If you’ve ever been targeted by a phishing scam, you know how frustrating it can be. Fortunately, there is something you can, and should, do to protect your Hushmail account – two-step verification.
If you’ve ever been targeted by a phisher (a cybercriminal who tricks customers into handing over credentials so they can break into accounts for theft or to send spam), you know how frustrating it can be. As phishers become more sophisticated in their techniques, customers are seeing more and more phishing attempts, and, unfortunately, many of them are successful.
Fortunately, there is something you can, and should, do to protect your Hushmail account. Two-step verification (also called multi-factor authentication) will immediately block a phisher’s plan to break into your account.
It can really ruin your day – multiple emails coming to you from clients complaining about the spam they’re receiving from your account.
When it comes to protecting your Hushmail account against hackers, strong, unique passwords are a good defense. However, phishers get passwords by asking for account information with very authentic-looking emails. It’s easy to get fooled into handing over your password. Here’s an example of a phishing email:
Subject: important Notice
To: undisclosed-recipients:;
Your account is missing billing information and your email service is about to be suspended, update your account information to keep active. Click the secured get started link below to confirm.
Note that you will not be billed if you have already paid but it is important you update your account with the requested information.
Get Started
secure/hushmail.com
Kind regards,
Copyright © 1999-2021 Hush Communications Canada Inc.
You might think you’re too smart to get caught in a phishing scam, but it happens all the time. The good news is if you have two-step verification turned on, even if a phisher manages to get your password, there’s a good chance they won’t be able to use it to access your account because two-step verification stops them short.
When signing in to your Hushmail account from a computer or device our servers don’t recognize, two-step verification requires you to verify your identity using two different methods. One is your strong, unique password. The other is a separate security code that's sent to a second device via text message, another email account, or generated by an app on your device such as Duo Mobile.
Once you enter the code, the device or computer will be “trusted," and further security codes will not be necessary to access your account for a year.
When two-step verification is on, no one can use your password to hack into your account because they will be unable to verify their device. They won’t be able to get the code!
All two-step verification methods are better than nothing. However, keep in mind that some offer greater security than others.
Using a verification app like Duo Mobile or Google Authenticator tends to be more secure than other methods because the verification code is generated in the app itself based on the time and a key that’s stored in the app.
Using a separate email account to receive the verification code is secure as long as you’re diligent about using strong, unique passwords for your accounts.
Receiving the code through text message is still better than nothing but be aware that SMS is not impervious to hackers. As stated in this Cnet article, “[h]ackers have been able to trick carriers into porting a phone number to a new device in a move called a SIM swap."
If you’re adding your account to a desktop or mobile mail program with our two-step verification feature enabled, you'll need to enter some additional information into the Password field in the mail program. You can read about how to do this in our help article.
Or contact Customer Success and we’ll be happy to help.
|
Two-step verification (also called multi-factor authentication) will immediately block a phisher’s plan to break into your account. Using a verification app like Duo Mobile or Google Authenticator tends to be more secure than other methods because the verification code is generated in the app itself based on the time and a key that’s stored in the app. Using a separate email account to receive the verification code is secure as long as you’re diligent about using strong, unique passwords for your accounts. Receiving the code through text message is still better than nothing but be aware that SMS is not impervious to hackers. Related posts: |
These resolutions will help keep your account and practice running smoothly so you can tackle the New Year with confidence and optimism.
Is it time to make the shift from traditional fax machine to an online fax service? If so, you can rest assured that Hushmail for Healthcare supports...
If you’re in the healthcare profession, compassion fatigue can set in when you least expect it. In today’s post, a few of our partners in the...