📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

Email is not safe for personal data

2»

Comments

  • DullGreyGuy
    DullGreyGuy Posts: 18,192 Forumite
    10,000 Posts Second Anniversary Name Dropper
    onomatopoeia99 said:
    DullGreyGuy said:
    abssorb said:
    The risks are only tiny from a layman's perception of how IT works.  Movies shows us a "hacker" as some geek with a keyboard tapping away, a threat we can relate to, a human with a finite attention span. 

    Unfortunately it's fiction. Threats come from bots, which can make thousands of intrusion attempt per second, and never sleep. They aren't attacking your email account, or the recipients email account, they are attacking the mail servers. Think of bandits robbing the wild west mail coach. Lots of bandits.  

    The second part is that people imagine email works like a fax machine, sender > recipient is a straight line. It isn't.  It goes through a considerable number of third party servers, any one of which can be compromised by malware installed by a bot.  Your email can be read on these servers by anyone who has server access, the password you type to access your inbox does not protect them in transit, they can be read like a postcard, and attachments opened.  

    Most of these threats are repelled effectively, but if one gets through, you'd never know.  Just maybe 6 months later you start getting lots of PPI phone calls, or and-I-hope-not, a bank account is compromised.  And once it's out there, it's there forever.

    No-one needs to spend any money to be safer, just to understand that email is a 50 year old technology which was never designed to be anything other than an electronic postcard. No-one owns email, and so it has never been improved or invested in.  Just zip your attachments with a password and it's safe enough, or send via whatsapp.
    TLS is less than a 50 year old technology but agree it's far from secure. 


    TLS is secure, at least current versions are.  Did you mean SMTP? 
    No, meant TLS. I'm not a techie person but with more than one client if you are going to be exchanging emails regularly with a new company you had to notify IT and they'd add their domain to the "TLS" setup for emails however anything containing customer data or "highly confidential" still had to be sent via a portal. 

    When speaking to one of the InfoSec analysts they stated the use of TLS for email was better than however it was sent without the domain being added to the list but was far from perfect (hence the portal for anything marked as highly confidential). Anything marked confidential would go via the portal if the recipients domain wasn't on the TLS list. 
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.6K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.6K Work, Benefits & Business
  • 598.3K Mortgages, Homes & Bills
  • 176.7K Life & Family
  • 256.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture