This week we wanted to talk about email and it's lack of security when sharing documents and other common tasks. Below are a few tips that might help you to be a little safer when using email.
1. Unsubscribing to newsletters you never subscribed to.
A common technique used by spammers is to send out thousands of fake newsletters from organizations with an "unsubscribe" link on the bottom of the newsletter. Email users who then enter their email into the supposed "unsubscribe" list are then sent loads of spam. So if you don't specifically remember subscribing to the newsletter, you are better off just blacklisting the email address, rather than following the link and possibly picking up a Trojan horse or unknowingly signing yourself up for yet more spam. So, just click the button in gmail that says report spam.
2. Not closing the browser after logging out.
When you are checking your email at a library or cybercafé or other public computer, you not only need to log out of your email when you are done, but you also need to make sure to close the browser window completely. Some email services display your username (but not your password) even after you have logged out. While the service does this for your convenience, it compromises your email security. To avoid this, click the three dots in the upper right hand corner of chrome, then choose "History" and "Clear browser history." Please note that while it will clear it from that computer, it does not clear it from your account. If you have questions about that, please see me.
3. Not using the Blind Carbon Copy (BCC) option.
When you put a person's email addresses in the BCC: rather than the CC: window, none of the recipients can see the addresses of the other email recipients.
New email users often rely too much on the TO: because it is the default way of sending emails. That is fine as long as you are writing to just a handful of people. But if you are sending mail out to a diverse group of people, confusing BCC: and CC: raises some serious privacy and security concerns. It takes just one spammer to get a hold of the email and immediately everyone on your email list gets spammed.
Even if the honesty of the group isn't in question, many email programs are setup to automatically add to the address books any incoming email addresses. That means that some people in the group will inadvertently have added the entire list to their address book, and as a result, if one of their computers is infected with "Zombie" malware and silently sends out spam emails, you will have just caused the entire list to get spammed.
BCC: is also nice because then you don't have a long list of email addresses before the actual message.
4. Trusting your friends' email.
Most new internet users are very careful when it comes to emails from senders they don't recognize. But when a friend sends an email, all caution goes out the window as they just assume it is safe because they know that the sender wouldn't intend to hurt them. The truth is, an email from a friend's ID is just as likely to contain a virus or malware as a stranger's. The reason is that most malware is circulated by people who have no idea they are sending it, because hackers are using their computer as a zombie.
It is important to maintain and keep updated email scanning and Anti-virus software, and to use it to scan ALL incoming emails.
5. Sharing your account information with others.
We've all done it – we need an urgent mail checked, and we call up our spouse or friend and request them to check our email on our behalf. Of course, we trust these people, but once the password is known to anybody other than you, your account is no longer as secure as it was.
The real problem is that your friend might not use the same security measures that you do. Your friend might be accessing his email through an unsecured wireless account, he may not keep his anti-virus software up to date, or he might be infected with a keylogger virus that automatically steals your password once he enters it. So ensure that you are the only person that knows your personal access information, and if you write it down, make sure to do so in a way that outsiders won't be able to understand easily what they are looking at if they happen to find your records.
As always, if you have security questions or concerns, contact your building techspert!