Lots of people don’t use online payment platforms because they don’t want to pay the service fee, don’t trust them, or simply don’t know they exist.
Whatever the reason, there are a number of situations where you might need to email someone your banking information, including:
- Putting down a deposit
- Charging a client for work
- Repaying a friend or relative
- Providing a new employer with your payment details
- Setting up a large purchase, such as for a house or car
This article covers the risks of emailing your bank details, along with comprehensive advice to keep your information safe.
Is it safe to send your bank account number via email?
Unless you use a private and secure email service, it’s not always safe to email your banking details, even if you know the recipient well and use a secure password.
First, ask whether you really need to share your information. After all, the best way to secure your data is to not share it at all.
Then consider the risks:
- Unauthorized access to your email account
- Lack of encryption in standard email services
- Malware reading and transmitting email contents
- Interception by malicious actors during transmission
- Permanent storage of emails leading to future exposure
- Human error: sending your information to the wrong person
- The risk of your recipient forwarding your details to someone else
- Legal and compliance risks: violating privacy laws or policies
- Phishing scams tricking individuals into revealing sensitive bank details (more on this shortly)
It’s possible to significantly mitigate these risks with good security practices and the right tools.
How to safely email your financial information
The following are some basic safety tips to keep in mind when sending bank details or anything else you want to keep private in your email. Most of the advice has to do with maintaining account security, since unauthorized access to your inbox is one of the biggest risks to your data.
Use strong passwords and two-factor authentication
Your email account password is your first line of defense against anyone trying to access your emails. So be sure to use a highly secure password(nieuw venster) or passphrase, like the random strings generated in a secure password manager(nieuw venster). Passwords can be exposed in data breaches if they aren’t strong enough. But you can also accidentally give up your password in a successful phishing attack (more on that next). Always set up two-factor authentication for your account. (Proton Pass has an integrated 2FA(nieuw venster) feature.)
Always make sure the sender is who they say they are
Phishing is one of the most common tactics hackers use to steal your data and your money. Phishing is when an attacker uses deception to lure you into sending personal details, such as your account password. They might lie about their identity, or they might try to get you to click on a link or download an attachment that installs malware on your device. Some things to keep in mind with regard to phishing:
- Your bank should never request your banking information via email, and you should never send it if asked. Contact your bank to report the phishing attempt.
- Even if the sender is a friend, relative, or coworker, you should still contact them by other means (such as by phone or text) to verify it is them who has emailed you, not someone impersonating them.
- Double-check invoices you weren’t expecting from vendors or other departments in your workplace. Scammers may even impersonate your boss. Often phishing attacks create a sense of urgency, in the hope you let down your guard. Any request for bank details that plays on your emotions is a red flag.
Find a provider that uses end-to-end encryption
Email providers use Transport Layer Security(nieuw venster) (TLS) encryption, which protects your emails as they travel over the internet but does not prevent your email provider from reading your messages. In the event of a data breach, however unlikely, the content of your emails could be exposed.
For stronger security and privacy, both you and your recipient should choose a provider that uses end-to-end encryption(nieuw venster). This means emails are encrypted before they ever leave your device and can only be decrypted by your recipient. (Note: If your recipient’s email service isn’t end-to-end encrypted, such as Gmail, their provider will be able to see your emails.)
Keep your financial documents secure
You can also encrypt financial documents like your bank statements. For example, you could use Proton Drive, then create a password-protected sharing link(nieuw venster), rather than attaching it to your email.
Proton Mail’s end-to-end encryption (E2EE) keeps both your attachments and your emails secure. However, if you or your recipient uses an email provider that doesn’t have E2EE, your attachments won’t be encrypted. One way around that is to send a Proton Drive sharing link rather than emailing a PDF.
Using Proton Drive is also a good idea if the files you want to share are too large to be attached to an email. While it’s unlikely any of your financial documents will exceed 25 MB, this is still worth bearing in mind.
How Proton Mail protects your sensitive emails
Despite the proliferation of online payment systems and financial services platforms, lots of people still prefer sending their banking details via email.
This is generally safe, as long as you have a strong password and you know the recipient is who they say they are.
That’s the bare minimum, though, which is why many people turn to Proton Mail.
Some people use Proton Mail only for a specific purpose, like sending their financial information, and another email provider for everything else.
This is perfectly fine, and makes sense for a lot of people. After all, ProtonMail has no ads, is totally free, and comes with a raft of cutting-edge privacy and security features which help seal off your inbox to threats:
- End-to-end encryption(nieuw venster) means it’s simply not possible for anyone apart from you and your recipient to see your emails. This even extends to your attachments, so you can email your bank statements with peace of mind. Just remember: End-to-end encryption only works between two Proton Mail (or PGP(nieuw venster)) accounts.
- Zero-access encryption(nieuw venster) keeps your information safe in the cloud on Proton’s servers, even for emails you receive from non-Proton email addresses, ensuring it can’t be shared with third parties or leaked in the event of a data breach.
- Password-protected Emails(nieuw venster) keep your financial information secure even if the recipient doesn’t use end-to-end encryption. Just make sure you’ve shared the password with them via a different means of communication — or at least from a different email address. That way, anyone who hacks their account still won’t have the password enabling them to access the emails you’ve sent them.
- Message expiration(nieuw venster) allows you to set your emails to delete themselves automatically after an amount of time you choose. This is a surefire way to “secure” emails containing sensitive information — by removing them from existence. After all, a permanently deleted email can’t be stolen, even in the event of a hack.
- PhishGuard(nieuw venster) defends you against phishing attacks from accounts that use Proton Mail, by flagging potentially suspicious email addresses and clearly marking them in your inbox.
- Two-factor authentication(nieuw venster) comes with all Proton accounts. When enabled, it requires you to provide a one-time passcode as well as your username and password when you log in. So even if your account is compromised, an attacker can’t access your account unless they have your device physically in their possession.
- Auto-lock features on the Proton Mail iPhone(nieuw venster) and Android(nieuw venster) apps keep your sensitive information safe even if your device falls into the wrong hands. You can require a PIN, face recognition, or fingerprint authentication to unlock the Proton Mail app.
Proton is dedicated to making privacy easy and accessible for everyone, helping you take back control of your data from companies that seek to profit off your private information.
Proton Mail uses independently audited end-to-end encryption to keep your emails safe and secure, even in the case of a data breach. Only you can read your communications. Create your free account.