AFS Blog - Email Containing Sensitive Information Equals Risk


Email Containing Sensitive Information Equals Risk

It was shocking to learn not long ago, that email containing sensitive information equals risk. What seems to be an innocent email and sent to a colleague or friend, is not at all secure. You would think the communication is only between you and the other individual(s), right? Well, unfortunately, they’re not! In the past, clients have sent us sensitive information such as bank account numbers, social security numbers, and even passwords! They were taking a very big risk! How big? Let’s find out…

Technology Continues To Evolve

With technology constantly evolving, it’s presumable that would‐be hackers are constantly writing new code to aid in their continued hacking success. Intercepting unprotected emails going from point A to point B is another method they use as well. We’ve all heard the many reports of Yahoo email accounts being hacked. The last hacking fiasco just happened in December of 2016, where it was announced that over 1 billion accounts were compromised. That’s a lot of accounts!

Now imagine for just a second, how many people did those 1 billion contact? How many of those emails had some sort of sensitive information included? Again, email containing sensitive information equals risk and just the thought is alarming enough!

Email Hacking

So how do emails get hacked? Well, one way is for hackers to intercept sensitive information contained in your email. They don’t even need a password to your email account to successfully do this. How can they do it? Here’s a trick they use…

The hacker penetrates your email provider’s records. What they need is an unsecured connection through the email provider, where they simply gain access to information for DNS records. Although we consider ourselves somewhat tech savvy, this article will go into much more detail (for the engineers in our audience) on how hackers can even do this. Admittedly, it is quite interesting.


Getting back to the Yahoo hacked accounts fiasco — typically people are creatures of habit. More often than not, they use the same password for everything. Most people like to create very easy passwords so that they don’t forget them. They will use passwords such as 123456, the street name they live on, name of a family member, and believe it or not, even their own email address. This is definitely not a wise move! When your email account gets hacked, now, any email coming or going can be viewed. Think of it like a receipt when you purchase something. Did you send personal information such as your street name, family member name, etc? Now, the hacker has even more information on you and will most likely make random attempts to access your email just as you would. If successful, the hacker can then conduct other fraudulent activities such as obtaining your credit card information, applying for credit, or worse, stealing your identity. It is imperative that you create unique passwords for your email account(s), or any online account for that matter. A password that has at least 8 characters with a combination of uppercase letter(s), lowercase letter(s), number(s), and symbol(s) are your best defense against hackers. Y0ur#1P@s$w0rd is an example of a very strong password, where 123456 is not such a great password and pretty easy for hackers to figure out.

Tips To Remember

  1. When signing into your email account, ensure that the browser starts with https:// and not http://. The ‘s’ tells you that your connection is secure.
  2. If you need to send sensitive information, CLICK HERE and refer to these service providers that will encrypt your email and/or attachments. We use a service called Citrix ShareFile and any information you upload to us via our Contact Page, is safe and secure! Additionally, any sensitive information we send you will also be encrypted using the same service.
  3. Create unique passwords that have a minimum of 8 characters and include a combination of uppercase letter(s), lowercase letter(s), number(s), and symbol(s). An absolute no no is using your email address as your password! Avoid using identifying information for your password, such as the street you live on, family names, social security numbers, home address, city and state you live in, etc. The first step in creating a unique password, is for that password not to have any association with you or anyone you know.
  4. Change your password regularly. We typically change our passwords every 60-90 days. In the past, we have gone as long as one year before changing our passwords but will say that we have some pretty good passwords.

Hopefully, this article clearly communicated the reasons in why email containing sensitive information equals risk. Now, you might be saying to yourself, this all sounds great but I can’t even remember what I did yesterday, let alone remember a password or even a password I change every 90 days. The information provided below will assist you tremendously!



We will start off by saying that we are not a paid spokesman or endorser. We are simply a very satisfied user. Check out RoboForm. There are other services available that assist with the same concept which you can research by CLICKING HERE. All of the services available are really the next best thing since sliced bread. It will save all of your passwords for you. Typically, you remember just one Master password and the service will remember your password for everything else. How? For RoboForm, you login while you’re surfing the internet. Once logged in, it’s right there watching your every move as you surf and log into your favorite websites. It will save your information and even time out after a predetermined time you set. Additionally, many settings can be customized to your personal taste.

Your settings can be simple or more complex. Don’t have your computer with you? You can login to RoboForm from any computer anywhere in the world and use as if you were on your own personal computer. You can even have RoboForm generate passwords for you if you aren’t creative enough in doing that yourself. We included a little screen shot to show you how easy it is.



We’ve been using RoboForm for close to 8 years now. With each update, comes great new enhancements. Lastly, we should make it known that we have never had any of our information compromised…anywhere! Hopefully, we’ve communicated the reasons in why email containing sensitive information equals risk and now you have some more resources to research so you can protect yourself! Feel free to share this article by clicking any of the social media icons below our disclaimer.


  2. New York Times
  3. RoboForm


This is a Financial and Insurance Services Website. The views and opinions of Association Financial Services, LLC, and Association Financial, LLC, do not reflect the opinion(s) of any organization we may be affiliated with, nor are we making official statements on behalf of any company. Information contained in our blog is considered true and accurate to the best of our knowledge at the time of posting and as with any written article, there may be omissions, errors, or mistakes. Kindly notify us should you discover any so that they may be corrected immediately. The content provided is for informational purposes only and should not be considered advice, such as financial, legal, tax, or any other type of advice. Any information relied upon in our blog is used at your own risk. Therefore, we are not liable for any adverse consequences. We are not a professional in the topic or view discussed, unless otherwise stated, and you should always consult with a professional prior to taking any sort of action. We reserve the right to change or modify the content of our blog at any time, including the focus and/or content, and how it may be managed.

Leave a Reply

Your email address will not be published. Required fields are marked *

Call Now Button