I’ve spent countless hours working with email systems, website infrastructures, and online security protocols. In my experience helping small businesses build and manage their WordPress sites, one of the most frequently asked questions revolves around preventing email scams and keeping digital information safe. I’d like to share some of the strategies and best practices I employ personally, and which I consistently recommend to clients.
Email security is a pressing concern for everyone—whether it’s for your small business, or personal use. Scammers are constantly refining their tactics. Phishing attempts, malicious links, and social engineering scams have become so advanced that even savvy users can be caught off guard. Fortunately, by developing a strong cybersecurity mindset and putting some reliable systems in place, you can significantly reduce your risks. Here are strategies I recommend so you can better protect yourself, both personally and professionally.
1. Embrace the Power of Strong, Unique Passwords
The Risks of Reusing Passwords
One of the most common pitfalls I see is password reuse. Many people rely on a handful of favorite passwords and recycle them across multiple accounts. Doing so is akin to giving potential attackers a master key—if one account is compromised, all your accounts become vulnerable.
Create and Store Strong Passwords
To avoid this, it’s critical to develop strong, unique passwords for every online account. A robust password features a mix of uppercase letters, lowercase letters, numbers, and special characters. Additionally, some experts recommend using passphrases, which are longer strings of words or random text that can be easier for humans to remember and more difficult for computers to crack.
Using a Password Manager
Managing dozens, even hundreds, of strong, unique passwords can be daunting. That’s where password managers come in. I currently use Dashlane, but I have also used LastPass. Both are user-friendly and secure. When you store your credentials in a password manager:
- You only need to remember one master password.
- The software automatically fills in login details for your favorite websites.
- Your data is encrypted, and many of these tools provide extra features like password generators and alerts for exposed credentials.
There are many password managers available. If you’re not currently using one, do a bit of research to see which service feels most user-friendly to you. Whichever you pick, the important thing is consistency—stick to it for all your online accounts.
2. The Catchall Email Strategy: Your Secret Weapon
What is a Catchall System?
While many people understand the importance of strong passwords, an incredibly powerful yet lesser-known defense involves catchall email addresses. This is a system that can be set up in cPanel-based hosting environments, allowing you to create an infinite number of unique email addresses under your domain without needing to create separate full accounts.
For example, if your primary domain is mycompany.com.au
, you can generate unique email addresses for every service you use, such as:
westpac@mycompany.com.au
facebook@mycompany.com.au
myer@mycompany.com.au
- And more dynamically as you need them.
Why Catchall Helps
The main advantage is twofold. First, if any single site is compromised, the attacker only has access to that single email address—your “main” or personal address remains hidden from prying eyes. Second, it becomes incredibly easy to detect suspicious messages. Since each email address is tied to a specific brand, if you get a message to ticketek@mycompany.com.au
but it claims to be from a different brand or organisation, that’s a red flag that you might be dealing with spam or a phishing attempt.
In fact, I recently received an email claiming to be from NRMA but was sent to my ticketek@mycompany.com.au
address, which made it immediately suspicious. If you don’t see the expected brand name matching in the email address, you know something is off.
Setting Up a Catchall
If you’re hosting your website on a cPanel-based server (as all of my WordPress clients are), you can set up a catchall address. Essentially, this designates one mailbox (often something like info@mycompany.com.au
or admin@mycompany.com.au
) to receive all emails sent to any address at your domain that isn’t explicitly defined. You don’t have to create individual inboxes; all these dynamically generated email addresses funnel to one main mailbox.
Key Tip: Keep this primary mailbox as private as possible. In other words, don’t post it on your website or give it out to every lead form you see. Use the unique addresses instead. That way, if you detect spam or notice a data breach from a particular organisation, you can quickly set up a filter or block that specific email alias without affecting the rest of your inbox.
The o365 Limitation
Many small businesses use Microsoft 365 (formerly Office 365) for their email and productivity tools. Unfortunately, 0365 does not support a catchall in the same way that cPanel does. So if your setup relies on Microsoft 365, you won’t be able to take full advantage of this strategy unless you route your domain’s email to a cPanel server or a similar hosting arrangement. If you’re unsure about how to navigate these technicalities, you’re welcome to reach out for advice.
3. Recognise Common Email Scams and Tactics
Even with strong passwords and catchall addresses, you should always be vigilant about the actual content and appearance of the emails you receive. Phishing emails typically exhibit these characteristics:
- Urgency or Threats: Messages that pressure you to act quickly, threatening that your account will be closed or your bill is overdue.
- Mismatched URLs: Check the email link destination by hovering over it (without clicking). If the link points to a website unrelated to the brand or domain, it’s probably fraudulent.
- Poor Grammar and Spelling: Many phishing emails contain typos or awkward sentence structures.
- Requests for Sensitive Information: Legitimate companies will never ask for your password or personal details via email.
By training yourself and your team to spot these indicators, you significantly reduce the chance of falling victim to a scam.
4. Additional Layers of Defense
Two-Factor Authentication (2FA)
Alongside secure passwords and catchall addresses, consider enabling two-factor authentication wherever possible. 2FA requires you to provide an additional piece of evidence—usually a code generated on your phone—before you can log in. This makes it more difficult for hackers to break into your account, even if they somehow guess or steal your password.
Regular Security Check-Ins
It’s a good idea to periodically review your email security setup. Ask yourself:
- Have I changed my main inbox password recently?
- Are all employees or teammates following the same protocols?
- Do I have ongoing backups for my website and email?
Keeping these practices current ensures that your digital defenses remain strong.
Keeping Systems and Software Updated
Out-of-date software is an invitation to hackers. Always ensure your operating system, antivirus, and web browsers are up to date. If you run a WordPress site, make sure the WordPress core, theme, and plugins are all updated regularly to patch any security vulnerabilities.
5. A Quick Guide to Minimising Email Spam
While not all spam is malicious, it’s still a time-consuming nuisance. Here are quick tips to keep your inbox tidy:
- Use Email Filters: Set up rules so that emails containing certain keywords or from certain domains go directly to a “Junk” or “Spam” folder.
- Be Wary of Publicly Posting Your Main Address: Bots scour the internet looking for “@” symbols to harvest email addresses. Use contact forms on your site instead of posting your email directly, or implement the catchall strategy.
- Be Selective with Opt-Ins: Whenever you sign up for a new service, be mindful of any boxes that automatically opt you into newsletters. Uncheck the boxes you don’t need.
6. How We Can Help
Here at Dygiphy, our business model focuses on helping small businesses build and manage their WordPress websites. But our support doesn’t stop at hosting or design; it includes ongoing advice about cybersecurity measures. We understand the importance of protecting your entire digital presence—website, email, and beyond.
- Website Security: We can ensure your WordPress site’s core, themes, and plugins remain up to date, reducing the risk of breaches.
- Email Setup Guidance: If you host your email through a cPanel environment, we can walk you through setting up a catchall to create specialised addresses for different online services. This simple but powerful method can dramatically reduce spam and help you track potential data leaks.
- Customised Blocking & Filters: If you discover an email address is receiving spam that doesn’t match the brand name in the alias, let us know. We can help block or reroute that alias so you don’t have to endure spam from that source ever again.
Your inbox is one of the primary lines of communication for both personal and professional matters, so it’s essential to secure it thoroughly. By leveraging secure passwords, dynamic catchall addresses, and vigilance around suspicious communications, you’ll be in a strong position to keep scammers at bay.
7. Final Thoughts
Email is indispensable. But with its importance comes risk. Because so much personal and business communication takes place through our inboxes, scammers continue to evolve their methods, trying to slip in undetected. By following these strategies—using strong passwords in conjunction with a password manager, dynamically generating unique email addresses with a catchall setup, checking for brand mismatches in the “To” field, and staying vigilant about phishing clues—you can maintain a healthy layer of defense.
Of course, no strategy can guarantee you’ll never encounter a scam. But the steps outlined here make you a significantly less appealing target. Whether you’re running a small business or simply trying to keep your personal life secure, these measures go a long way toward eliminating headaches (and potential financial losses) associated with security breaches.
If you have any concerns about your existing systems or how to implement these methods, reach out. At Dygiphy, we strive to support our clients from every angle of their online presence, ensuring their digital assets remain both elegant and secure. After all, peace of mind in the digital era is priceless.
Thank you for reading, and here’s to a safer, more secure online experience for us all!