ProtonBlog(new window)
Subscribe by RSS

Is it safe to email your bank details?

Ben Wolford(new window)

Share this page

Lots of people don’t use online payment platforms because they don’t want to pay the service fee, don’t trust them, or simply don’t know they exist.

Whatever the reason, there are a number of situations where you might need to email someone your banking information, including:

  • Putting down a deposit
  • Charging a client for work
  • Repaying a friend or relative
  • Providing a new employer with your payment details
  • Setting up a large purchase, such as for a house or car

This article covers the risks of emailing your bank details, along with comprehensive advice to keep your information safe.

Is it safe to send your bank account number via email?

Unless you use a private and secure email service, it’s not always safe to email your banking details, even if you know the recipient well and use a secure password.

First, ask whether you really need to share your information. After all, the best way to secure your data is to not share it at all.

Then consider the risks:

  • Unauthorized access to your email account
  • Lack of encryption in standard email services
  • Malware reading and transmitting email contents
  • Interception by malicious actors during transmission
  • Permanent storage of emails leading to future exposure
  • Human error: sending your information to the wrong person
  • The risk of your recipient forwarding your details to someone else
  • Legal and compliance risks: violating privacy laws or policies
  • Phishing scams tricking individuals into revealing sensitive bank details (more on this shortly)

It’s possible to significantly mitigate these risks with good security practices and the right tools.

How to safely email your financial information

The following are some basic safety tips to keep in mind when sending bank details or anything else you want to keep private in your email. Most of the advice has to do with maintaining account security, since unauthorized access to your inbox is one of the biggest risks to your data.

Use strong passwords and two-factor authentication

Your email account password is your first line of defense against anyone trying to access your emails. So be sure to use a highly secure password(new window) or passphrase, like the random strings generated in a secure password manager(new window). Passwords can be exposed in data breaches if they aren’t strong enough. But you can also accidentally give up your password in a successful phishing attack (more on that next). Always set up two-factor authentication for your account. (Proton Pass has an integrated 2FA(new window) feature.)

Always make sure the sender is who they say they are

Phishing is one of the most common tactics hackers use to steal your data and your money. Phishing is when an attacker uses deception to lure you into sending personal details, such as your account password. They might lie about their identity, or they might try to get you to click on a link or download an attachment that installs malware on your device. Some things to keep in mind with regard to phishing:

  • Your bank should never request your banking information via email, and you should never send it if asked. Contact your bank to report the phishing attempt.
  • Even if the sender is a friend, relative, or coworker, you should still contact them by other means (such as by phone or text) to verify it is them who has emailed you, not someone impersonating them.
  • Double-check invoices you weren’t expecting from vendors or other departments in your workplace. Scammers may even impersonate your boss. Often phishing attacks create a sense of urgency, in the hope you let down your guard. Any request for bank details that plays on your emotions is a red flag.

Find a provider that uses end-to-end encryption

Email providers use Transport Layer Security(new window) (TLS) encryption, which protects your emails as they travel over the internet but does not prevent your email provider from reading your messages. In the event of a data breach, however unlikely, the content of your emails could be exposed.

For stronger security and privacy, both you and your recipient should choose a provider that uses end-to-end encryption(new window). This means emails are encrypted before they ever leave your device and can only be decrypted by your recipient. (Note: If your recipient’s email service isn’t end-to-end encrypted, such as Gmail, their provider will be able to see your emails.)

Keep your financial documents secure

You can also encrypt financial documents like your bank statements. For example, you could use Proton Drive, then create a password-protected sharing link(new window), rather than attaching it to your email.

Proton Mail’s end-to-end encryption (E2EE) keeps both your attachments and your emails secure. However, if you or your recipient uses an email provider that doesn’t have E2EE, your attachments won’t be encrypted. One way around that is to send a Proton Drive sharing link rather than emailing a PDF.

Using Proton Drive is also a good idea if the files you want to share are too large to be attached to an email. While it’s unlikely any of your financial documents will exceed 25 MB, this is still worth bearing in mind.

How Proton Mail protects your sensitive emails

Despite the proliferation of online payment systems and financial services platforms, lots of people still prefer sending their banking details via email.

This is generally safe, as long as you have a strong password and you know the recipient is who they say they are.

That’s the bare minimum, though, which is why many people turn to Proton Mail.

Some people use Proton Mail only for a specific purpose, like sending their financial information, and another email provider for everything else.

This is perfectly fine, and makes sense for a lot of people. After all, ProtonMail has no ads, is totally free, and comes with a raft of cutting-edge privacy and security features which help seal off your inbox to threats:

  • End-to-end encryption(new window) means it’s simply not possible for anyone apart from you and your recipient to see your emails. This even extends to your attachments, so you can email your bank statements with peace of mind. Just remember: End-to-end encryption only works between two Proton Mail (or PGP(new window)) accounts.
  • Zero-access encryption(new window) keeps your information safe in the cloud on Proton’s servers, even for emails you receive from non-Proton email addresses, ensuring it can’t be shared with third parties or leaked in the event of a data breach.
  • Password-protected Emails(new window) keep your financial information secure even if the recipient doesn’t use end-to-end encryption. Just make sure you’ve shared the password with them via a different means of communication — or at least from a different email address. That way, anyone who hacks their account still won’t have the password enabling them to access the emails you’ve sent them.
  • Message expiration(new window) allows you to set your emails to delete themselves automatically after an amount of time you choose. This is a surefire way to “secure” emails containing sensitive information — by removing them from existence. After all, a permanently deleted email can’t be stolen, even in the event of a hack.
  • PhishGuard(new window) defends you against phishing attacks from accounts that use Proton Mail, by flagging potentially suspicious email addresses and clearly marking them in your inbox.
  • Two-factor authentication(new window) comes with all Proton accounts. When enabled, it requires you to provide a one-time passcode as well as your username and password when you log in. So even if your account is compromised, an attacker can’t access your account unless they have your device physically in their possession.
  • Auto-lock features on the Proton Mail iPhone(new window) and Android(new window) apps keep your sensitive information safe even if your device falls into the wrong hands. You can require a PIN, face recognition, or fingerprint authentication to unlock the Proton Mail app.

Proton is dedicated to making privacy easy and accessible for everyone, helping you take back control of your data from companies that seek to profit off your private information.

Proton Mail uses independently audited end-to-end encryption to keep your emails safe and secure, even in the case of a data breach. Only you can read your communications. Create your free account.

Secure your emails, protect your privacy
Get Proton Mail free

Related articles

Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage