Why protect your inbox?
You probably use an email address to access your accounts. When you try to retrieve a forgotten password, usually the platform will send you an email. However, if fraudsters have access to your inbox, they will be able to change the passwords to your accounts and steal your identity, for example.
“If someone accesses the inbox of a third party, they could potentially have access to their entire life: their name, their address, their SIN, their tax returns, etc.,” says Tony Fachaux, a cybersecurity awareness expert at the National Bank.
Criminals could also collect your personal information and sell it on the dark web, the hidden part of the Internet where black market dealings take place. Whoever buys this information could then also defraud you, which would turn into identity theft.
“Fraudsters can also manipulate the people around you: They’ll imitate your writing style and reach out to your contacts to extort their money or personal information, for instance,” adds Tony Fachaux. “They’ll do it while you’re away on vacation and don’t have access to your emails.”
How to protect yourself
Don’t worry—there are many ways to make your inbox safer and protect yourself against fraudsters. Here are four easy tips:
1. Use two-factor authentication
You can enable two-factor authentication to access your inbox. This method—also known as 2FA—is both simple and effective for strengthening the security of your accounts.
With two-factor authentication, you will be asked to enter a unique verification code after you’ve entered your username and password. This code can be sent via email, voicemail, text or a third-party app. For your security, never share the verification code with anyone.
You can specify in your browser or email settings how often two-factor authentication is required. By default, you will be prompted for the validation code every time you log in, if you change your password, or if you log in from a new device or browser.
With two distinct factors for authentication, you benefit from stronger protection. Your inbox and all the personal information therein will be much safer.
In fact, the National Bank is the first financial institution in Canada to provide two-factor authentication on its online banking platform. “We’re very innovative in this area,” adds Mr. Fachaux. Two-factor authentication is now available on many online platforms.
2. Make sure the second factor is reliable
When using two-factor authentication via email, it is crucial that you have different passwords for the platform you’re protecting and the email you’re employing as the second factor. Otherwise, if a fraudster gets their hands on the password for your first account, they will gain access to your second account too.
Using email, voicemail or text messaging as a second factor is a reliable way to improve your account security. However, the most reliable second factors are currently provided by smartphone and tablet apps that create unique, randomly generated passwords. These consist of a series of numbers that only stay valid for a short period of time.
3. Manage your passwords carefully
Keep in mind that no one should be able to guess your password. It should be as long as possible (aim for 21 characters) and it should not contain any personal information that’s easy to find, like your children’s names or your birthdate.
Also, be sure to choose different passwords for each platform you use. We do not recommend using the same password for Facebook and LinkedIn, for example.
Be creative when making a password. You could choose four random words that only make sense to you, or use a sentence without spaces, capital letters, or punctuation. If your password is long enough then special characters aren’t necessary, but you can still use them.
You can use a cross-platform password manager to create passwords that are complex and distinct enough. Some smartphones also have their own native password manager. The way they work is simple: You only have to remember one strong password, and the manager automatically enters the passwords to your accounts. Pretty handy!
4. Develop the right reflexes
Finally, if you see some emails in your outbox that you didn’t send, your account’s security may have been compromised.
Put the advice listed above into practice and quickly check your bank accounts, looking for suspicious transactions. In any case, these are good practices that should become instinctual. Remember that your inbox is a true gold mine that you need to keep safe.
Several measures exist to protect you from fraud.