Indecent Exposure and Robotic Hacking
Would you send a naked selfie by email? A lot of us would say ‘no’, because we’re well aware of what could go wrong. What if the person you send the message to accidentally (or deliberately) shares it with someone else? What if your email account or theirs gets hacked? We’ve seen too many public figures humiliated when their private emails have been exposed.
But even if we won’t share certain photos, many of us will ignore 21st-century common sense and share other extremely personal information by email, just because a bank, broker or other service provider asks us to. Darn it, if they tell us to do this, it must be okay – right?
People, your gut fears are correct.
In a new OnePoll survey commissioned by Echoworx, 45 percent of millennials had been asked to send sensitive information by email to their banks, and 85 percent of millennials reported that they’d been specifically asked for their social security numbers by email. Almost 60 percent questioned whether using email to send this info was a good idea, and 55 percent have either had their personal information stolen, or suspected that it had been.
Yet they still shared these personal details by unsecured email. And by the way, less than 60 percent could accurately define the word, “encryption”, which is the process of converting information into code so the wrong people don’t see it.
Robotic hackers are real.
More than five million personal records are lost or stolen every day because they are not properly stored or encrypted. And when you’re transferring info from your wallet to your bank, you could increase the likelihood that you become a victim, especially if you use email.
Most email services can be easily hacked. This isn’t because some evil genius is after you, specifically; it’s because any number of bottom-dwellers are creating bots (robot software with malicious code) that go after everyone, simultaneously. Those bots have databases behind them that include every password that’s ever been hacked, plus dictionaries and languages and other sources of text that people might use for passwords and logins. The bots spin rapidly through combinations of passwords and logins until they break into your account, and then they sift it for personal information.
Really, it’s almost that easy.
How to play safely
While financial companies can’t control your email, they can control their own processes, interfaces, servers and encryption. In fact, there are a slew of regulations throughout the world telling companies they must do it or face consequences. For example, a regulation known as the GDPR applies to everyone doing business in Europe (e.g., most of the big US financial companies), with fines of 20 million euros for not protecting customer data. Yet it seems that some of our trusted institutions would rather risk the fallout than proactively create secure interfaces, so we could still send and receive personal information by email.
So, what can you do to protect yourself? Start by refusing to exchange private info by unsecured email. Ask what your institution does to protect your sensitive email communications, and think twice about the ones that don’t have clear policies and practices in place. And visit our Getting Personal portal to learn more about the risks and opportunities of sharing sensitive information.
By Alex Loo, VP Operations, Echoworx