Email is still one of the top forms of communication and with it comes a lot of very nasty ways that very bad people can trick you into doing harm against yourself and others. We’ll give you the basic steps you can take to protect yourself from scams and malicious attacks. In this article we’ll try to cover some of the types of emails and what the threats are connected to them.
As with anything security related, the first line of defense is your brain. Antivirus and antimalware software is good, but not always effective against emails, due to the fact that emails usually require you taking an action, which can’t always be defended. So when you open up your email, be sure to think about what you are looking at, and follow a few simple rules before you do anything.
Simple and quick rules:
- Did I ask for this email? – If you did not specifically request to be emailed from a business or entity, then just move on. It’s SPAM at best, and a virus/malware at worst. Don’t even open it.
- Does it have an attachment? – STOP! Anything that comes with an attachment needs to be thoroughly vetted before you open an email. Make sure you are expecting the email with said attachment, or confirm with the sender that they sent you the attachment.
- Does it have a link? – STOP! These days links need to be treated on equal grounds as attachments. For best practices, NEVER CLICK LINKS. Even if the link looks legitimate it may not be. Most of the time simply mousing over (or hovering over) a link will reveal its true address (just where it gives you that information depends on the email client you use to read emails). If that address doesn’t look right, DON’T CLICK IT. In fact, just don’t click it anyway. However, if you absolutely must find out where it goes, copy the link, and check it using this free service at: http://www.virustotal.com
Types of Malicious email:
- Phishing Emails – Phishing emails appears as though they are from a legitimate web site, even one you may have or currently are doing business with. These emails try to trick you into clicking on a link to visit a bogus web site. In some cases the bogus web site may even look exactly like the company’s web site that you do business with, but it isn’t. Instead they’ll install malware onto your PC, or attempt to have you log in to your account, hence stealing your login information.
Phishing emails are written in a specific way, to make you believe that action is required urgently. They’re very good at making you think that the consequences for not taking action are drastic, and that you need to login immediately before something bad happens. These emails usually appear to come from banks, or Credit Card companies, or Credit Reporters. But they can also appear to be from law enforcement or some other authority as well, accusing you of some sort of violation. Keep in mind; No legitimate company or service is going to email you asking for your personal information without you first requesting their services that require it (in the form of a confirmation email).
- The Friendly Virus-Generated email – This is usually an email sent to you from a friend. Why would your friend send you an infected email? Well probably because they didn’t know. They may have opened an email from one of their friends, infecting their computer. Many viruses, once opened, immediately find the Contact List on the infected computer and send themselves out to every email address on that list before continuing its job.
Know that viruses these days are sophisticated enough that the only thing they need you to do in order to get them started, is simply open the email. This is why it is important for you to close the “Preview Pane” if you don’t have the security settings on.
It’s important to note that most email clients are no longer set to view images or attachments by default. But if you do view untrusted images within the “reading pane” or the “preview pane” you are exposed.
These are by far the most common attacks when a hacker wants to create a botnet, or Zombie-net (Network of infected computers – usually used in larger attacks on a specific target). The virus does no visible damage, but it does take over the computer when instructed, causing the virus to go unnoticed for a long time.
- Trojan Horse email – The promise of something cute, funny, amazing, or even a security update. It’s an attachment, and by now we all know what to do with attachments, right? Trojans can be anything from viruses that destroy your hard drive, to ransomware, which can actually hold your computer hostage (via encrypting all the data on your computer), until the ransom is paid or the time limit is reached.
So aside from the quick rules set above, how can I protect myself?
- Antivirus software. Get one, update it religiously, turn it on.
- Use your email clients spam filter.
- Pay attention to the companies you deal with online. Know what their emails look like and what to spot if something doesn’t look right. Call and confirm any email that you think doesn’t fit their mold.
- Use your brain. You know there isn’t a “Skinny Pill”, so stop opening those emails. They’re just going to make you sad.
- If you’re scared out of your mind right now, set your email client to “Text Only” email view.
Okay, that’s about it for this article. If you have any questions feel free to leave them in the comments section.
And Stay vigilant.