How to check if someone is snooping on your email

Email hacked breached
Email hacked breached

Do you suspect that someone may be accessing your emails and snooping around through your mail? With email still the most common method of communication, there is a high chance that your email account may get compromised at some point.

Maybe you have noticed that some of your emails have been disappearing or that emails have been mysteriously appearing in your Sent folder?

One way to detect that someone is reading your emails is to use a Canary Token. This tutorial will explain how canary tokens can help you determine if email snooping is taking place in your email account.

What is a Canary Token?

A canary token is an email that you send out to yourself with either a unique link or code that you will use to check if someone has been accessing your email. The email also contains hidden information which is invisible to the snooper, this way you can detect if they have accessed your email without giving the game away.

Think of it like a tripwire. When the canary token document is opened, an embedded message is covertly sent to a server. This triggers an alert that your email has been opened by someone else.

How to set up a Canary Token

Setting up a canary token is easier than it might sound and can be set up by anyone. Let’s go through the steps needed to get a Canary Token up and running.

1. Generate a Canary Token

Open up your browser and head over to to create your first Canary Token. In the ‘select your token’ drop-down box, choose a file type of either Word Document, Excel Document, or PDF document. For this example, I have decided to use a PDF document:

Canary token

Enter an alternative email address, not the one you want the Canary Token to be placed in. If you don’t have a secondary email account you may have to set up a throw-away Gmail email account for this.

Enter a description of the Canary Token to know where it was triggered – this is especially useful if you have set up several Canary Tokens across multiple accounts.

Canary Token
Canary Token

Click the ‘Create my Canarytoken’ button and download the document that was generated. I recommend naming the file something enticing such as ‘private-and-confidential.pdf’ or ‘important-passwords.pdf’.

Canary Token

2. Activating your Canary Token

Now that you have the Canary Token file generated, all you need to do is send the file to your email account and leave it there permanently.

When composing the email, create a tempting subject line and add some content that makes the document irresistible to open. Even the most restrained snooper will not be able to resist opening an email with attachment looking like this:

Private and Confidential Email

3. Testing your new Canary Token

Now that your trap is set, you can run a test to see how this works and check that it is working correctly.

Open the new Canary Token email, download the attached document and open it on your PC. That’s all you need to do. Within a few minutes, you should receive an alert email that your Canary Token has been triggered.

Canary Token Triggered

You may like to experiment with some of the other document types such as Word Document and Excel Document to find the one that works best for you.

Other uses for Canary Tokens

Email monitoring is not the only use for Canary Tokens. The same Canary Token can also be placed on the desktop of your PC or laptop to trigger if someone accesses your PC illegally. Even if someone transfers the document to another PC remotely and opens it, it will trigger an alert.

For those working in the IT industry, the Canary Token document can be placed on servers to get an alert that your server may have been breached.

Scroll to Top