Plain-text emails can be a ticking bomb.


What is a plain text email? 


A plain text email, is just that. An email that uses text only. It has no graphics/images and uses simple font. It is a standard email, easy to use and universally readable.

When a plain text email is sent, it can easily be read by anyone. As the email travels from your email server to the recipient’s, a hacker will be able to easily intercept and gain access to read the message and any files attached. 

Plain text emails are vulnerable. Even if emails are encrypted in transit, they are stored in clear text which means 3rd parties, such as a hacker, can gain access to read the message and any files attached. Many plain text emails are sent nonencrypted and therefore open to Cyber-attacks.

📃 Post read – Never Send Private Documents on a Plain Text Email

There are various plain text emails with Confidential information still sent today by small, medium and large companies. 

If your company or your customer should experience a cyber-attack, it can cause financial and reputational damages for your company. 


Imagine that your customer requests his/her password to be reset on your trusted website. Your company sends an automated plain text email to the customer, with a new temporary password. If the customer/recipient’s email provider is nonencrypted, your email to your customer will be received by the customer nonencrypted. 

A hacker can then easily obtain the information of the new password from the non-encrypted email, which could cause a lot of damage

The hacker can:

  • Sign in to the website using your customer’s email and new temporary password. 
  • Check your customer’s personal details such as address and phone number linked to the account setup
  • Possibly have visibility to your customer’s payment methods, if linked to the account, or other private information.

And before you know it, the hacker has knowledge of parts of your customer’s identity and can use it to sell the information on the dark web.

Another case, which is unfortunately still too commonly seen in mainly smaller size companies, is requesting a customer’s Personal and Private Information in a plain text email: 

Requesting your customers to send Private information such as 

  • Snapshot of the passport picture page
  • Account details
  • Social security number
  • Proof of Address
  • Crypto Wallet address

can also easily be intercepted by a hacker if you exchange plain text email with your customer. 

📃 Post read – Why Any Users Exchanging PII Data Needs To Be Vigilant?

As your company is expected to safeguard your customers Private and Confidential information, your company could experience both reputational and financial damage, if safeguarding is not adhered to.  

If your company is exposed as not complying with regulatory rules, not having secure measurements in place when exchanging Confidential information electronically, your company would lose creditability. Customers would think twice about signing up for your services and you could lose current customers.  

Your customers need to trust that their Private Identifiable Information (PII) is communicated in a safe and end-to-end encrypted manner. 

Using encryption technology solves the challenges of data breaches when exchanging Private Identifiable Information on email. Implementing and using encryption for all your email communication means that the data is encoded and not readable or accessible to unauthorised 3rd party users.

Your email text content and attached files will be safely sent to and from your company. Your company can rest assured that you are taking the right steps to safeguard electronic exchange of Private Identifiable Information. This is important when proving to regulators that you have taken the necessary steps to comply with various regulatory rules.  Ex. UK and EU GDPR rules or US HIPAA requirements.

GDPR states that in order for a company to prevent data breaches, the company needs to implement appropriate technical and organisational measures. It sets out the necessary steps a company needs to take to protect personal data. This includes making sure to have technical measures in place to protect the transmission of personal data.

As per HIPAA security rules, you are permitted to transmit ePHI (electronic Private Health Information) provided the information you transmit is protected.  Using end-to-end encryption to exchange ePHI, will ensure the information is adequately protected. 

All companies using email and messaging to exchange Confidential Information need a safe, simple and effective end-to-end encryption solution. 


Fortknoxster Transfer offers just that. 

When signing up to use Fortknoxter Transfer, your company will gain access to the Fortknoxster dashboard. Here you generate a unique link to be used for your specific client, who needs to provide you with their Personal Identifiable Information (PII) – ex. a copy of a utility bill or passport information. 

The secure end-to-end encrypted link can be pasted into an email or a chat message.  

Once the client receives the link, they can upload their PII directly in the end-to end encrypted link. When the customer press send, the information is now transmitted to your company’s encrypted Fortknoxster dashboard. Peace of Mind.

Request your 7-day FREE trial, NO CREDIT CARD NEEDED