Staying safe online, Part I: Spam

The Internet, computers, and mobile devices have become omnipresent fixtures in our everyday lives. This makes it easy to check email, connect with an old friend or colleague, confirm your checking account balance, or look up a recipe for tonight’s dinner from almost anywhere.

Unfortunately, all of this wonderful connectivity and functionality have come at a price. Because we’re connected to the Internet almost all of the time, it’s appallingly easy for anonymous strangers with malicious intent to wreak havoc on our lives using little more than a laptop and the free Wi-Fi connection at a corner cafe.

Over the course of the next few articles I will discuss some of the most pervasive threats endemic to the Internet and what you can do to protect yourself from them.

In everyday vernacular, unsolicited bulk email (UBE) is referred to as spam. This nomenclature is a nod to a Monty Python sketch wherein Spam (the canned kind) is an ingredient in almost every dish on a restaurant’s menu. Likewise, junk email is everywhere.

Spam is an inconvenient and intrusive waste of time. At best, spam is annoying. At worst, it’s malicious and dangerous.

spam_inbox

Spam can harvest personally identifiable information (PII) from your computer and disrupt the function of your system by installing malware. Some spam can even turn your computer into a zombie in a botnet.

Here are some generally accepted best practices to reduce the amount of spam that gets to your inbox:

  • Use an email service provider that employs excellent spam filtering technology. Your current ISP probably provides some decent spam filtering features but, if you shop around, you can probably find a more effective solution elsewhere.
  • Become fully acquainted with the spam filtering features of your email client and use them to their fullest potential. I have heard dozens of people complain about the volume of spam that they receive but, when I ask them if they mark these emails as spam, most of them respond, “No, that’s too much trouble. I just delete them.” Your spam filters need to be trained to know what is spam and what isn’t, otherwise they just won’t work.
  • Spam often contains images such as photographs, clip-art, and logos. These images can contain spyware and/or malware which alert the spammer that his message has been opened and that the email was sent to an active and valid email address. Turn off the “automatically display images” setting in your email client, and only reactivate it on an individual basis for emails from known and trusted sources.
  • Only send or display your email address to groups of people that you actually know and trust.
  • Have two email addresses; one private, the other public. Never openly publish the private email address that you use for online banking and e-commerce transactions, and use the public email address for all other correspondence.
  • Get into the habit of reading the Privacy Policy prior to sharing your email address with any Web site. If you don’t like what you’ve read, simply take your business elsewhere.
  • When sending an email to a group of people, protect their email addresses by placing your own email address in the “To:” field and place everyone else’s email address in the “Bcc:” field. This will hide the email addresses of the recipients, and keep your friends, family, and business associates from getting mad at you for sharing their email addresses with third parties without their consent. If someone shares your email address with a third party without your consent, politely instruct him or her on the merits of the Bcc:” field (and, perhaps, send them a link to this article).
  • Never respond to spam, and never click on a link contained in a spam message. Ideally, you won’t even open spam messages. You’ll simply mark these messages as junk/spam in your email client and delete them.
  • Install antivirus and antispyware software that scans all email messages and attachments for malware, and be sure to keep this software updated (it’s best to set it to update automatically on a daily basis).
  • Configure your email client so that it won’t automatically download any email attachments, or accept any calendar appointments, without your consent. Only open email attachments from trusted sources and always scan them with antivirus software prior to opening them.

Probably the most insidious types of spam are messages that appear to be from legitimate people, organizations, or businesses that you already know and trust (i.e., your credit card company, bank, health insurance carrier, or a government agency). These messages often ask you to, “Please update your account information” and provide a handy link to a bogus Web site which is an exact replica of the one owned by the organization that is being fraudulently represented. This technique is called phishing.

phishing

Once you’ve entered your log-in information and ‘updated’ your account information, the scammer has you. It’s only a matter of time (often mere seconds or minutes) before he leverages this information to his advantage.

Other commonly used phrases in phishing scams include;

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

“During our regular verification of accounts, we couldn’t verify your information. Please click here to update and verify your information.

“Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

In a clever variation of the phishing scam, the scammer simply poses as your ISP or email provider to obtain the user name and password to your email account. With this information in hand, it’s pretty easy to get all of your other personal information and steal your identity entirely.

Phishing which uses information that is already known about the recipient (name, occupation, etc.) is known as spear phishing. Other common scams include advance fee fraud, the most popular variation of which is the Nigerian 419 Scam.

Here’s a list of things you can do to avoid these kind of scams:

  • Never provide personal or financial information, your user name, or your password in response to an email. Legitimate businesses will never ask you to confirm your account information in this manner.
  • There’s an old saying, “If there is any doubt, there is no doubt.” What this means in this context is that, if you doubt the veracity of an email, you’re probably right; it is most likely from a bogus source. Trust your instincts! That’s why you have them. Contact the supposed sender using their official Web site URL or phone number (don’t use the contact information provided in the suspicious email) and ask them if they actually sent the message.
  • As soon as possible after receiving banking or credit card statements look them over carefully for any fraudulent charges.
  • Be very suspicious of emails containing any kind of sales pitch or offer that sounds too good to be true.

By following these guidelines you can severely limit the amount of spam you receive, and you’ll reduce the probability that you’ll become the victim of malware or an email scam.

Facebooktwittergoogle_pluspinterestlinkedintumblrmail  rss