Securing Emails / Identity

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
Snowjob
Posts: 1634
Joined: Sun Jun 28, 2009 10:53 pm

Securing Emails / Identity

Post by Snowjob »

I recently had my identity used and it got me thinking about how to take extra precaution with my financial data.

To add an additional layer of security I was thinking of buying a new google tablet, creating a new email address specific for my financial accounts (Bank / CC / Brokerage) and using that tablet only as a means to access the E Mails tied to those accounts. Effectively I want to separate those emails from my main email account and keep access to that account as secure as possible. My theory is that if I do this, no one will be able to tie my name, cell number etc to the email accounts used at those financial institutions (unless the guess my username & passwords of course). Is it perfect? probably not but I feel like taking an additional step given what has recently happened.

Backstory: Was away skiing recently, came home and found an email confirming my pick up for a shuttle service that took palace a day prior. Person had used a voucher and put the remaining fee on my credit card. Gave my name and email as well. I had used this service before.

Anyone do anything like this, have any feedback? punch some holes in my theory or have suggestions on safeguarding data? I'm all ears!
nordsteve
Posts: 812
Joined: Sun Oct 05, 2008 9:23 am

Re: Securing Emails / Identity

Post by nordsteve »

It's not clear to me what attack against your account you're trying to defend against. In particular, the leak in the shuttle example you gave was probably at the company that runs the shuttle.

One downside of the "special tablet" is that you need to check it regularly, and you loose the timing benefit of email/texts to your workaday device about suspicious activity on the account.
Topic Author
Snowjob
Posts: 1634
Joined: Sun Jun 28, 2009 10:53 pm

Re: Securing Emails / Identity

Post by Snowjob »

My suspicion was the the shuttle company also -- they are looking into this for me right now.

I agree on the downside of less visibility, as I certainly would be checking it less often.

I guess I was mostly worried that someone had those three pieces of information and wanted to limit this to two pieces going forward.

If someone were to ever hack my current email account they would have access to everything in theory. So why not make your financial data a giant secret? If I had the separate account and someone obtains access to my main account they could really do some damage. But if they get in there and see no ties to a bank / cc / brokerage they are limited I would think.
goGators
Posts: 55
Joined: Thu Apr 04, 2013 10:01 pm

Re: Securing Emails / Identity

Post by goGators »

I have 3 email accounts: 1) General use (family, friends) 2) Online purchases and 3) Financial accts. I have experienced spams in 1 & 2 but not 3. So I think it's a good idea to have a unique email address for financial accounts. However, I don't use a specific device to access my financial information online.
cheesepep
Posts: 949
Joined: Wed Feb 17, 2010 10:58 pm

Re: Securing Emails / Identity

Post by cheesepep »

FYI, if you use anything Google, Google can and will track you. 90%+ of their business is selling you ads. Not a good way to secure your identity (in some aspects).
nordsteve
Posts: 812
Joined: Sun Oct 05, 2008 9:23 am

Re: Securing Emails / Identity

Post by nordsteve »

Snowjob wrote:If someone were to ever hack my current email account they would have access to everything in theory. So why not make your financial data a giant secret? If I had the separate account and someone obtains access to my main account they could really do some damage. But if they get in there and see no ties to a bank / cc / brokerage they are limited I would think.
Usually financial service providers require more than just control over the registered email account to get access to the account.

Do you have two factor / two step authentication enabled for your email accounts? This substantially reduces the chance that someone else can gain control of your email account.
User avatar
JoMoney
Posts: 9921
Joined: Tue Jul 23, 2013 5:31 am

Re: Securing Emails / Identity

Post by JoMoney »

The fact that the shuttle company didn't require more identification for billing is troubling, but there's nothing you can do about that.
At the same time, you shouldn't be liable for their poor security practices. Unfortunately, you're left with the onus of reporting back to them that the charge is fraudulent. I would think it's a good thing that your email was tied to it, it helped you get notification quickly and the fraud addressed quicker than it might have been had they snail-mailed you a bill or waited until you (hopefully) noticed the charge on a credit card statement.
"To achieve satisfactory investment results is easier than most people realize; to achieve superior results is harder than it looks." - Benjamin Graham
User avatar
Ged
Posts: 3927
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: Securing Emails / Identity

Post by Ged »

The first rule of email is that it is fundamentally insecure. The mail is generally sent unencrypted over the internet and may be read at any number of places. Furthermore law enforcement does not need a warrant if the mail is kept on 3rd party servers like Google and Yahoo for more than 60 days.

Recent news has a story about John Brennan having his AOL account hacked via social engineering. Who is John Brennan? Head of the CIA. He had a very sensitive document on the AOL server. OOPS.

You can make things somewhat better by avoiding 3rd party servers and setting up your own mail server ala Ms. Clinton. This gives your mail a lot fewer ways to be read by others because it travels directly from the sender to you. Things come to you a lot faster this way too. However it takes some work to set up and you will need a computer to be on 24x7.

If you are worried about mail from financial institutions it's likely the most practical thing is to minimize this sort of mail as much as possible. Turn it off. Don't have routine but sensitive information sent this way.
Topic Author
Snowjob
Posts: 1634
Joined: Sun Jun 28, 2009 10:53 pm

Re: Securing Emails / Identity

Post by Snowjob »

goGators wrote:I have 3 email accounts...
My thinking was along those lines -- leaning toward two instead of the three like you have. As you say the difference being the separate device which I'm debating more heavily than the first step which would be having separate email accounts
cheesepep wrote:FYI, if you use anything Google, Google can and will track you
Agreed, but to have a digital signature is to give up some privacy, I am willing to cede that to these institutions for all the access / benefits that come with it. In google we trust?
JoMoney wrote:the fact that the shuttle company didn't require more identification for billing is troubling...
The person called up and paid using my name, phone and email. this matched a prior record in their database so I don't fault them but it is scary.
Ged wrote:If you are worried about mail from financial institutions...
I'm worried that someone smart enough to hack into my account will then be able to go to any of my financial institutions and reset passwords and create transfers or withdrawals etc. They could easily change the notification policies once there. For many internet transactions I seem to have to enter Name / Email Address / Phone number etc. So there will this cluster of data available in many places. However, if I am very careful in only using this new email address in the way I have specified originally, it will never be available in a package tied to my name or phone number outside of those few financial institutions. That was my thinking. Just trying to minimize risk, but this is a whole level of technology beyond me I will confess -- to an expert this may seem like a silly idea but from my stand point I think it adds another layer of security.
whomever
Posts: 1000
Joined: Sat Apr 21, 2012 5:21 pm

Re: Securing Emails / Identity

Post by whomever »

I divide the digital world into a couple of sections.

The high value section is places where there is more than a couple of month's expenses setting around - Vanguard, online banks where I have CD's, Treasury Direct, etc. I only access these from a dedicated machine, have very secure passwords/questions/etc that are only stored on paper (in safe or safety deposit box). I don't access these accounts very often (one is set up to auto-push monthly expenses into the 'everyday' account). I use our normal email for these (because otherwise I wouldn't see traffic).

The everyday financial section is a bank that never has more than a couple month's expenses, and credit cards. I don't worry a lot about credit card fraud because, at least so far, fraud isn't really my problem. If some clever hacker raids that bank account, I'm out a couple month's expenses, which is a bummer but not catastrophic. I access this from my normal computer, using passwords I can remember.

I also have a 'commercial' email address that I use for e-commerce etc. IMHE many companies opt you in to their various marketing stuff (sometimes even if you opt out). I only check this address if I'm wondering whether an order shipped or whatever, otherwise I just let the marketing dust bunnies pile up.
Afty
Posts: 1461
Joined: Sun Sep 07, 2014 5:31 pm

Re: Securing Emails / Identity

Post by Afty »

Snowjob wrote: Backstory: Was away skiing recently, came home and found an email confirming my pick up for a shuttle service that took palace a day prior. Person had used a voucher and put the remaining fee on my credit card. Gave my name and email as well. I had used this service before.
Can you give more detail on what kind of attack you are trying to defend against? Why does it matter if this person gave your email address as theirs? Were they able to charge something to your credit card just by knowing your name and email? If so, that's something the shuttle service should never have allowed and should be held liable for.

If you're most concerned about an attacker gaining access to your email account and then using that to log into financial websites, I would (and have) set up two factor authentication for your Gmail account. Then an attacker would need both your smartphone and your password to log into your account. See https://www.google.com/landing/2step/ for instructions.
Topic Author
Snowjob
Posts: 1634
Joined: Sun Jun 28, 2009 10:53 pm

Re: Securing Emails / Identity

Post by Snowjob »

Yeah I am finally setting up 2 factor on my gmail account(s). I actually didn't know it existed -- honestly the multi factor Interactive brokers account log in system is one of the reasons I've used them for years. Thanks guys
ParkersPaPa
Posts: 101
Joined: Sun Jun 14, 2015 9:16 am

Re: Securing Emails / Identity

Post by ParkersPaPa »

Using an android device for secure anything is a non-starter in my opinion. You have zero control over OS upgrades (only your ISP/phone company can do this...and most haven't).
Post Reply