web and used to obtain loans, claim tax refunds in your name, make purchases, open new accounts, or even used to create a fake identity for illegal activities.
Which Email Services are Affected?
Joint research by University of Michigan, Google, and University of Illinois Urbana Champagne, measured over 700,000 mail servers, and found that only 35% were configured for encryption, and most had glaring loopholes that allow attackers to reroute emails to their servers. Their investigation of Gmail in particular showed that up to 20% of all messages were attacked.
Major email providers (Hotmail, Yahoo, Gmail, AOL) and millions of other email domains “offer no protection against active adversaries” who could observe or inject data between an email server and the Internet, says Prof Alex Snoeren and his fellow computer scientists at University of California San Diego, based on their measurements of current email services.
Johanna Amann, PhD, working at University of California Berkeley, says
“most of our communication is poorly secured” because “secure configuration is not straight-forward and many combinations of encryption and authentication mechanisms lead to insecure deployments”
based on an investigation of large email providers, with her co-investigators from University of Sydney and Technical University of Munich, presented at the Network and Distributed System Security Symposium 2016.
How Can I Keep Myself and My Family Safe?
It is best to use a secure communication service when sending any sensitive data to your accountant, tax-preparer, insurance agent, loan officer, business partner, realtor, health coach, recruiter, or other professionals.
Also, if you communicate sensitive data with family members, such as educational or financial documents with college-kids or lab reports with parents, use a secure communication service.