Safe Computing: Email Safety and Phishing

From ITS Wiki

Jump to: navigation, search

Email Safety and Phishing

Email is an invaluable tool, but it can also be a way to transmit viruses and other malicious software.

  • Examine/consider any attachments you receive. Even if you know the person sending you the message, if you are not expecting an attachment, don't open it.
  • Be careful with links to web sites. Rather than clicking on a link within your email message, copy the URL and paste it into your web browser. Sometimes the underlying URL is different from the text that appears in the email message.
  • Never transmit financial, account or any other information you consider private via email. Sending an email message is like sending a postcard: it is easily read by people other than those for whom it was intended, including by having others forward your message to others.
  • Avoid being "phished." Con artists try to trick you into providing personal information through email or onto a web page as though they were a vendor with which you normally do business. This approach sometimes starts with an email supposedly from a bank, ISP or other business with which you may do business. The email presents a reason for you to "confirm" information with them and gives you a link to an official-looking online form. If you fill out the form, you are giving personal and financial information like credit card information, passwords and social security numbers to the scammers. This can lead to charges on your accounts or even identity theft.
    • Precautions:
      • Be suspicious
      • Examine web addresses (URLs) in emails to see if they look like legitimate addresses (You could look at the bank or business website to see if the URL match.)
      • In general, if a URL appears in an email, copy and paste it into your browser or, to be even more safe, type the URL directly into your browser.
  • Avoid spam (unsolicited email/ junk mail).
    • never reply to spam (you are just verifying that they have found a good address) even if there is an "unsubscribe" option
    • enable your email software's spam filtering features (See our previous tip on how to do this:http://wiki.centre.edu/its/index.php/Spam_Filters_and_Tips_for_Keeping_Email_Organized_and_Secure )
    • do not post your email address on any web page
    • use a free email account address (Yahoo, Gmail, etc.) when filling out web forms
    • when filling out a web form, uncheck the box indicating you would like "additional information" or "production information from related vendors"

References:

http://my.simmons.edu/services/technology/helpdesk/antivirus/phishing.shtml

http://www.wiredsafety.org/safety/email_safety/index.html

http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

http://www.stedwards.edu/it/security/phishing

Retrieved from "http://wiki.centre.edu/its/index.php/Safe_Computing:_Email_Safety_and_Phishing"