Wednesday, November 11, 2009

Precautions with Email Basic to In-depth Home Computer Security Guide Page 14

Precautions with Email

In general a user receives lots of e-mails every day, most of which are unsolicited
and contains unfamiliar but believable return addresses.

Email spoofing

Email “spoofing” is when an email message appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Spoofed email can range from harmless pranks to social engineering ploys. Examples of the later include:

• email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not comply

• email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

• Mail uses social engineering to tell the user of a contest that the user may have won or the details of a product that the user might like. The sender is trying to encourage the user to open the letter, read its contents, and interact with them in some way that is financially beneficial – to them.

Protection from spam

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose tomreceive it. Most spam is commercial advertising, often for dubious products or get-rich-quick schemes. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.

Never respond to spam

Most of spammers say in their mail to unsubscribe click here but they relying. What they really want to do is confirm that they’ve got a live address. Also, if the user respond, they’ll sell their addresses to every other spammer meaning user soon be flooded with even more spam.

User should not post his address on his website

It seems like a good idea at the time, but posting an email address on a personal home page is just an invitation to spammers. Spammers and the people who sell spamming as a business have software that "harvests" email addresses from the Net. This software crawls through the Internet seeking text strings that are -something-@-something-.-something-. When it finds one, it catalogs it on a database of other email addresses to be used to send spam.

It is recommended that instead of giving e-mail in text form at the website, user should give an image of it.

Use a second email address in newsgroups

Newsgroups are the great email address gathering ground for spammers. If someone posts to a group, he is going to get spam -- it is just a matter of time. So how is he supposed to participate? Use a different email address for talking to friends and relatives. In other words, have a public address and a private address. One has to deal with spam only on his public address.

User should not give his email address without knowing how it will be used

If a website is asking for email address, they want to use it for something. Be sure to know what. Read the terms of use and privacy statements of any site before telling them email addresses, if there is not any privacy statement; don’t tell them email address.

Use a spam filter

While there is no such thing as a perfect filter, anti-spam software can help keep spam at manageable level. Some of it is cumbersome, some works better than others, some even requires that the user let his email messages go through another system for storage and cleaning.

Never buy anything advertised in spam

The reason that people spam is because they can make money. They make money, like all advertisers, by convincing people to buy a product. If no one buys the things advertised in spam, companies will quit paying spammers to advertise their products.

Disable scripting features in e-mail programs when possible

Since e-mail programs frequently use the same code as web browsers to display HTML formatted messages, the vulnerabilities that affect ActiveX, Java, and JavaScript are often applicable to e-mail. Apart from disabling these features, the ability to run Visual Basic Scripting (VBS) should be removed if possible.

Viruses such as ILOVEYOU contain attachments ending in .vbs which infect the host when user clicks on the attachment to open it.


No comments:

Post a Comment

You Have Successfully Posted the Message.