Email: What’s safe, and what isn’t
We love email — It’s a great way to keep in touch with friends and family, and for many of us it’s an essential part of our jobs. The problem is that criminals love email too — it’s inexpensive, hard to trace and an easy way to distribute viruses, harmful software and scams.
So what are the threats, and how can you avoid them? We’ve got your answers:
Viruses and malicious software
Viruses, worms, “Trojan horses” and other malware can cause damage to your system which is time-consuming and costly to fix. Not only can you lose your data, someone could hack into your computer for their own purposes — such as using your address book to distribute the virus to your contacts. There are three main ways to “catch” a virus from email:
Opening an email: Viruses or malware can be embedded in the HTML or RTF (rich-text format) code of the message and set to activate when you read the message. Microsoft Outlook and Outlook Express used to be particularly vulnerable to attack given their tight integration with other software — even viewing the message in the “reading pane” could trigger the attack.
However, most email programs now protect against this threat by disabling script or blocking certain types of code in the message.
Opening an attachment: Attaching files to an email is a quick and easy way to share information — and one of the most common ways to transmit viruses. Opening the email alone won’t do it, but your computer will become infected when you open an attachment which is a virus or contains a virus.
Clicking on links can take you to an infected website or automatically download a virus or malware to your computer.
How can you protect yourself? Automatic processes and common sense are your best protection:
-Adjust your security settings. If you don’t use one already, activate the spam filter in your email program. Turn off any options that allow attachments to download automatically or scripts or “ActiveX controls” to run. Experts still advise that “plain text” emails are the safest to view, but you can also limit the HTML code by adjusting your email settings.
– Ignore and delete emails from senders you don’t know, especially if they contain attachments.
– Beware of the unexpected. Viruses can take control of email address books and send out messages to family, friends and colleagues. In other words, just because you know the sender doesn’t mean the message is safe. If you weren’t expecting an attachment, double check with the person who sent it before you open it.
– Scan it. Set your anti-virus software to scan emails and attachments. As an extra level of protection, save attachments and manually activate a virus scan before you open them.
Remember, “when in doubt, don’t” — don’t open the email or its attachments, download or run any software or click on links.
Phishing scams
Phishing is the process of sending out an official-looking email in order to get victims to supply sensitive information like passwords, banking information, credit card numbers or social insurance number. The email may say there is a problem with your account and directs you to a website to verify financial information or enter your email and password. The con-artist could be posing as your bank, a local charity, a government institution, a business or a hiring employer, but their goal is to steal your cash or your identity.
The reasons these schemes are successful is that the emails and websites appear to be legitimate — a technique known as “spoofing.” Con-artists steal
design elements (logos, colour schemes and layout) or source code from websites and legitimate emails to create their own fraudulent versions — a wolf in sheep’s clothing, so to speak.
It’s hard to tell the real from the fake, but here’s what you can do:
– Assume it’s a fake. Any email asking for sensitive information should be treated with suspicion. While many companies do send out emails advertising new products or services, they usually call their customers directly if there is a problem with their account.
– Read closely. Watch for mistakes in spelling and grammar throughout the email — the “spoofed” part may be correct, but the added content may contain errors. Look for language and slang that may seem out of character for the person or organization supposedly sending the email. Is the tone formal in one part of the email, and more casual in another?
– Verify. If you think it might be a legitimate request (e.g. the message could be from a company you deal with) contact the institution yourself to see if there is a problem. Ignore all phone numbers and links in the email — you don’t know what’s at the other end — and instead look up the phone number or website via an internet search engine or phone book.
– Go to another source. If the message is from a company you don’t know, don’t try to contact them. Instead, stick to reputable sources for help. For example, if you receive an email confirming a purchase you never made, watch your credit card statement and contact your credit card company. Don’t open any attached “invoices” or “receipts” — they will likely contain a virus.
Charity scams, vacation scams, financial scams and other hoaxes are also perpetuated through email. More information about these issues can be found at 50Plus.com.
Privacy
Email should be considered part of your personal information — just like your mailing address and telephone number — and guarded with the same protection. You can cut down your exposure to spam and harmful risks by take a few precautions:
– Protect access. Change your email password from time to time, and never give it out.
– Create a separate email account for wide distribution. Sign up for a free service like Yahoo Mail, Hotmail or Gmail to use for social networking, newsletters and newsgroups, promotions and online dating.
– Beware of the bounce. Received a “could not deliver this message” notification for an email you didn’t send? Check your “sent messages” folder for signs that someone has hacked into your email. Otherwise, the error message is either a trick to get you to read the email or your address was used in the “from” field of a spam message. (See Symantec’s website for more information on this issue).
– Post with caution. If your address appears on a website, whether it’s personal, professional or for a volunteer organization, make sure to disguise it from automatic scanning processes that capture your address and add it to spam lists. Switch out some of the characters such as (at) instead of @, and spell out “dotcom” instead of .com.
– Read the fine print. Before you sign up for a newsletter or alert, read the privacy policy first to make sure your information won’t be shared. Legitimate businesses should always have a feature to allow you to “unsubscribe” and should never send you emails which you didn’t request.
– Mind your CCs and BCCs. If you’re sending out a single message to multiple recipients who don’t know each other, protect their information by posting your own address in the “to field and list everyone else in the “BCC” (blind carbon copy) field rather than the “CC” field.
– Clear your cache. Adjust your internet browser settings to clear all personal information when you shut down the program, especially if you’re using a public computer.
When it comes to harmful emails, even the most careful people get caught sometimes. It’s important to know how to react, and to take action quickly if you become a victim. For example, if you suspect your email account has been compromised, change your password and contact your provider’s help support for more information. A virus may require attention from a professional if your anti-virus software can’t resolve the issue.
There are several organizations to which you can report phishing scams and fraud, including the Federal Trade Commission, the Anti-Phishing Working Group, SCAMwatch and Phonebusters.
If you’ve given out your personal or financial information, treat it as a potential case of identity theft and contact your financial institutions and your local police fraud unit.
Resources: Anti-Phishing Working Group, Phonebusters, US-CERT Virus Basics
Photo ©iStockphoto.com/dra_schwartz
'%3E %3Cg id='Group'%3E %3Cpath id='Vector_2' d='M12.4876 13.8996V13.4213H0.743091V15.2149H9.18805L9.22196 15.2685C9.19653 15.2272 3.24373 25.2836 0.74521 29.5469C0.420975 30.1015 0.0797856 30.7158 0.0797856 30.7158C0.0713089 30.7323 0.0585938 30.755 0.0585938 30.755H12.1401V28.9614H3.67181L3.6379 28.9078C3.37512 29.1222 12.4876 13.8996 12.4876 13.8996ZM36.1229 22.115C36.1229 26.4896 33.7537 29.18 31.1683 29.18C28.5829 29.18 26.1861 26.4896 26.1861 22.115C26.1861 17.7403 28.5553 15.0231 31.1683 15.0231C33.7812 15.0231 36.1229 17.7403 36.1229 22.115ZM22.0155 22.115C22.0155 26.4896 19.6462 29.18 17.0587 29.18C14.4712 29.18 12.0765 26.4896 12.0765 22.115C12.0765 17.7403 14.4458 15.0231 17.0587 15.0231C19.6717 15.0231 22.0155 17.7403 22.0155 22.115ZM38.223 22.0613C38.223 16.7095 35.0443 13.1492 31.1661 13.1492C27.288 13.1492 24.3402 16.4312 24.0987 21.4326C23.8592 16.4333 20.7842 13.1492 17.0587 13.1492C13.3332 13.1492 9.97427 16.7074 9.97427 22.0613C9.97427 27.4153 13.1785 31.0003 17.0587 31.0003C20.9389 31.0003 23.8592 27.7183 24.0987 22.6922C24.3402 27.7162 27.4406 31.0003 31.1661 31.0003C34.8917 31.0003 38.223 27.4421 38.223 22.0613ZM51.3747 30.755H53.5257L52.3178 13.4213H50.1668L45.797 27.3328L41.4273 13.4213H39.2763L38.0662 30.755H40.2172L41.0352 19.0247L44.7205 30.755H46.8714L50.5567 19.0247L51.3747 30.755ZM53.9453 30.755H62.3797V28.9614H56.0963V22.9293H60.964V21.1357H56.0963V15.2128H61.8859V13.4192H53.9453V30.7529V30.755ZM69.3624 18.2021C69.3624 20.1029 68.1333 21.1625 66.7367 21.1625H64.893V15.2128H66.7092C68.1333 15.2128 69.3624 16.3261 69.3624 18.2021ZM71.5134 18.1753C71.5134 15.2128 69.3348 13.4213 67.0164 13.4213H62.7993V30.755H64.893V22.9313H66.7092L71.5112 30.755H73.997L68.8601 22.4695C70.369 21.8717 71.5134 20.3502 71.5134 18.1773' fill='%23231F20'/%3E %3C/g%3E %3C/g%3E %3C/g%3E %3Cg id='Group_2'%3E %3Cpath id='Vector_3' d='M9.67285 8.56629V3.50513H12.6249V4.11535H10.5947V5.71719H12.2943V6.32742H10.5947V7.954H12.9046V8.56423H9.67285V8.56629Z' fill='%23231F20'/%3E %3Cpath id='Vector_4' d='M17.6819 8.6137H17.2581L15.1855 3.50513H16.1392L17.0822 5.86975C17.2178 6.20991 17.362 6.63872 17.4976 7.05103H17.5188C17.6544 6.64696 17.7879 6.2264 17.9341 5.86975L18.8666 3.50513H19.7482L17.6862 8.6137H17.6819Z' fill='%23231F20'/%3E %3Cpath id='Vector_5' d='M22.4072 8.56629V3.50513H25.3593V4.11535H23.3291V5.71719H25.0287V6.32742H23.3291V7.954H25.639V8.56423H22.4072V8.56629Z' fill='%23231F20'/%3E %3Cpath id='Vector_6' d='M31.6164 8.56629L29.9698 6.32123H29.2959V8.56629H28.374V3.50513H30.0948C30.9552 3.50513 31.805 4.01227 31.805 4.90906C31.805 5.54402 31.3896 5.97283 30.8725 6.16249L32.6654 8.56629H31.6185H31.6164ZM29.9592 4.10711H29.2959V5.71719H29.9592C30.436 5.71719 30.8704 5.43888 30.8704 4.90906C30.8704 4.37923 30.436 4.10711 29.9592 4.10711Z' fill='%23231F20'/%3E %3Cpath id='Vector_7' d='M37.5849 6.27382V8.56629H36.6737V6.28206L34.6943 3.50513H35.667L36.6503 4.90081C36.8156 5.13789 37.0021 5.38528 37.1378 5.59968H37.159C37.3031 5.39353 37.5001 5.11522 37.657 4.90081L38.6403 3.50513H39.5621L37.5828 6.27382H37.5849Z' fill='%23231F20'/%3E %3Cpath id='Vector_8' d='M44.3084 4.11535V8.56629H43.376V4.11535H41.7188V3.50513H45.9656V4.11535H44.3084Z' fill='%23231F20'/%3E %3Cpath id='Vector_9' d='M52.0484 8.56629V6.32948H49.499V8.56629H48.5771V3.50513H49.499V5.71926H52.0484V3.50513H52.9808V8.56629H52.0484Z' fill='%23231F20'/%3E %3Cpath id='Vector_10' d='M56.2129 8.56629V3.50513H57.1453V8.56629H56.2129Z' fill='%23231F20'/%3E %3Cpath id='Vector_11' d='M64.7402 8.64463L62.4091 6.17693C62.0467 5.79553 61.6208 5.31106 61.2796 4.91524L61.2584 4.92349C61.2796 5.3523 61.2902 5.7811 61.2902 6.13776V8.56629H60.3789V3.50513H61.0316L63.1868 5.82233C63.4878 6.14806 63.9222 6.63872 64.2337 7.00362L64.2549 6.99537C64.2337 6.62223 64.2231 6.17899 64.2231 5.83677V3.50513H65.1344V8.64669H64.7402V8.64463Z' fill='%23231F20'/%3E %3Cpath id='Vector_12' d='M70.9048 8.64416C69.4235 8.64416 68.0566 7.69172 68.0566 6.03421C68.0566 4.37671 69.4659 3.41602 70.8752 3.41602C71.5999 3.41602 72.17 3.57476 72.5324 3.78091L72.3883 4.42412C72.0471 4.21797 71.5491 4.05098 71.0002 4.05098C69.9639 4.05098 68.9912 4.77253 68.9912 6.04246C68.9912 7.31239 69.9448 8.01745 70.9599 8.01745C71.405 8.01745 71.7567 7.93911 71.975 7.7948V6.61352H70.8349V6.03421H72.8354V8.12877C72.3586 8.47718 71.7271 8.64416 70.9091 8.64416H70.9048Z' fill='%23231F20'/%3E %3C/g%3E %3Cpath id='Vector_13' d='M0.0839844 1.00212L73.997 1' stroke='%23231F20' stroke-width='1.25' stroke-miterlimit='10'/%3E %3Cpath id='Vector_14' d='M0.0839844 10.9116H73.997' stroke='%23231F20' stroke-width='1.25' stroke-miterlimit='10'/%3E %3Cpath id='Vector_15' d='M4.91016 4.15649L3.55812 4.13794L5.18777 5.7068L0 5.6532V6.5974L5.20049 6.651L3.61321 8.18068L4.96526 8.19718L7.0018 6.20157L4.91016 4.15649Z' fill='%23D71920'/%3E %3C/g%3E %3C/svg%3E)
