Security Risks of emailing paychecks through Outlook

15 pts.
Microsoft Exchange
Microsoft Outlook 2003
My company has just notified us that they will begin emailing check copies to employees with direct deposit. The file will be an Adobe PDF with four digit password. What kind of security / identity theft risks will this create for me?

Software/Hardware used:
Outlook 2003 with Microsoft Exchange

Answer Wiki

Thanks. We'll let you know when a new response is added.

I wouldn’t be too thrilled about this myself… As a user with a mailbox, administrators will have access to your email and mailbox at any time they choose. Make sure you keep your four digit pin safe, but if someone has that PDF document and intends to access it, they can try a brute force attack by using every combination of numbers until they finally succeed. The best way to avoid any security issues is to opt out of recieving the email or delete the email before the nightly backups.

The theory is good ,people like to know that their pay check has made it to the bank. However depending on the format the information is passed along in can lead to identity theft. Since the user is just interested in learning that the check made it in I would suggest limiting the amount of information that is sent in the confirmation email to user name; amount deposited; date deposited; and name of the financial institution. Leave out specifics like account number and bank routing number, etc. By limiting the amount of information to the basics you help keep the employee information safe. Just so you know a 4 digit pin can be broken in a matter of seconds with the proper tools. Can you make the password longer and alpha/numeric?

Good luck!


Good job! Minimizing the amout of personally identifiable info improves your security odds.
But there will always be rules you have to comply with that don’t have a security basis in mind. So go for what you can get to keep things safe.

Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • mshen
    Of couse, I'm stating the worst case scenario.
    27,385 pointsBadges:
  • Grgagrl
    They're saying it has to be the last four of the social because it has to be something that prints on the check. No routing numbers are being placed on it and the issuing bank name is being suppressed. I'm really hoping this will be enough.
    15 pointsBadges:
  • Sunsetrider
    Why not send an email to the employee stating that his pay check has been deposited, and a link to a secure site which can provide further information to that employee, after he/she has signed-on.
    860 pointsBadges:
  • Kevin Beaver
    Something like this wouldn't a chance against someone misusing a tool like Advanced PDF Password Recovery. If they can make the password longer and complex that'll help but it's still not foolproof.
    27,435 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: