Are file attachments in email safe for transferring financial documents?

Question

What kind of risks are involved sharing financial statements, tax returns, check stubs, and things like that over email?

I imagine if a financial institution receiving documents over some secure file upload server got their back-end hacked they would be able to trace the steps to see what access was granted and what actions took place with audit logs and what not. Email I'm assuming has no such protections.

I imagine hacked emails are to be handled case by case and wouldn't leave much of a paper trail of actions to follow what a hacker did coming over one's email. Such an event with email would lean more to a single individual breach where culpability and fault lies more with the email owner than an entire company where a breach would be more of a system wide event.

Is it advisable to use email and attachments to exchange documents with financial professionals such as loan brokers, real estate agents, financial planners, tax professionals, etc.

Answer 1

Generally, Emails are openly transferred through the internet, similar to a sending a postcard. Anybody having access to any of the server chain transporting it can read them when he feels like.

The only defense is the sheer mass - nobody can read billions of emails every day. But that is a thin layer of 'security' for your data - your decision.

Answer 2

If you are at all concerned, encrypt the file first. Then transmit the encryption key separately, preferably via another medium.

For details, see https://security.stackexchange.com/ Network protocols and encryption tools are out of scope here.

Remember too that transferring information is different from transferring legal documents. In particular, an image of a check is not a legal check, no matter what a scam artist says. Any document that requires a signature will probably have to be transferred physically. (Electronic signatures have their uses, but are not interchangeable with physical signatures, and recording one properly is not just a matter of scanning an image of a signature.)

Answer 3

There is a known risk that your email provider and their email provider can read the email.

There is a lesser known risk that someone else might be able to intercept the email between your provider and theirs, or between your provider and your network, or their provider and their network. Although emails are almost always transferred over encrypted connections these days, there's no way for you to actually know for sure. But this risk is mostly theoretical now, because all the big email providers insist on using encrypted connections only.

Is the risk relevant to a normal person? Not really.

Answer 4

Most email servers and services will transmit data, i.e. your email messages, via an encrypted connection (TLS). This would be using the same protocols as HTTPS. However, that's only the data as it passes across the Internet and would protect from man-in-the-middle style attacks.

That said, a very high percentage will also fall back to plain text connections if TLS is not supported by a receiving server.

As others mentioned, any individual server (MTA) will have access to the message, just like a postcard. Unless you are encrypting the message body itself (S/MIME, PGP, etc.) But, the headers (To, From, sometimes the Subject, etc.) can still be read. Like the outside of a envelope sent via the mail.

I would never send that type of information via email. Most corporations have an easy method to exchange secure email, or messages via a secure online portal of some kind.

Answer 5

As noted by many others, most connections between servers are encrypted, but the servers themselves can read the messages. In fact, the servers MUST read the messages in order to get the headers. The headers and the content are all sent together, so if a particular system can read the headers then it can also read the content, which includes the attachments.

Attachments are sent encoded via some method such asbase64. That makes it possible to send binary files but doesn't provide any actual security. A human looking at a raw email with an attachment will see gibberish for the attachment, but any email program sees it as an attached file.

But the biggest catch is that while mail transport mechanisms (e.g., SMTP) only look at headers, there are plenty of modern systems that require access to attachments and examine both text/html content and attachments. Some are good - e.g., filtering out spam and viruses. Some are annoying - reading messages to serve targeted advertising. And some may be downright evil - reading email messages and attachments to harvest confidential information.

Which means that unless you use separate encryption - that means either encrypting the entire email contents or encrypting attachments and keeping any critical information out of the email text, or using a secure (https) system for online messages to a specific company (that means a system hosted by/for that company - not a simple webmail system that lets you send to anyone) - you should not:

• Send critical information - e.g., passwords and other credentials, credit card or other banking details - in email text.
• Send critical information in an attachment, whether plain text or a scanned image.
• Send critical information via fax unless you send via phone (instead of via email-to-fax) and are 100% certain that the recipient receives via phone (instead of fax-to-email).

This last one is kind of funny - plenty of medical offices and some other companies insist on faxing sensitive information because "email isn't secure enough". They are correct about email, but they ignore the fact that many people who still have a fax number receive the calls via a fax-to-email service.

Answer 6

Email as a means of exchanging data has never been designed for security (nor was the layer below (TCP) nor the one below (IP)). Whatever goes through email must be assumed to be publicly visible.

Now, "publicly visible" is formally true but the public is technically small (the intermediates that route your message) and there must be a real interest in reading your email for someone to care. This can happen, though.

This is why what you transfer through this unreliable (security-wise) medium must be itself protected. Fortunately, this is easy: just encrypt the data. If you use relatively modern tools, MS Word/Excel documents or PDFs are perfectly safe when encrypted with a good password (a few (5+) random words separated with a dash to make it easy to share).

You would then share this password with the other party through an unrelated means (phone call, SMS, direct transfer in a park, ...).

This is more than enough for normal people. If you are James Bond then this gets tricky but then there are experts to do the technical part for you.

Answer 7

Most - not all - servers use SMTP to exchange emails. In some cases, an email may go from your server to the recipient's server via multiple hops. Each SMTP server stores the message in unencrypted format. To intercept the emails between servers is trivial technically speaking but nigh impossible practically due to the volume. A casual hacker can accomplish it only in the movies. A professional one can using expensive techniques. However, governments can do it very easily: They simply ask your email provider to monitor for keywords and forward them a copy in such cases.

The solution is end-to-end encryption. There are multiple methods for this. All of them would encrypt the email on your PC, send via SMTP, decrypt on the recipient's PC. A poor man's method would be: Put the files into a ZIP file and password protect it. Share the password separately. The email itself won't be encrypted, but the file would be.

Note on passwords: Anything known to more than one person is never secure; you can't tell how many others he has shared it with, nor how it was secured when it was shared.

A better method is using public/private keypairs. Look up the details. Basically, you and the recipient get an encryption key that comes in two parts. The public part is exchanged or placed on a keyring server. The private part never is.

If you use MS Outlook, look into something like: https://www.digicert.com/tls-ssl/secure-email-smime-certificates Using this method, the encryption/decryption is automatic and the email itself would be secure. Those who intercept your message would see garbled data only.