It’s hard to believe that even though internet based technology has driven us into a golden age of digital communication, we still face and struggle with basic scams and shady schemes on a daily basis. Take emails, for example. We’ve been using them on a domestic and industrial scale for over 20 years. You would think that by now we would all be able to spot the signs and red flags that could indicate malicious content or intent. Unfortunately this isn’t the case, but hopefully this guide to using email safely will help individuals, teams, employers and employees stay safe when communicating by email.
Using Email Safely – In the Workplace and at Home
Email Safety Tip #1: Be Sure of the Sender
Although not entirely foolproof it’s the best and most sensible place to start. Do you recognise the sender of the email?
While it doesn’t of course mean that it’s spam or malicious, if the message you received is from somebody that you don’t know then it’s wise to approach it with an underlying sense of caution just in case. Look for red flags. Is the content of the email in context with the service that you provide? Does it make sense for you to be receiving it, and were you expecting an email from this source?
In some cases, even if the email is from a known contact, there can be other red flags that you should keep a passive eye out for in case your contact’s account has been compromised. Is anything out of the ordinary? Does this person often email you, or is it quite unknown for them to communicate with you like this? Is the body of the email written in the same kind of language that this person might normally use? Was it sent at a sensible time of day that you would usually expect to hear from them? When it comes to using email safely, what we’re looking for is essentially a break in any pattern that could lead to identifying the source of the email as an untrusted sender.
If you really want to verify the sender, directly look into and – if necessary – contact the person or organisation that the email claims to have been sent by. Open your web browser, look them up on Google and see what comes up. Don’t follow any links from the email to do this.
Email Safety Tip #2: Don’t Take Immediate Action
A lot of emails with malicious intent will require you to take some form of action in order to achieve their task. This could be something as simple as clicking on a link or downloading an attachment.
Don’t. A dodgy email by itself generally doesn’t do a great deal of harm, and is often useless without the recipient finishing the job for them. Before you take any action at all you need to be sure that it’s not going to harm your computer or your business. Do this by verifying the sender and taking whatever steps necessary to be assured that the link – or attachment – is legitimate and harmless.
This even extends to “Unsubscribe” links. Many spammers will use a fake Unsubscribe link as bait for further malicious intent, such as taking you to a website that will infect your computer with viruses or cookies, or adding you to further communications lists. If you have identified the email as being spam then it’s best to avoid falling into this trap.
Email Safety Tip #3: Don’t Reply or Forward the Email
Don’t reply to an email that you’re unsure of. Anger, threats, even polite requests – none of these will be effective against spammers. There’s a good chance that the sender (whether human or bot) is listening for your reply, and by doing so you’re giving them a clear signal that you’re a potential target for continued spamming attempts.
Also, be a responsible email user and don’t forward the message to others. If it contains malicious content in the form of attachments or links you’re only helping to spread the threat. Using email safely also means helping to protect others and prevent the spread and exposure of potentially malicious intent.
Email Safety Tip #4: Beware of Phishers
A phishing email is an email that has been created to look like it came from a legitimate source by using a well known brand or service as cover. It might be dressed up to look like a PayPal communication, or a well known bank. Phishing emails usually attempt to create a sense of urgency with recipients. It might warn you that your account has been compromised, or tell you that you have funds available for withdrawal, and then invite you to log in to take action.
The objective of a phishing campaign is to trick recipients into taking some action such as following a link which will take them to a phishing website – again, branded and designed to look exactly like an official website. This fake website will ask you to log in, and in doing so will collect your username and password from you, giving hackers access to your account.
There are often signs that an email could be a phishing attempt. First, double check the sender name and email address. This could be subtly disguised, but some things will be off. For example, where the domain name should say paypal.com, it might actually say something like paypalcom.com.
Also, keep in mind that large and established organisations never send email communications of this nature. Treat messages that inspire urgency with caution. If your bank has something urgent to say to you, chances are they’ll call you.
Other things to look out for will be in the smaller details. Are there typographical errors? Is it professionally written? Many hackers and spammers operate from far-off non-English speaking countries, and so there can sometimes be telltale signs in the use of language, grammar and spelling.
If you think you have received a phishing email, take absolutely no action from within the email itself. Don’t click any links, or download any attachments. If you’re concerned the message may be legitimate but are still unsure, go directly to the website in question by opening your browser and typing in the URL manually. Contact the company and let them know that you think you may have received a phishing email.
Email Safety Tip #5: Turn On Your Filters
Most of the well known email clients such as Microsoft, Gmail and Hotmail come built-in with spam filters of varying tolerance levels. Make sure that yours is switched on. Further to this, many filters can be customised to allow mail from certain trusted sources, and reject mail from untrusted sources that you specify. Make use of this, as it can be a big help when it comes to using email safely.
Email Safety Tip #6: Check Known Spam Data Centres
Some well know internet security vendors such as McAfee and Symantec maintain a list of known spam email senders and their IP addresses. This can be a handy tool for using email safely, and verifying any email you have received that you think may be spam.
Email Safety Tip #7: Use a Dedicated Spam Blocker and Filtering Service
If you’re really serious about using email safety and protecting your computer – and your business – against spam and viruses then it might be worth considering using a dedicated anti-spam protection service. Such a service will screen, categorise and if necessary quarantine incoming mail items before they even reach your inbox, ensuring that 99% of unwanted span never even sees the light of day.
The SecureTide filtering system is updated thousands of times per day to ensure protection from even the newest spammer tricks and tactics. All filtered mail is quarantined, and a Held Spam Report is sent out on a daily basis to keep users up to date on what’s been blocked.
