Skip to main content

DON’T BE A VICTIM: Sending Sensitive Data Via Email

Ask any cybersecurity expert, and the answer will be the same: NEVER send personal information via regular email, especially as recklessly as THIS person did.

“A client was telling me that he had a customer send in a form (via regular email),” RaLynda Lee told me. Lee is the office administrator of Novagiant Media, your #WiseChoice for branding, website and logo design.

Then she hit me with this jaw-dropper.

“In the subject line of the email, the customer put his credit card number and included the expiration date and 3-digit code on the back,” Lee said. She added, sarcastically, “Then, just for ease of theft, included his ZIP code.”

Now, I realize most of us — including, I hope, you — wouldn’t be so careless to do this. But I also realize many of you may not understand why typing your personal or financial information in the subject line — or any line of regular email — is a no-no.

“Here’s why: email leaves trails of unencrypted credit card numbers in inboxes, trashes, web browser caches, etc.,” said Gary Glover, vice president of security assessments at SecurityMetrics. “As with any end-user technology, it’s extremely difficult to secure.”

Drayton Mayers is the franchise owner of #WiseChoice TeamLogic IT Memphis, your #WiseChoice for business cybersecurity and cloud compliance. Mayers said not only should you never type password-sensitive personal information or credit card/financial information into regular email, but you should also never reply with that information to unsolicited email requests, even those you think you recognize.

“Pick up the phone, initiate the call to the vendor with the number you’ve verified to be the correct number and verify the request,” Mayers said. “Do not call the number listed in the email or text, even when it is someone you know. It could be someone who has ‘spoofed’ the email or text of the vendor to make it appear as if it is the real vendor.”

He said if you must send personal/financial information via email, use only encrypted email. “Microsoft Outlook makes it easy. Simply add #Secure in the email’s subject line and then add your subject information,” Mayers said. “Setting up encryption is possible for Gmail and iCloud. And remember, legitimate tech companies like Microsoft, for example, will never initiate contact with you to request your usernames and passwords.”

“In today’s world, it is simply not safe to send personal information via email,” said Debbie Hylander, CPA and owner of #WiseChoice Hylander CPA Firm, PLLC. “Never send any tax documents or other sensitive information through email, either in the body of the email or as an attachment. A reputable tax professional will provide their clients with a secure way to exchange tax related documents, like W-2s, 1099s, broker statements and tax returns. At Hylander CPA Firm, you can securely upload your information via our Secure Document Exchange and mobile app, Liscio. 

“To add another layer of protection, you may request an Identity Protection Pin (IP PIN) from the IRS by going to Get An Identity Protection PIN | Internal Revenue Service (irs.gov). A IP PIN is a 6-digit number that only you and the IRS have. That will prevent someone else from filing a tax return with your Social Security number. An IP PIN can be obtained for anyone who can verify their identity, you, your spouse and your dependents. It must be provided to your tax professional before your tax return can be filed electronically or by paper. Like Drayton said about Microsoft and tech companies, the IRS will never call, email or text you asking for your IP PIN or any private information, for that matter.” 

Back to that credit card customer from the start of our story: by all accounts, nothing happened to the private information — basically ALL of the relevant credit card information — the customer shared completely in the subject line of that email. The customer dodged a bullet.

Let’s make sure our sensitive data isn’t under the gun of unsecured email in the first place.

Copyright 2022 Wise ChoicesTM. All rights reserved.

andy wise, andy wise channel 3, andy wise channel 5, andy wise choices, andy wise does it work, andy wise does it work thursday, andy wise memphis, andy wise on your side, andy wise reporter, andy wise will it work, andy wise wmc action news 5, andy wise wreg, consumer investigator andy wise, consumer protection, memphis wise choices, personal information, trust wise choices, wise choices