Email is one of the main tools used for communication and information sharing in modern businesses.
It has become commonplace to send and receive dozens of emails a day, both at work and at home. It reduces the need for face-to-face interaction and, for the majority of the time, emails are a convenient, quick, and easy way to send and receive information.
Where problems start to arise is using email as a medium to send personal and sensitive information to third parties.
Identity theft can have devastating, long-term, and sometimes irreversible, effects. It can affect credit scores, max-out credit cards, and leave the victim in crippling debt built up by an unknown person. Criminals use interception of emails to facilitate ID theft, along with stealing funds from bank accounts and holding personal details to ransom. They see it as a victimless crime, but it is far from it.
What makes email such an unsafe method of transmitting personal and sensitive data?
Loss Of Control Over The Information
While sending an email feels like a safe and rather unexciting task, the reality is that as soon as an email is sent, all control over what happens next is lost.
It appears, from a user point of view, that the email is sent directly from one user to another. The speed with which it goes from being sent to received makes it almost unperceivable that it could be tampered with along the sending.
Unfortunately, the reality is something completely different.
For a miniscule amount of time, the email is floating in cyberspace. This time however is long enough for hackers to access it, and then use or amend the information contained within it.
For this short period of time, the user has no idea or control over where the email is or what is happening to it.
The time an email spends waiting to be directed to its recipient makes it an ideal target for hackers.
If a hacker attempts but fails to access an email being sent, it is unlikely either the sender or recipient would ever know an attempt was made.
This is why it is simply so unsafe to send documents via email that are sensitive and would cause serious harm if it gets into the wrong hands.
When an email is intercepted by an experienced hacker; they can change, copy, and delete information before it reaches the recipient.
Hackers also know who to look for when they are intercepting emails.
It is no science that it is sensible to look to try and intercept the email trails of lawyers, real estate agents and financial advisors. These people are trusted with personal information by clients who otherwise would not share these details with anyone else.
Hackers know that the information contained in emails between business and client will be useful to steal!
Example of a financial advisor
When a client instructs a financial advisor, before any work can be carried out for that client, the FA will require identification and bank account details as part of the standard Know Your Client process and in carrying out due diligence checks.
When a client sends these over by email to their FA, they land in their inbox a few minutes later who confirms safe receipt.
Neither the client nor the Advisor would know at this point that the email was intercepted during its sending and stolen by a criminal. This person can do numerous things with that information:
- Change the bank account details slightly so they belong to that of the hacker instead of the client. This has a catastrophic effect on the occasion the FA might have cause to send a payment to who they think is the client but is in fact the hacker. This can have huge indemnity insurance implications for the FA.
- Store the details for later attempts at identity theft. This would only become apparent at a date further down the line.
The consequences for both the financial advisor and the client in these circumstances can be devastating. Isn’t it time that banks, financial advisors, and lawyers, stop accepting personal and sensitive information by email.
The result for both parties is simply disastrous if something were to go wrong.