NordVPN’s email protection for more security and privacy

Email protection is necessary for anyone who uses email. Phishing and malware can affect everyone, from students to businesses — even the most careful people can fall for a convincing fake. Good email security tools can help users avoid falling victim to a scam or downloading malware onto their devices.

Email security consists of three main pillars:

• Email encryption protects the content of your emails so only the intended recipient can read them. The TLS protocol secures messages while they’re sent between mail servers, though it depends on whether both servers support TLS. For true end-to-end encryption, protocols like S/MIME or OpenPGP encrypt the content so only the intended recipient can decrypt it using their private key, regardless of the transport layer.

• Authentication verifies that an email really comes from the domain it claims to and hasn’t been changed. This uses domain settings and standards like SPF, DKIM, and DMARC.

• Threat detection finds and blocks harmful emails. It filters spam and phishing, scans attachments for malware, and checks links for unsafe sites. Suspicious messages are quarantined or rejected, though no system can guarantee detection of every threat, especially in the case of new or highly targeted attacks.

Some of the most dangerous email fraud threats include:

• Phishing. Emails that try to trick users into clicking on malicious links or giving away account credentials. Phishing examples might include messages with urgent account alerts, suspicious attachments, and fake password resets.

• Spear phishing. Personalized emails that hackers send to specific people or roles so it feels more believable.

• Whaling. Spear phishing aimed at an organization’s executives, asking for urgent payments or sensitive data.

• Email spoofing. A cyberattack in which a hacker sends an email with a fabricated sender address to make the victim believe it came from a trusted source.

• Business email compromise (BEC). Attackers pose as trusted parties to change payment details, approve money transfers, or steal sensitive information.

• Account takeover. A hacker steals email credentials and sends believable messages from the account.

To avoid email threats, try following these tips:

• Beware of “urgent” emails. Scams push panic. If the request is about money or accounts, confirm it via other communication channels.

• Look for errors. Check the sender’s full address and domain — misspellings or odd domains might signal that it’s a scammer trying to reach you.

• Preview links before you click. Hover the mouse over the links (or long‑press on mobile) to spot a phishing link.

• Be careful with attachments. If you didn’t expect a file sent to you, don’t open it. And never enable macros.

• Take care of your passwords. Use strong, unique passwords that consist of letters, numbers, and special characters. Also, make sure to never reuse them on different accounts.

• Set up multi‑factor authentication (MFA). Use MFA to put an extra layer of security on your email account with an additional authentication method, such as phone or biometrics.

• Update your software. Keep your device, browser, and email app up to date. Newest patches fix known vulnerabilities that attackers like to exploit.

If you accidentally open a suspicious email, don’t panic. First, avoid clicking on any links or attachments. If you’ve already clicked, run a virus scan on your device and change the passwords on the most sensitive accounts, like online banking, email, and other accounts linked to financial or personal data. Also, notify your email provider about the potential phishing attempt. Lastly, keep an eye on your accounts for any unusual activity.

Follow these tips to report and stop phishing attempts in the future:

• Use your email provider’s “Report phishing” option.

Gmail: Click the three dots in the top right and choose “Report phishing.”

Outlook: Mark an email that you want to report and hit “Report” at the top.

• Forward the message (include headers if possible) to reportphishing@apwg.org.

• Also report it to your national authority, for example, at reportfraud.ftc.gov if you’re in the U.S.

Yes, NordVPN’s Threat Protection Pro™ has a malware scanner that scans your files for malware as you download them. If the scanner detects malware, it allows the user to choose whether to remove the file or keep it.

Email protection works on Windows and macOS computers via Safari, Chrome, Firefox, Opera, Brave, and Edge. It isn’t supported on smartphones or tablets yet. For now, email protection works only with Gmail and Yahoo Mail via a browser. We’re working on adding other email clients soon.