As a contributing photographer at iStockphoto I spend a fair amount of time in the discussion forums over there. It’s a good way to get help and understand the iStockphoto ways and digital photography in general. And like most forums, there is an off-topic section. Earlier this week, in that section, one poor member was warning others, sharing his experience with a virus he got attached to an email. I have written about email security and email management before, on my own blog, so I figured the web in general had been sufficiently warned of such threats. Apparently I was wrong; it’s still a hot and much needed topic.
This article features some “rules-of-thumb” to help keep you out of trouble. What kind of trouble you may wonder, well, just ask the aforementioned virus recipient how he felt when he had to wipe his entire hard drive to get rid of the infection. All he did was open an email and unzip the attachment that came with it. Meaning he displayed his ignorance of the threats out there. Happily I report, based on his latest forum post, he’s now fully cognizant.
Ignorance can and will get you in hot water. Once a friend contacted me on instant messenger, giving me a link to follow. Instead of following the link, though, I wrote back asking what it was. He never replied. I never followed the link as a result. I did talk to him the next day and asked again what the link was. He didn’t know what I was talking about. Later we learned his computer was infected and it was trying to pass it along to me. Some may call me paranoid, but in hindsight, I did the smart thing.
Email Attachments
Never open an attachment to an email unless you know specifically what it is. Positively. The fact that you know who it’s from is not enough as they may not even be aware they sent it, or it could be from someone pretending to be your contact. If the email is from someone you know and you’re having doubts about its legitimacy, ask them what they sent and why. You might be surprised by their answer, for the good or the bad.
Email Links
Never follow a link in an email unless you are absolutely sure that it is a legitimate email and the link is benign. Again, even it’s from someone you know, including your bank, PayPal, eBay, whoever, be absolutely sure. Normally these spoof emails are easy to spot due to the quality of writing and the lack of personalization. But even if the spelling is spot on and they address you by name, be careful. You’re better off going directly to the site and finding out what they want that way, or just call them. If it’s important, they will contact you in a non-threatening way that leaves no doubt.
Email Formatting
Most email programs I know of allow you to choose between “plain text” and “HTML” formatting. I strongly prefer the former. At least links are visible for what they are. You might see text that says “click here” in an HTML email — you might even see a proper looking web address — but this does not guarantee you’ll know where the link goes. For a better understanding, see this code:
<!--Shows a “proper” web address that leads elsewhere--> <a href="http://dangerous-site.com/">www.harmless-site.com</a> <!--Shows text that you just don’t know where it goes--> <a href="http://dangerous-site.com/">click here</a>
This is the code. All you would see in an HTML email, though is “www.harmless-site.com,” which looks safe. With a plain text email you will still see the harmless web address, but it will no longer be a link to the dangerous site. In fact, with plain text email, you will no longer be able to see email-embedded images, some of which can be disturbing at best.
Address Lookalikes
Also be aware of lookalikes. For example: www.paypal.com versus www.paypel.com, www.paypal.bogus.com, or www.pay-pal.com. These may be registered to someone else beside PayPal, or they are spoofed. You never know. So if you want to go to PayPal, use your browser and type in http://www.paypal.com. That way you really know.
Email Giveaways
It may be a giveaway, maybe someone is trying to get you to do something for them, you may have even won a million dollars. Don’t respond or click on a link, though, no matter how tempting. You may think it’s foolish to pass up your lotto winnings, but go with the odds, which are roughly 1 in 100 trillion emails, will be a legitimate prize, the rest are looking to exploit you, steal your data, give you malware (to include spyware), or give you some computer virus. Nothing’s for free as the saying goes, it’s true on the web as well. So, before you claim your winnings or enter into communication with a stranger, ask yourself Dirty Harry’s famous question: “Do you feel lucky today, punk?”
Email Spam
Spam sucks, and it’s a way of life, but don’t opt out via an email link (unless, again, you are damn sure it’s the real deal) and don’t make purchases from email offers. Doing so encourages marketers that email is a working advertising medium. If it is it will continue to be exploited. If nobody clicks on these things, they won’t work, and the powers behind these methods will move on to try something else. As long as curious people click, the onslaught will continue. But this type of strategy will only work if done by the masses.
Speaking of opting out, do it right away (or don’t opt in which should be the choice we have to make). There’s not a big danger in this, but once in, getting out is nearly impossible it seems. I know, even opting out rarely works. I get all sorts of spam, some from company’s I have called on the phone a half-dozen times asking to be removed. I always get one of two responses: They hang up on me (as if I will never change my mind in my entire life — fools), or they say “sure thing, no problem,” then proceed to ignore my request. Never have I asked to be removed from an email list and seen it actually happen per my wishes. As awful as that may sound, it seems to be the contemporary way. Sure it’s against the law, but there’s no enforcement or consequences aside from boycott.
Don’t Write Back
If you’ve figured out the email you’re looking at is bogus, a scam, spam, or whatever, do not write back. If you do one of three things will likely happen.
- You will get an undeliverable reply.
- You will validate your email for a spammer.
- You will start something that’s over your head.
Go With Your Gut
If you’re eating this up so far that’s a good thing as it is being written with your best interest in mind. You’ll probably follow the advice herein and err on the side of caution. If, however, you run into something questionable, whether it’s been covered or not, realize that most of the time it’s probably not a good thing (it’s true, it’s the dark side of the web). If you have gone so far as to actually question the piece, that’s enough. Go with your gut. Unless you’re unequivocally certain, trust that it could be bogus. Take steps to find out if you’re really uncertain, but do the smart way.
Protect Yourself
This should go without saying, but buy the best anti-virus and anti-malware/spyware software money can buy. This is not the place to cut corners. And don’t just own it, install it and see to the following:
- Keep your software updated, especially your operating system, like “Windows XP” (keep it patched), and your web browser.
- Update your anti-virus software’s virus “signatures” daily or as they become available. You should be able to do this automatically.
- Use instant, automatic, or real-time protection if it is available. If it’s not, get different software, you aren’t well protected.
In The End
Ultimately your security rests on your shoulders. As much as you would like to see your Internet Service Provider (ISP), tech staff, computer/software vendor, or web host protect you, it’s just not possible. Not yet. The Internet is young and these issues might be normal for long term development. In the meantime heed the advice in this article, be wary, and stay safe.