I have known for a long time that Plusnet do not use an encrypted link for connections to IMAP or POP3 email clients but have just had a light bulb moment regarding this shortcoming. Being bored I have had a play with Wireshark. This has brought home to me the implications of a third party getting access to my wireless network. This could be leaked by various ways, for example a quick look (or snap from a camera phone) at the rear of the router is all that's required.

Anyway, what I have suddenly realised is that if some-one can connect to your wireless network, every time you check for incoming emails your user name and password can be easily extracted as it's shown in plain test. As the same details are used to access your Plusnet Account, every time emails are checked, in my case Outlook is set to do this every 30 minutes, your account user name and password is being transmitted in plain text for a snooper to pick up. This of course gives them full access to account details, telephone records, any security bolt settings, etc.

My solution is to change my wireless password from that on the router label and use my other secure non-Plusnet email account. I have forwarded any emails addressed to my Plusnet mailbox to the other account and deleted the Plusnet settings from my Email client.

I note that webmail can be accessed via a secure https link and hence is not exposed to this security flaw.