Protect My Email

Your email inboxes, including your GatorMail, are valuable tools for sending and receiving important communications. This makes them an attractive target for malicious actors – who may attempt to access your inbox or send dangerous messages to it. Read on for some tips on how to secure all your inboxes.

Secure your Account

Hackers often attempt to access the email inboxes of unsuspecting users, because they hold a lot of sensitive information. Most online accounts have a “forgot my password” system that sends a user an email to gain access to their account – so if an attacker breaches your inbox, they can access these messages and potentially take over your other accounts. This can cause irreparable damage if an attacker exploits this to take over your bank, work, or social media accounts.

The best way you can protect yourself from such attacks is to set a strong password for your email account and use Multi-Factor Authentication (MFA) on it. Using MFA requires an attacker to have access to your mobile device – adding an extra layer of protection to your login. GatorMail is automatically protected by Duo Mobile, an MFA solution that UF has adopted. Email services offered by major tech companies, including Gmail, Outlook, and iCloud Mail, allow users to configure MFA on their accounts. Many other services offer MFA; to look for yours search for “[My Email Provider] MFA”.

Phishing

Phishing attacks take place when a malicious actor impersonates as a trustworthy entity (such as a boss, organization, or corporation) to trick users into divulging sensitive information. UF has extensive resources on how to spot and report phishing emails; please see the article about Phishing for more information.

Malware

Email has long been a method for cyber-criminals to distribute malware, usually as attachments.  The malware will attempt to breach your computer’s security and privacy measures – potentially allowing an attacker to monitor your activity or control your computer remotely!

In today’s cybersecurity landscape, many of these malicious files will be blocked by antivirus tools in your operating system, such as Windows Security. Therefore, it is important to ensure you keep your devices up-to-date and install any security updates promptly.

However, not all malware will be caught by your system’s security tools, especially ones that take advantage of newly discovered exploits. Therefore, you should never open or download attachments from an unknown sender; report and delete the message instead.

Spam

Lots of email messages can be categorized as spam, from unwanted marketing messages to social engineering attempts. Different types of spam should be treated differently. For instance, it is safe to click the “Unsubscribe” link of legitimate marketing emails, but that is not the case with falsified messages.

In any case, you should report unwanted communications as spam or junk, using the tools your email provider offers. This will allow them to block that sender or automatically move messages from them to your Spam folder.

One idea to reduce the number of spam messages you receive in your personal inbox is to use “disposable” email addresses, which allow you to create a separate email address for each business or service you have an account for. That way, if one of them gets breached, attackers do not learn your real email address. The emails sent to your disposable addresses get forwarded to your regular inbox for easy access. In the event of a breach, the disposable email can easily be deactivated – meaning all message forwarding stops for that address. Firefox offers such a service called Relay, and Apple has Hide My Email. Just note that such services may not be used for UF business.

Encryption

When writing a message containing sensitive information, the sender should encrypt the email before sending. This helps ensure only the intended recipients can see the message’s contents. Per the Security of PHI and Other Restricted Data Policy, Restricted Data at UF must be encrypted in the limited cases where it is sent via email. If you are working with Restricted Data, please see that document for more information.

Microsoft publishes a directory where you can learn more about how to use message encryption with your Outlook client, including webmail apps such as mail.ufl.edu.

Other email services and clients may support encryption for personal messages, which can require additional configuration. For more information, search for “[My Email Client/Provider] message encryption.” Look for keywords like “in transit” or “S/MIME,” which is an email encryption algorithm.