Why do I have to worry about my emails at all?

Aside from the everyday communication, your email inbox includes a lot of private content like contact details, registration emails, order confirmations, password- as well as reminder emails. Once hacked, the attacker has access to this information and can ply his trade on behalf of your account. The hacker can snoop on your account in order to read your emails. But even worse: he might use your email address to send spam mails or malware. In some cases hackers use login or credit card data to go shopping – at the expense of the actual owner. You see, a hacked email account can lead to an unwanted chain reaction.

How can someone infiltrate my account?

An unsafe password or an easy-to-guess security question (challenge-response authentication) makes it needlessly simple to hack your email account. Even politicians are not safe either, as the hack of Sarah Palin’s email account demonstrates (at the time of the hack she was a candidate running for the US vice presidency). All the hacker needed in order to succeed was her date of birth, her zip code and the name of her former high school. The password and the challenge-response authentication can be well chosen, even so there is the possibility that someone else is reading your emails as well.

What can I do in order to protect my inbox?

In order to secure your account, it is advisable to first generate a strong password. A good security question is equally important. In case you have forgotten your password, you can usually recover access to your email account once you have given the correct answer to the security question. It might be possible that the hacker does not even bother with the password but goes straight for the challenge-response authentication in order to gain access to your account. This is why you have to keep in mind that you share a lot of personal information with the whole world via Facebook, Twitter & Co. So please don’t use the name of your university if this information is made public on your Facebook profile. There is, however, a rather inventive instruction for choosing memorable security questions on this website. Another measure is spreading the risk by using different email addresses when you register for online shops and web services. So, in case of someone hacking your account, at least not all login data is obtained at once.

How do I protect myself against uninvited readers?

If you are sending or retrieving emails always do so via a safe connection. Make sure that, whenever you use a webmail service, the address of the website begins with a “https://” instead of a “http://” – the additional “s” means “secure”. This kind of encryption only works for the transmission from the browser to the email provider. After that it may well be that the email is not encrypted on its way to the recipient. In addition to the secure connection it is advised to encrypt the content of the email itself. This is achieved with the aid of PGP (“Pretty Good Privacy”), a programme which enables high-secure encryption of emails. It uses Public Key Encryption (an asymmetric encryption system) which requires two separate keys: a private key and a public key, which, in combination, cipher and decipher data. PGP ensures a thorough encryption of an email’s content, so anyone who intercepts will only be able to read an illegible combinations of letters and numbers. The author of lifehacker.com explains how to install PGP for webmail services like Google Mail. The main disadvantage of this kind of encryption is that it only works if both communicating parties use it. However, the meta data is never encoded. Snoopers still have the possibility to trace back which servers communicated at which time.

I am using PGP and safe passwords. Am I safe from surveillance now?

The answer to that is an unequivocal no. The aforementioned email encryption is only safe if all communicating parties use it. Furthermore, rubbernecks will always find a way to intercept and exploit data while your are surfing or chatting.