5 Things You Should Never Put in an Email

Scam artists and identity thieves will be sorely disappointed if you heed this advice.

(Image credit: Gil-Design)

With endless tales of hacking, from computer networks to email servers, it may be time to take note of what by now should be the obvious: What’s in your email?

I spoke with cybersecurity experts for guidance on what not to put in an email – ever. Recommendations ranged from the specific to the wholesale. Brian Krebs of KrebsOnSecurity.com, the website that blew the lid off Target’s data breach in 2013, went so far as to advise only including information in emails that “you don't mind getting read by someone else or potentially on the front page of the paper.”

Adds security expert Adam Levin, chairman of IDT911.com, which provides ID-theft protection programs for consumers through employers and banks: “Assume anything you put in email is the equivalent of skywriting for anyone and everyone to see or for our friends at WikiLeaks to decide to index and publish.”

Subscribe to Kiplinger’s Personal Finance

Be a smarter, better informed investor.

Save up to 74%

Sign up for Kiplinger’s Free E-Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

Sign up

Yet, if you’re like many of us – still fairly cavalier about what you write in an email – some of these tips may surprise you.

Social Security numbers. Obvious, yes. Falling into the wrong hands, you or whoever’s Social Security number is captured, could be targeted for identity theft. But there could be times where you’re tempted to forward those nine digits. Your kid in college may have forgotten their number and suddenly need it, for example. Just…don’t. Provide the information in person or over the phone – via voice, not text – instead.

“It’s the skeleton key to your life,” says Levin. And remember, if you get an email from someone claiming to be the IRS in search of your Social Security number, don’t fall for this common tax scam. The IRS never asks for that kind of information via email or over the phone.

Computer log-ins, passwords and PINs. These could be personal or these could be company. If, for instance, a fellow employee working from home forgets the sign-in and password to your company’s computer system, it’s not a good idea to forward that information via email, which others could possibly access. Sensitive information is best delivered by phone or in person.

Credit card information. “Definitely don’t give up the expiration date and the last three digits on the back of the card,” says Christopher Elliott, a consumer advocate and founder of advocacy website Elliott.org. “An individual could wreak havoc with that information. Then you really have screwed yourself.”

There’s a reason your full credit card number isn’t on your monthly statement. Why casually give it out in an email?

“Credit card numbers, your frequent flyer number, any record locator, transaction number, all of these things, unless specifically asked of you, shouldn’t be in an email,” says Elliott. “There may be a way of exploiting those vulnerabilities.”

And it should go without saying the “specifically asked of you” part means make sure you know who you’re dealing with. Is the person seeking the information legit? And did you reach out to them? A stranger calling out of the blue asking for any personal info, especially if they pressure you to provide it immediately, is a sure red flag.

Your checking account and routing number. You rarely need to send this off to anyone, but there are times. Does your HR director need it to direct deposit your paycheck? While I’m sure you trust your HR director and the security of your company’s email system, that’s best done in person, say by handing over a voided check (which, I know, is very old school, but I do occasionally write checks).

In fact, says Levin, separate email accounts can add an extra layer of personal protection. Consider using one account for your personal email, a second for your correspondence with financial institutions and a third for contact with retailers (regarding online shopping).

Complaints about your coworkers. You really don’t want your snarky remarks to end up in the wrong hands – especially those of the colleague you’re complaining about. Best advice: Keep it offline (or just be nice).

Plus, hurt feelings could be the least of your problems. Be aware complaining about your coworkers via email is starting a paper trail – one that could lead back to you, and perhaps not in a good way. Always assume your employer can and will read your work emails , which could even go public if a legal dispute ever arises.

“On a business level, if you’re going to say something about someone that’s other than glowing, pick up the phone or walk next door – or keep it to yourself,” says Levin. “It could come back to haunt you, get you fired, create terrible PR issues for your organization or cause your company to lose consumer trust.”

Bob Niedt

Bob was Senior Editor at Kiplinger.com for seven years and is now a contributor to the website. He has more than 40 years of experience in online, print and visual journalism. Bob has worked as an award-winning writer and editor in the Washington, D.C., market as well as at news organizations in New York, Michigan and California. Bob joined Kiplinger in 2016, bringing a wealth of expertise covering retail, entertainment, and money-saving trends and topics. He was one of the first journalists at a daily news organization to aggressively cover retail as a specialty and has been lauded in the retail industry for his expertise. Bob has also been an adjunct and associate professor of print, online and visual journalism at Syracuse University and Ithaca College. He has a master’s degree from Syracuse University’s S.I. Newhouse School of Public Communications and a bachelor’s degree in communications and theater from Hope College.