Okay to send these account details via e-mail?

[Deleted User]

Prism said:

TadleyBaggie said:

TheMightySwordfish said:

Email is as secure as any other other way of sending details. 

No it's not. Unless end-to-end encryption is being used (unlikely), email data packets are sent as clear text. In theory packet sniffing software could capture these. 

Emails are almost never sent as clear text. Although not a guarantee there is a very high chance that emails are encrypted.

Emails aren't end to end encrypted by default 

someone

TBH biggest risk is either your or the recipient's email is been monitored by a fraudster (e.g. malware, password breach etc). They get notified as soon as something looks like a bank account number and if breach is on your side go "Opps that's the wrong account it should be [fraudsters account]". If on the recipient's side they delete the email and replace it with an account they have control over. Recipient non the wiser makes the transfer thinking they are sending it to you but they send it to the fraudster instead. Real examples of this have been published multiple times. When its emails with solicitors the amounts lost can be large.

Chino

Love the way that people's imaginations go into overdrive when these questions come up.

whitesmith

Regular email is not - and never has been - a secure form of communication. So no, it is not alright to send these details by email. That is why financial companies, for example, only quote eg the last four digits of account numbers in their emails.

That said, only you can make the judgement that the very very small risk of something going wrong if you did do it is a risk worth taking.

Newly_retired

I recently split this information over three emails.

Prism

dahj said:

Prism said:

TadleyBaggie said:

TheMightySwordfish said:

Email is as secure as any other other way of sending details. 

No it's not. Unless end-to-end encryption is being used (unlikely), email data packets are sent as clear text. In theory packet sniffing software could capture these. 

Emails are almost never sent as clear text. Although not a guarantee there is a very high chance that emails are encrypted.

Emails aren't end to end encrypted by default 

It depends on the system but emails are typically encrypted across every part of the channel along the way. Its not a guarantee but it would be very unlikely to find any of it unencrypted. And depending on the system you can enforce encryption with a few settings.

Fingerbobs

Prism said:

dahj said:

Prism said:

TadleyBaggie said:

TheMightySwordfish said:

Email is as secure as any other other way of sending details. 

No it's not. Unless end-to-end encryption is being used (unlikely), email data packets are sent as clear text. In theory packet sniffing software could capture these. 

Emails are almost never sent as clear text. Although not a guarantee there is a very high chance that emails are encrypted.

Emails aren't end to end encrypted by default 

It depends on the system but emails are typically encrypted across every part of the channel along the way. Its not a guarantee but it would be very unlikely to find any of it unencrypted. And depending on the system you can enforce encryption with a few settings.

I don't think this is true at all. The connection between the end-user's computer and their ISP's email server is (nowadays) usually encrypted, primarily because this communication includes the user's authentication credentials, but once it's reached their ISP's SMTP server, the rest of the chain to the recipient is usually unencrypted.

In any case, even if every SMTP hop were independently encrypted on the wire (which I do not believe to be true), it's still possible for the cleartext message to be intercepted at any of the intermediate SMTP servers along the route.

TL;DR: Email cannot be assumed to be secure.

Emmia

Boa21 said:

Have you got them on WhatsApp? That's end to end encrypted. 

Or Signal?

Or email some info on 2 different emails and text the other info?

Prism

Fingerbobs said:

Prism said:

dahj said:

Prism said:

TadleyBaggie said:

TheMightySwordfish said:

Email is as secure as any other other way of sending details. 

No it's not. Unless end-to-end encryption is being used (unlikely), email data packets are sent as clear text. In theory packet sniffing software could capture these. 

Emails are almost never sent as clear text. Although not a guarantee there is a very high chance that emails are encrypted.

Emails aren't end to end encrypted by default 

It depends on the system but emails are typically encrypted across every part of the channel along the way. Its not a guarantee but it would be very unlikely to find any of it unencrypted. And depending on the system you can enforce encryption with a few settings.

I don't think this is true at all. The connection between the end-user's computer and their ISP's email server is (nowadays) usually encrypted, primarily because this communication includes the user's authentication credentials, but once it's reached their ISP's SMTP server, the rest of the chain to the recipient is usually unencrypted.

In any case, even if every SMTP hop were independently encrypted on the wire (which I do not believe to be true), it's still possible for the cleartext message to be intercepted at any of the intermediate SMTP servers along the route.

TL;DR: Email cannot be assumed to be secure.

 Most ISPs do not offer an email solution anymore but typically use one of the big email providers like Gmail. The connection between an end users device and their mail server is almost always encrypted. Encryption is not related to authentication but just due to the connection protocol. The most typical is HTTPS.

With an email delivery the mail typically leaves the sending mail service and goes directly to the receiving service - there is no hoping around.. The most likely communication protocol that pretty much everyone uses is TLS to secure the channel. If that is not possible for any reason then theoretically an email could be sent unencrypted but its pretty easy to switch off that capability.

The receiving client then opens the mail securely. The only other services along the way that can access the email are those security services owned or paid for by either the sending or receiving services.

So no you wouldn't send highly secret information by email as it isn't end to end security, but for anything else, like in this case account details, the only access to the email would be to hack the servers run by the mail providers (Microsoft, Google etc) somehow. In most scenarios email security is absolutely fine and encrypted along the way.

whitesmith

I said email is not secure (and I was referring to eg microsoft, gmail etc) for several reasons (you can probably think of a few more):

1. the emails themselves are not encrypted ie the browser does not encrypt the text, passing the decryption key to eg the gmail servers for the recipient to decode. Yes the link is encrypted (HTTPS) but the data is not. You CAN get encrypted email, where you encrypt your emails before sending and the recipient has to know and enter the key to read the plain text, but this is not what the OP is using (I assume).

2. there are other reasons why email is not secure - eg someone can take a quick peek at your laptop whilst you are out of the room, someone can pick up your phone and open the outlook app (if the phone is not secured), you can mis-type the sending email address so someone else gets it, you can be sent a phishing email saying the recipient's email address has changed and send it here instead, you could have a keylogger on your laptop, the email provider could be the subject of a hack intusion at some later date etc etc

Yes, all these are remote possibilities but the remoteness of it does not negate the fact that email is inherently insecure - you would not send new launch codes using gmail. That said, the risk is minimal and the OP must make their own judgement.

Also don't forget once you have sent an email it hangs around for eternity - if you delete it from your 'sent items' it appears in 'deleted' - if you then delete it from 'deleted' it is available via 'recover deleted items' etc etc so if anyone in the future gets onto your laptop... Also Google scans all emails and saves the interesting bits about you so they can advertise to you, including maybe bank account details. And I haven't even started about swap files on your HDD etc... Emails are not secure.