Print

Training >> Browse Articles >> Communication

+1

Important Email Habits Tips and Tools

Important Email Habits Tips and Tools

James McFarlane

Email Attachments

Be sure to upgrade your antivirus before you open anything and remember to practice safe email habits.

- Do NOT open any emails from unknown senders.

- Never save or open an attachment from a suspicious email.

Specifically, never save or open any .ZIP, .SCR, .EXE, .BAT, .COM or even .JPG or .GIF files from such emails. These files can carry a dangerous payload and can be faked (the true nature and extension are hidden).

Forwarding Emails: Do Your Homework!

Every day I see email forwarded by someone trying to warn me of some new threat or with some “interesting news”. Unfortunately most of these types of forwarded emails are false. In most cases it is harmless forwarding of emails with the only drawback being extra junk in your inbox and floating around the Internet.

In other cases, these emails themselves are a threat. Some emails will inform you of a “threat” and give you steps to take to “fix” your computer or “remove” the threat. Following the “advice” in these emails can cause problems in some cases.

Please do NOT forward these types of emails or follow the instructions in them without first doing your homework. Do a search on the “information” you received. Below are a few good links to sites with information on hoaxes, myths and real threats. There are many sites that will help you find the truth about the emails you get, I like these ones.

TruthOrFiction.com

The Truth or Fiction site lists emails and topics and gives you “Truth” or “Fiction” information from their research. It can be quite amusing to just browse some of the information they have.

This site is well organized so you can select topics or just do a simple search.



http://www.truthorfiction.com/


F-Secure

F-Secure is an European based international computer security company. The information and tools available are very useful for your security.

Hoax Alphabetical listing –

http://www.f-secure.com/virus-info/hoax/


Hoax Search –

http://www.f-secure.com/hoaxes/


What is “Phishing”?

It is like fishing in the sense that criminals send out mass emails “bait” hoping someone bites. The bait is an e-mail out falsely claiming to be a legitimate organization like a bank, credit card company, online payment service, or any service, company or website they think people will trust in an attempt to trick people into giving private information that can be used for identity theft, theft from your bank, online account, etc. The e-mail will direct the unsuspecting person to visit a Web site where they are asked to update personal information, such as user names, passwords, credit card information, and bank account numbers, which the legitimate organization already has. This Web site, however, is spoofed and was set up only to steal information.

Link manipulation/spoofing

Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website it leads to) appear to belong to the spoofed organization. Misspelled URLs or the use of sub-domains are common tricks used by phishers. Another common trick is to make the anchor text for a link appear to be a valid URL when the link actually goes to the spoofed site.

Website forgery/spoofing

Some phishing scams use JavaScript to alter the address bar to make it seem legitimate. This is done by placing a picture of the legitimate company’s URL over the address bar, or by closing the original address bar and opening a new one containing the legitimate URL.

In another method of phishing that is quite popular, an attacker uses a trusted website’s own scripts against the victim. These types of attacks (cross-site scripting) are particularly nasty, because they direct the user to sign in at their bank or service’s own web page, where everything from the web address to the security certificates appears correct. This attack is very hard to spot as it is the link to the website is crafted to carry out the attack.

Damage caused by phishing

The damage ranges from loss of access to email and other online accounts to loss of money, investments, etc. Phishing is becoming more popular, because of the number of unsuspecting people who are easily tricked into divulging information to phishers. The collected information includes credit card numbers, social security numbers, and mothers’ maiden names. It is also possible that identity thieves can add more information to what they have gained through phishing simply by accessing public records. Once this information is acquired, the phishers may use a person’s details to create fake accounts in a victim’s name, ruin a victim’s credit, or even prevent victims from accessing their own accounts. As you can surmise the result can be a destroyed life. That is why it is extremely important everyone learns to recognize phishing and avoid being caught.

Recognizing Phishing and test your Phishing IQ

To help people learn more about phishing and to improve their ability to recognize it there are sites with information and tests you can take.

Microsoft: Recognize phishing scams and fraudulent e-mails – http://www.microsoft.com/athome/security/email/phishing.mspx


SonicWALL Phishing IQ Test – http://www.sonicwall.com/phishing


MailFrontier Phishing IQ Test – http://survey.mailfrontier.com/survey/quiztest.cgi?themailfrontierphishingiqtest


Netriplex Phishing Test – http://www.netriplex.com/phishfraud/phishing_test.aspx


The best advice is to learn to recognize phishing and spoofing. Please check and use the sites above. The next best is to use a browser and email program that help you to recognize phishing and spoofing. Browsers and email programs are adding some protection. I recommend using

Firefox for your browser and install an anti-phishing and anti-spoofing add-on. Once you have installed Firefox go to tools, add-ons, hit “get extensions” and search for the add-ons you want. Use Thunderbird for your email. Both are free and both are more secure than the Microsoft products. Get them here:

http://www.mozilla.com/en-US/products/?flang=en-US

Final note for the Security Conscious: Read Your Messages in Plain Text

Most e-mails written in HTML (Hypertext Markup Language: the authoring software language used on the Internet) are harmless. However, others contain malicious code. It is safer to set your e-mail program to only show messages in plain text format (often in the options or settings section of the software). This will prevent malicious code from running.

Back to more Anti-Virus, Spam & Protection Info.


AdminSecret School Finder

Save time in your search for a degree program. Use AdminSecret's School Finder to locate schools online and in your area.


* In the event that we cannot find a program from one of our partner schools that matches your specific area of interest, we may show schools with similar or unrelated programs.

Recent Activity

Photo_user_blank_big
romanico received the quiz result of "21-50% correct: Good effort", 2 months ago.
Photo_user_blank_big
tmiller received the quiz result of "Satisfactory", 2 months ago.
003_max30
new2admin gave a thumbs down to The Article "6 Ways Finding a Dream Job Is Like Finding Your Soul Mate", 2 months ago.
Photo_user_blank_big
kinsh1987 received the quiz result of "Legal Secretary ", 2 months ago.
Contactphoto-img_20141211_175940_max30
LoraJ commented on: "Lora Coats", 3 months ago.