December 11, 2008
0
Email was originally designed to enable academics and scientists to communicate with one another. And because it was created with the thought that only trusted individuals would send files back and forth, email's security weaknesses were never a concern while the technology was being developed. Unfortunately, spammers and hackers came along with the popularity of email, but by then the technology was far too popular to redesign. As a result of its inherent security weaknesses, it is very important to take the necessary steps to strengthen your email security through add-on protections and by tailoring the way you use your email.
1. Use a first-rate email client
Just because all email clients deliver your email, does not mean they are equally effective when it comes to PC security. An effective email client should provide your computer with another layer of protection by effectively filtering out all the unwanted email messages bound for your inbox, as well as providing some basic email attachment virus scanning.
Suggestions:
• Google Mail (GMail) is one of the best web-based email clients, providing you with top of the line spam filtering that will keep your inbox free of almost all unwanted messages. Unfortunately, however, its virus scanning capabilities leave a lot to be desired, so you'll want to manually scan all email attachments using your personal virus scanner before you download.
• Mozilla's Thunderbird is a highly regarded, award winning, spam-fighting standalone email client. Thunderbird has to be configured for a POP or IMAP based email server just like Microsoft Outlook. But once you setup Thunderbird, you'll be well on your way to keeping your inbox free of spam.
2. Handle email attachments carefully
When you download an attachment, your computer presumes that you know what you're doing. Consequently, your firewall won't check the attachment to make sure that its safe, which leaves just a cursory scan by your email client as the only protection between an attachment and your computer. Given the low level of security surrounding attachments, it's no surprise that hackers often try to hide their harmful programs in spam email attachments. In fact, an estimated 90% of viruses enter computers this way. Given those stats, it is important to always follow best practices when handling all email attachments in your Inbox.
Suggestions:
• Do not open attachments from strangers, or even from well-known companies, no matter how official or familiar the email appears to be. Spammers often use very creative techniques to make their emails and their attachments look legitimate, and they are getting increasingly good at it. So simply closely examining emails with attachments before downloading is no longer a sufficient security strategy. Instead, you should adopt a strict no attachment policy from strangers or companies, and go to the company website directly to get the needed information instead.
• If a friend's computer is infected, it's possible that you'll receive email with virus-infected attachments that appears to be (or actually is) from them. Thus, a familiar sender alone is not enough to ensure that an attachment is safe. If you're not expecting an attachment, call, IM or VoIP the person to verify that they intended to send it before you open the attachment.
3. Do not click on email links haphazardly
A common phishing scam technique is to imbed a link in an authentic-looking but fake email message which leads to a malicious website. These email messages usually try to trick people into clicking on the link and giving up personal information in order to supposedly "confirm their financial information" or even just to "unsubscribe" from a newsletter they never signed up for in the first place. Another variant on this same scheme simply installs a virus on your computer after you click on the link via a technique called drive-by downloading. But whatever the specific harm inflicted, the point is simply that embedded links in emails can pose an enormous PC security risk.
Suggestions:
• Do not click on links in questionable emails. Reputable companies might send an email saying there's a problem with your account, but they'll never include a link "for your convenience" proclaiming to have lost all of your data.
• Even if you personally follow email best practices, family members using shared email accounts may still unwittingly click on malicious links and infect your computer. Consequently, you may want to disable "HTML email" so that embedded links in emails no longer function, as well as educate family members on some of the most common techniques scammers and hackers use.
4. Set up email filters
Reputable Internet Service Providers (ISP's) are all currently developing effective spam filtering in order to minimize the amount of spam that reaches your email client. And just as that extra level of filtering helps to reduce the levels of spam that reach your inbox, so too you can add your own supplemental filtering level by setting up your own personal email filters. While your ISP filter and email client filter will together dramatically limit the amount of spam that gets through, it is only by adding a manual filtering component through custom filtering that you can achieve near zero spam levels.
Suggestions:
• Start with an effective email client and add custom filters. GMail allows you to create a number of email aliases that all connect to your existing email address, which will allow you to divide up incoming emails into folders dependent upon the particular variant the email was sent to. So, whenever you sign up for a new newsletter, you can use a new variant on the email. If a newsletter ends up selling your name to spammers, you can simply block that email variant and voila, you have stopped the flow of spam and identified which newsletter is secretly selling readers' contact information to the highest bidder.
• If you don't have access to email aliases, you can accomplish exactly the same thing by setting up multiple free email accounts and designating one specifically for newsletter signups. If you don't want to keep up with all those email accounts, you can even use a self-destructing email account such as 10minutemail which will allow you to confirm your subscription to a newsletter or service, but which won't put your real email in danger of picking up spam.
Safely Emailing
Email was originally designed to enable academics and scientists to communicate with one another. And because it was created with the thought that only trusted individuals would send files back and forth, email's security weaknesses were never a concern while the technology was being developed. Unfortunately, spammers and hackers came along with the popularity of email, but by then the technology was far too popular to redesign. As a result of its inherent security weaknesses, it is very important to take the necessary steps to strengthen your email security through add-on protections and by tailoring the way you use your email.
1. Use a first-rate email client
Just because all email clients deliver your email, does not mean they are equally effective when it comes to PC security. An effective email client should provide your computer with another layer of protection by effectively filtering out all the unwanted email messages bound for your inbox, as well as providing some basic email attachment virus scanning.
Suggestions:
• Google Mail (GMail) is one of the best web-based email clients, providing you with top of the line spam filtering that will keep your inbox free of almost all unwanted messages. Unfortunately, however, its virus scanning capabilities leave a lot to be desired, so you'll want to manually scan all email attachments using your personal virus scanner before you download.
• Mozilla's Thunderbird is a highly regarded, award winning, spam-fighting standalone email client. Thunderbird has to be configured for a POP or IMAP based email server just like Microsoft Outlook. But once you setup Thunderbird, you'll be well on your way to keeping your inbox free of spam.
2. Handle email attachments carefully
When you download an attachment, your computer presumes that you know what you're doing. Consequently, your firewall won't check the attachment to make sure that its safe, which leaves just a cursory scan by your email client as the only protection between an attachment and your computer. Given the low level of security surrounding attachments, it's no surprise that hackers often try to hide their harmful programs in spam email attachments. In fact, an estimated 90% of viruses enter computers this way. Given those stats, it is important to always follow best practices when handling all email attachments in your Inbox.
Suggestions:
• Do not open attachments from strangers, or even from well-known companies, no matter how official or familiar the email appears to be. Spammers often use very creative techniques to make their emails and their attachments look legitimate, and they are getting increasingly good at it. So simply closely examining emails with attachments before downloading is no longer a sufficient security strategy. Instead, you should adopt a strict no attachment policy from strangers or companies, and go to the company website directly to get the needed information instead.
• If a friend's computer is infected, it's possible that you'll receive email with virus-infected attachments that appears to be (or actually is) from them. Thus, a familiar sender alone is not enough to ensure that an attachment is safe. If you're not expecting an attachment, call, IM or VoIP the person to verify that they intended to send it before you open the attachment.
3. Do not click on email links haphazardly
A common phishing scam technique is to imbed a link in an authentic-looking but fake email message which leads to a malicious website. These email messages usually try to trick people into clicking on the link and giving up personal information in order to supposedly "confirm their financial information" or even just to "unsubscribe" from a newsletter they never signed up for in the first place. Another variant on this same scheme simply installs a virus on your computer after you click on the link via a technique called drive-by downloading. But whatever the specific harm inflicted, the point is simply that embedded links in emails can pose an enormous PC security risk.
Suggestions:
• Do not click on links in questionable emails. Reputable companies might send an email saying there's a problem with your account, but they'll never include a link "for your convenience" proclaiming to have lost all of your data.
• Even if you personally follow email best practices, family members using shared email accounts may still unwittingly click on malicious links and infect your computer. Consequently, you may want to disable "HTML email" so that embedded links in emails no longer function, as well as educate family members on some of the most common techniques scammers and hackers use.
4. Set up email filters
Reputable Internet Service Providers (ISP's) are all currently developing effective spam filtering in order to minimize the amount of spam that reaches your email client. And just as that extra level of filtering helps to reduce the levels of spam that reach your inbox, so too you can add your own supplemental filtering level by setting up your own personal email filters. While your ISP filter and email client filter will together dramatically limit the amount of spam that gets through, it is only by adding a manual filtering component through custom filtering that you can achieve near zero spam levels.
Suggestions:
• Start with an effective email client and add custom filters. GMail allows you to create a number of email aliases that all connect to your existing email address, which will allow you to divide up incoming emails into folders dependent upon the particular variant the email was sent to. So, whenever you sign up for a new newsletter, you can use a new variant on the email. If a newsletter ends up selling your name to spammers, you can simply block that email variant and voila, you have stopped the flow of spam and identified which newsletter is secretly selling readers' contact information to the highest bidder.
• If you don't have access to email aliases, you can accomplish exactly the same thing by setting up multiple free email accounts and designating one specifically for newsletter signups. If you don't want to keep up with all those email accounts, you can even use a self-destructing email account such as 10minutemail which will allow you to confirm your subscription to a newsletter or service, but which won't put your real email in danger of picking up spam.
Subscribe to:
Post Comments (Atom)
Posts
0 Responses to “Safely Emailing”
Post a Comment