Tag Archives: email

author's firefox monitor dashboard showing number of data breaches detected

Check Your Email Isn’t Exposed on the Dark Web

Pwned: Exposed on the Dark Web

“Pwned” is a deliberate typo for the word, “Owned”. “To Pwn” has its roots in the computer games world; it means to beat someone comprehensively.

Why Worry?

Email addresses on the dark web are available to hackers and spammers. At the very least you’ll be getting unwanted emails. The worst case: you’re on the way to getting your identity stolen.

A President Pawned

Yesterday I received an email from the president of an organization for which I do voluntary work. It said, “Do you have a moment I have a request I need you to handle discreetly. I am going into a meeting now, no calls so just reply my email.”

I checked the email address and, needless to say, it wasn’t from the president at all.

Since the committee members all received a similar mail, my first thought was that someone has hacked the account. However, it’s easy to check, so I did.

Pwned in Data Breaches

A “data breach” is where information has been exposed to public view, either intentionally or not. Turns out that the president’s email address was exposed in two data breaches, now available on the dark web.

president@ First Breach

The first was back in 2017, when the address was used by the previous president. This may have exposed the email address and password. I say, “may”, because it may be just the email address that’s exposed, without the password.

president@ Second Breach

The second is more serious and more recent: February 2019. Whilst it doesn’t include email addresses, it does have dates of birth, employers, genders, geographic locations, IP addresses, job titles, names, phone numbers, physical addresses. An email validation service, verifications.io, was hacked. To check an email address is valid, services like this comb all public records to build a comprehensive profile of the person behind the address.

Personal Data Available on the Internet

You’d be surprised how much of your personal data is available to on the internet. Records may be public, such as Companies House, the electoral roll, telephone directories, even on your own website. Or easily accessed, like Facebook and LinkedIn. Or may be given securely, in good faith, and then sold under the cover of small print, a practice used by some DNA profiling websites, for example.

Check Your Own Data Breaches

Check your email address at Have I Been Pawned. Enter your address here, and it’ll scout the dark web and list data breaches that contain it. Check all your addresses if you have more than one.

Check regularly using their monitoring service, which sends alerts to your inbox if it spots any of your addresses on the dark web.

alerts on have i been pawned menu

Protect Your Identity

  1. change your password on any breached websites, or delete your accounts
  2. make sure your anti-virus software and firewall are always up to date
  3. use strong passwords (HM Government has tips for staying safe online)
  4. use a Password Manager to generate, save and protect strong passwords (free password managers here)
abstract image made from at signs

Do You Break These Email Rules?

I Must Have Written Millions of Emails

Over the years, I’ve seen, and made, all sorts of mistakes with emails. To fix them I’ve adopted nine rules. They’re so obvious it’s a pity I (and maybe you?) don’t always follow them :o(

I often break rule 6 trying to be friendly, especially in these COVID-ridden times.

If you want to read the explanations below, please go ahead. If you don’t have time, here’s the list. Click a rule to see a brief explanation.

Rules for Writing Effective Emails

Rule 1. One topic, one email
Rule 2. Main point up front
Rule 3. Don’t change the subject
Rule 4. Email when you’re fresh
Rule 5. Use complete dates
Rule 6. Keep it brief
Rule 7. Take care with Reply All
Rule 8. Check your spam folder
Rule 9. Subject rule for meetings

Simple, innit? Do you always follow these rules? I try.

Rule 1: One topic, one email

The most effective emails contain just one question or message. Busy people receive 100s of them. They scan emails, so second and subsequent messages are often missed, rarely acted upon.
Back to list.

Rule 2: Main point up front

For busy email scanners, if you want something to happen, ask in the first sentence. Leave white space afterwards for emphasis.

Add all the reasons you want below. Some may read them. Your main actor will probably be too busy. However, s/he will see you have loads of justification and might actually act. If there’s no justification s/he may notice that, too.
Back to list.

Rule 3: Don’t change the subject

How often have you said to yourself, “I said that in my email yesterday”?

Did you change the subject? Did you start a new conversation in reply to something else? And did you Reply All? It’s convenient if you’re talking to the same group of people. Many people, seeing “RE:” on the same subject line once too often, won’t bother to read it.

If you want to talk about something else, start a new conversation. One with suitable words in the “Subject” field. See rule 7, too.
Back to list.

Rule 4: Email when you’re fresh

Don’t email late at night, when you’re tired, or after booze/chocolate/whatever turns you on. I’m not going to explain this rule further. If you really feel the need, wait until tomorrow to press “Send”.
Back to list.

Rule 5: Use complete dates

It happened again. I arranged a meeting for a day next month, 21 July. One colleague read it as June. If I’d said Wednesday 21 July he’d have found out very soon and wouldn’t need to be told.

Saves everyone a lot of time sorting it out, and some people find public mistakes like this embarrassing. It’s good to be kind.
Back to list.

Rule 6: Keep it brief

After you’ve finished writing that important email, read it again and see how many words you can remove without affecting the meaning. If it’s a really important mail, get someone else to do it too.

If it’s very short, will your entire message into the Subject field?

Nobody likes spending time on unnecessary waffle. People will appreciate your brevity.
Back to list.

Rule 7: Take care with Reply All

For two reasons, do think about “Reply All”.

  • save people time by not sending them irrelevant copies to open
  • don’t copy people into conversations that don’t concern them – it can be embarrassing

If the original sender copied in other people, they intended them to be aware of the conversation, maybe join in. Reply All can, inadvertently, share information you regret, especially if you change the subject (rule 3).

Avoid wasting people’s time unnecessarily: “Reply All” only if you think the sender was correct. Back to list.

Rule 8: Check your spam folder

Email systems continually update their spam filters. This is great, but they sometimes think emails you really want are spam.

Before you switch off for the night, look through your spam folder. Move non-spam to your inbox, otherwise, links may not work. Then delete the rest to keep it tidy.
Back to list.

Rule 9: Subject rule for meetings

Put the date and time of the next meeting in your email subject.

Recipients may consider your mail non-urgent and then lose it in overfull inboxes. Making it obvious reduces the risk of being ignored when they miss the meeting; makes excuses sound lame.

[Added November 2021 after a couple of embarrassing failures.]
Back to list.