You probably use a free e-mail account for taking care of your personal business. For the most part, that is fine. After all, if there is nothing but e-mail forwards from Aunt Maude and pictures of your cat, the impact and motive for cracking your account is low. It is an inconvenience and a hassle but you can survive it.

If you’re like me though, you use your account for many things including personal and business purposes. You stay logged in for long periods of time and that can be a problem as explained on bloggingtips.com:

The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for emails with attachments and forward them to an email of their choice.

This filter will automatically transfer all emails matching the rule. Keep in mind that future emails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability, which was the cause of the injection, is fixed by Google.

Of course, blogging tips is concerned with domain theft which is a real concern if you have a domain set up through free e-mail services like Gmail. In this case though, they gain full access to your entire e-mail account and that is more worrysome for me than temporarily stealing my domain. If you pass any personal information through your e-mail, your business could be liable. And while using Google apps is an attractive package for startups looking to get Outlook-like functionality without the price tag, this instance certainly has given me pause about whether or not I use the apps.

So what can you do to protect yourself if you continue to use these services?

1. The security is less than your corporate e-mail account - Remember that even good, firewalled and protected corporate e-mail servers end up being cracked. Free e-mail services are generally fine but when the user base is so large, there is a big incentive to find weak points.
2. Don’t keep personal information there - Credit card numbers, social security numbers, date of birth and mother’s maiden name. Those are four dangerous things you can leave in your account that hackers can access. And not just your information but anyone else you have.
3. Opening strange links or attachments isn’t a good idea - This is e-mail 101 I know but this has happened to several very tech savvy people so I know it is always a good reminder.

As always, it is wise to do a background check on all applicants to avoid hiring these sorts of people. Just don’t keep the results of the background check in your personal e-mail account.