Categories
General

Can You Stop Phishing Email by Changing Your Address?

The threat of phishing (attempting to gain access to confidential information by tricking the victim into thinking the request is legitimate) is as real as ever. Some of these scams are more obvious than others.

Often they arrive as emails and appear to be from trusted sources. Hence the question – Can you stop phishing email by changing your email address?

As a short term measure the answer might be Yes. As a long term solution the answer is probably No.

Here is one idea that can be employed to make phishing attacks a little less likely.

Avoidance:

This is the closest to the concept of changing your email to reduce phishing. Most internet service providers typically offer a set number of free email addresses to use as part of their service package when you sign up. These are probably for each family member to have an email address. You can also get free email from providers like google and hotmail.

One strategy that can be adopted is what I call distributed email. Here you split up the people and organisations who can contact you by email into groups or categories. Then you set up a different email for yourself for each group you have identified. So if you do online banking you may want an email just for your bank account. Then another for your memberships, clubs etc, another for your online shopping accounts and another for your friends and/or family. You can even set one up for those occasions where you are required to give an email (under duress) but have no intention of receiving anything from them and/or see no value in receiving anything from them.

The concept to this is that the smaller the group you assign to each email the less that email gets used and the less exposure it has over the internet to be skimmed by robots for phishing purposes. A little bit of planning here can do wonders for how well this strategy will serve you. As the email addresses from your internet service provider are probably paid for you are more likely to receive support from your provider if something goes wrong. It makes sense therefore to use these emails for important contacts like your bank. It also means that your service provider will be actively monitoring traffic on their server for suspicious activity and be filtering traffic out if it starts causing problems. The less valuable contacts (such as the one you give out under duress) can be associated with public email providers that you are not paying for. sbcglobal email

You could also think about using a service provider and public email providers that offer automatic forwarding of emails. Doing this can make this approach work even better for you. This is because once you have set up all your email addresses you can then have just one email address that you actually use (preferably one of the ones your service provider lets you set up). Now go into each of the other email accounts and do two things. a) Set each of them up to block all traffic into them except for the users that you know will be sending traffic to that email. So the email for the bank will block all traffic except for emails from the bank. Then b) set all those email accounts to auto-forward all emails that arrive at that inbox to the one email account that you will be using. If you set up the auto-forwarding to auto-delete once forwarded then you reduce the need to visit any of the other email addresses because they should not have much in them.

Remember however to always include in the “allowed” list for each email account the email address of the email host (that is – the email address associated with the “Welcome” message you get when you set each email address up). Make sure this is included in the auto-forward so that any problems or changes or updates to terms and conditions from the email host will be sent to the email address you actually use. This includes the email address you set up for those times when you give an email address under duress – even if you have blocked all other traffic into that email address and never auto-forward any emails from it (you should always allow emails to it from the host and auto-forward those to your normal account).

That is the strategy I call distributed emails and represents the closest method to changing your email to reduce phishing. This is the avoidance idea and minimises exposure by reducing the number of times each email gets sent across the internet. It may take a bit of time to set up but if done well it will serve you well and significantly reduce the number of times you will have to change emails in the long term. You can always periodically visit each email to make sure the filters are all working and nothing is stacking up in the in boxes that you were not aware of. This can be done maybe once every couple of months to avoid the email host provider thinking the account is inactive and changing its status to dormant.