This article was co-authored by Yaffet Meshesha and by wikiHow staff writer, Darlene Antonelli, MA. Yaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.
The wikiHow Tech Team also followed the article's instructions and verified that they work.
This article has been viewed 369,134 times.
This wikiHow teaches you how to keep your email account safe from hackers. Sadly, hackers and scammers often target peoples' email accounts to gain access to sensitive information, and their tactics can be pretty convincing. Having a secure password is just the beginning—you'll also need to watch out for scam emails with redirected login links, fake technical support representatives, attachments and software that install malware, and people looking to steal your identity.
Things You Should Know
- Use a strong password that is more than 12 characters and a mix of numbers and upper and lowercase numbers. Further protect your account with 2-factor authentication.
- Don't open attachments or click links in emails unless you are positive that they are safe. Always verify the sender's email address.
- Make sure your computer is up to date and is running a current version of protection software.
Steps
Setting Your Account Up Technically
-
1Create a strong password. A good password is hard for other people to guess, difficult for software to crack, but easy for you to remember. It can be difficult to come up with a password that meets all of your email service's criteria that's actually easy to remember, but here are a few tips:
- Your password should be long: The golden rule now is that a password should be 12 characters and contain a mix of uppercase letters, lowercase letters, numbers, and symbols.[1]
- Don't forget to password-protect your phone or tablet: Even if it makes it take a little longer to access your home screen, always password-protect your mobile devices. If someone else gains access to your unlocked phone or tablet, they'll have access to all of your apps, including your email.
-
2Use a unique password for your email account. Avoid the temptation of reusing passwords on multiple accounts. If you use the same password to log in to your favorite website as you do your email, you're putting your email at risk—if someone cracks your password on that site, they'll also have your email password.
- Since there are so many passwords to remember nowadays, you may want to try using a password manager.
- Avoid choosing the option to save your passwords on the web. If you save your password to make it easier to log in, anyone using your computer may access your email. This is especially important when you're using a public computer.
Advertisement -
3Turn on two-step verification. Most of the popular email services, such as Gmail and Outlook, allow you to enable two-step verification, which adds a second layer of protection to your account. When two-step verification is turned on, you'll also have to enter a special security code that is sent to you via SMS or in an authentication app when logging in from an unknown source (a computer in a different area than you usually log in from). This makes it so if someone manages to crack your email password, they'd also need access to your phone to actually sign in.
-
4Make sure your computer is up-to-date and protected. To stay safe, make sure your antivirus/antimalware software is up-to-date, and that you're running the latest version of your operating system and email application. Out-of-date security suites often don't have the coding necessary to deal with newer viruses or hacks.
- Also, be careful when installing free software—sometimes software comes with sketchy malware. Research apps before you install them.
- If you're using Gmail, you should frequently check which apps you've allowed access to your account or perform a Security Check. If you're using Outlook, you can check your account history to make sure nothing you haven't approved has happened.
Being Careful
-
1Avoid opening attachments unless you already know what it is. Unless you know exactly who the sender is and what the attachment is for, resist the urge to click anything in the email.[2] Attachments can install malware on your computer, which makes it easy for hackers to access your email and your other personal information.
-
2Don't click any login links or buttons in an email message. Scam emails might also include fake login links or buttons that redirect you to a different website that captures your password. These emails are often very convincing and look like they come from a legitimate company or service you do business with. Even clicking the link can bring you to a site that looks like one you use often.[3]
- If an email asks you to log in to update information or correct a billing error, open a web browser window, go to the address of the website directly, and log in that way to see if anything needs to be changed.
-
3Learn to identify phishing scams. Scammers may use email to target victims—they'll often send emails requesting personal information that can be used to forge your identity, such as your social security number or banking information. Never provide any personal information over email unless you know exactly who is requesting the information.
- If you're using Gmail or Outlook, you'll see a red or yellow message at the top of the email, warning you that the email might be spam or a phishing scam.[4]
- Check the return email address—is the person claiming to represent a certain company but using a free email account? Check the domain name (the part that comes after the @ sign) in the email address—is that actually the company's domain name? Sometimes scammers register fake domain names that look like the real thing to bait victims. For example, you could get an email from @netfl1x.com instead of the actual site, @netflix.com.
- Does the message contain an offer that's too good to be true, or a claim that you've won a contest you never actually entered? Are you being asked to wire money to someone you don't know? These are all signs of scams.
- When in doubt, if a scammer claims to be affiliated with a company, contact the company or service directly by phone or on their website. If there's a phone number in the email, don't call it—instead, go directly to the company's official website and locate the phone number there. Sometimes scammers include fake contact information.
-
4Do not share your password with anyone. If anyone ever asks you for your password—even if they claim to work for your email service's support team—do not give them your password. There is never a need for a technical support representative to ask you for your password over the phone or email. Your password is meant to be private.
-
5Make your security question answers difficult to guess. If your email provider allows you to set up security questions in the event that you lose your password, don't enter answers that someone else can figure out, such as your mother's maiden name or your first pet's name.
- If the questions provided are pretty simple, you may want to enter something that isn't the actual answer to the question—such as "Flamingo" as your mother's maiden name. Just make sure not to forget what you enter!
Expert Q&A
-
QuestionHow common is it for your email to be hacked?Yaffet MesheshaYaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.
Computer SpecialistIt's actually extremely uncommon. People tend to think that this kind of thing happens all the time, but it's actually pretty rare. These days, the main way you're going to get in trouble with emails is if you open a phishing scam. -
QuestionWhat's the best antivirus for Windows?Yaffet MesheshaYaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.
Computer SpecialistWindows actually has a built-in anti-virus program called Windows Defender. I know it feels like you're getting extra protection when you pay for an antivirus program, but those paid programs are actually not all that better than the built-in version on your PC. -
QuestionHow can I tell if an email is legit?Yaffet MesheshaYaffet Meshesha is a Computer Specialist and the Founder of Techy, a full-service computer pickup, repair, and delivery service. With over eight years of experience, Yaffet specializes in computer repairs and technical support. Techy has been featured on TechCrunch and Time.
Computer SpecialistYou can typically get a read on this just by reading the domain where the email came from. So, if you get an email from "James at Amaz0n," you're not actually getting an email from anyone at Amazon. Some of this boils down to common sense, but scanning the email address is always a key step.
References
- ↑ https://support.microsoft.com/en-us/office/protect-your-account-and-devices-from-hackers-and-malware-066d6216-a56b-4f90-9af3-b3a1e9a327d6
- ↑ https://www.consumer.ftc.gov/articles/0376-hacked-email#what%20to%20do%20before
- ↑ https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
- ↑ https://support.microsoft.com/en-us/office/help-protect-your-outlook-com-email-account-a4f20fc5-4307-4ece-8231-6d4d4bd8a9ba
About This Article
1. Make sure your computer is up-to-date and protected.
2. Use a VPN (if you're using a public computer).
3. Create a strong password.
4. Use a unique password for your email account.
5. Turn on two-step verification.
6. Avoid opening attachments unless you already know what it is.
7. Don't click any login links or buttons in an email message.
8. Learn to identify phishing scams.
9. Do not share your password with anyone.
10. Make your security question answers difficult to guess.