A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Interception

Receiving email that is directed to another person

Email can be intercepted easily by others, especially if they are on the same network as you. Because email is text-based, the contents of your messages are easy for an interceptor to read.

To be absolutely certain that your email is not being read by anybody else, you should encrypt your messages or use special software to digitally sign your emails. (See Email – Spoofing.)

Protective Measures

Practices

  • Never send private information in an email: Don’t send private information over email unless you’re going to encrypt your messages. Be especially careful with information such as date of birth, credit card information, or private family information which someone could use to steal your identity.

  • Avoid using webmail as much as possible on public computers. Some organizations provide employees with web-based access to their work email so they can check their messages while on the road. When using webmail on public computers, information from the email is temporarily stored in the local disk and can be retrieved by attackers if not properly deleted.

Tools

  • Never send private information in an email: Don’t send private information over email unless you’re going to encrypt your messages. Be especially careful with information such as date of birth, credit card information, or private family information which someone could use to steal your identity.

  • Pretty Good Privacy (PGP): PGP is a publicly available tool that you can use to encode your emails and read coded emails from others. You can buy this software from PGP Corporation .

Connect Safely from Different Places

Office

Intercepted email at work could disclose information about your business to a competitor and may put your company (and your job) at risk. Be careful how you transfer business plans, quarterly reports, accounting information or corporate contact information.

Mobile

Mobile devices use wireless networks to send and receive email, and it is easy for attackers to intercept email you send and receive on these networks, especially if they can connect to the same wireless network as you.

On the road

You should be especially careful when you check your email account from a location that you do not control (e.g., an Internet café, a public library or a friend’s Internet connection), because the systems and networks that you use are owned and used by other people.

Ethical Issues

It is not unusual to receive email that was not originally intended for you because people sometimes send email to the wrong email address. If you read email that was not meant for you, you have intercepted this mail and may be accused of wrongly having done so. viewing business information from other organizations that was not intended for you is considered unethical, and it may also be illegal.

Use the Golden Rule here: if someone received an email that you mistakenly sent to them, how would you want them to handle the situation? Most likely, you would want them to not read the message; therefore, you should also not read such messages if they arrive in your email.

Also, employees and managers should avoid the temptation to intercept the email messages of others. This is a relatively easy process that many can master, so it makes sense to encrypt your email messages so that even if they are intercepted, they will be difficult to decrypt and read. Today, encrypted email is typically the only email that organizations will send.

Legal Issues

Intercepting email messages is illegal, just like opening and reading letters that are not addressed to you.

Privacy Issues

Depending on your email, webmail or mobile device service provider, your email may not be as private as you think. Someone could be able to get your password, read your email, and impersonate you, without even needing to intercept one of your messages.

Companies regularly state in their system policies that all information sent in company email is the property of the organization. Check with your company’s system administrator to learn the specifics of your company's privacy policies.

My home page