Email Security Tips
Posted by Dave at 12/12/2018 3:14:31 PM
No users have rated this item yet.
I have an email address that is associated with this website. It has been publicly listed for more than 25 years. So my email is in ALL the email lists sold to spammers, scammers, and phishers. I get TONS of bogus email, hundreds and hundreds each and every day. Over the years, I have devised some effective ways of sifting through the piles of junk that come into my inbox.
I have also learned a thing or two about how to spot scams and phishing attempts. Below are some of my tips that you should keep in mind as your scroll through your inbox.
Email Elements and What They Can and Can't Tell You
- From – The sender's email address and/or display name won't tell you anything. Scammers can insert anything they want in the From field and there is no easy to tell whether it's faked or not.
- Subject – Catchy subject lines are devised to grab your attention, but you can't really tell legit from fake emails based only on the Subject. Even legit emailers try to write catchy subject lines in order to get you to read the message.
- Logos and Graphics – Just because it looks authentic, logos and other graphics don't tell you anything about whether the message is legit. It's easy to embed a legitimate logo in an email's body. Graphics included in an html email body are also commonly used to tell email senders that your email is legitimate and that you have opened the message. They do this by hosting the logo's graphic on their own server and adding a code in the url that they have linked associated with your email. When you open the email and your email software downloads the logo graphic from their server, they make note of this. One way to avoid this is to make your email software NOT download images in the email, whether you have clicked on it to read it, or whether it's being displayed in a preview pane. Sometimes the message is crafted so you can't really tell what it's about until you download the graphics. Be careful doing this. Viewing the graphics in an email might not, in itself, cause your system to be infected, but it can definitely tip off scammers that you are a good target.
- Links – Study embedded links very carefully. There are two elements to a hyperlink: the text that is displayed to you and the actual address where the link will send you. They can be different and scammers will make the text in the link appear to point to a legitimate site, while the actual link goes to their scam site. Generally, never clink on a link in an email unless you have inspected the destination, which can usually be done by hovering over the link and examining the url embedded in it.
- Signatures, Contact Info, Names and Addresses - They mean nothing.
- Gmail and Yahoo Mails - Reputable companies don’t use Gmail and Yahoo. Scammers use them because they can spin up a temporary email to use nefariously, then delete it virtually without a trace.
- Offers of Money - They want you to act before you think. Easy money is one proven way to do that. Sadly, very few merchants are passing out free gift cards. And harmless-seeming surveys are often a scam to harvest your data.
- Spelling and Grammar - Bad spelling and grammar are big warning signs. Often English isn't the first language of bad actors and they often make little mistakes.
- Account Verification Requests - Beware requests for account numbers or to verify info
- Links - As we mentioned above, links where the url doesn't match the displayed text are often designed to fool you.
- Pushing a Response – They assure you something bad will happen if you don't act within a certain amount of time. The reality is that if you act without thinking, something even worse will happen to you. Think.
Less Obvious Threats
- Forms - If the email has an easy-to-fill in form, beware. Even if the email is totally legitimate, forms are never secure in an email. What you submit in the form is sent in plain text and someone, for example someone on the same wifi network, can, with the right software, capture your sensitive information with ease. Don't ever enter account numbers or passwords in a form embedded in an email.
- Fear - Again, they want you to act without thinking and fear is a great way to provoke you. Beware attempts to scare you.
- Legal Sounding Statements - If you are concerned, ask a lawyer or Google the text.
- Confirm Addresses and Phone Numbers - Don't call a phone number from an email without verifying first that it is correct. Fake phone banks really exist and you could be calling a criminal that is only interesting in ripping you off.
- Attachments - Beware! Malicious code can be embedded in just about any type of attachment, even graphics.
- Fake Tracking Numbers - Who can recognize a fake tracking number just by looking at it? Exactly.
- Fake Phone Centers - This is a real thing. Except it's not.
- Prize Offers - If it sounds too good to be true, it most certainly is. Even if it's not all that much money, beware.
It's sad that criminals have found such fertile ground in today's technology. A little good sense will take you a long way toward safety. Use strong passwords and don't re-use them on multiple sites. Just try to think before you act. Be careful out there!
No users have rated this item yet.