Email Safety Precautions

Email Safety Precautions and Best Practices

Some folks are very cautious about the sites they visit and the files they download, but are very careless about protecting themselves from exploitation via emails. So I thought I’d share some safety precautions you can utilize to keep from getting infected with various types of malware via your email accounts.

First of all, let’s look at two different ways of handling your email: webmail and email clients.

Webmail

Webmail is what you’re using when you log into your service via your browser, such as at www.hotmail.com or www.gmail.com. You’re able to read, send and forward emails from the server’s site, and usually, they’ll offer some level of spam detection and filtering. Obviously, since you’re using your browser, it’s only available when you’re actually connected to the Internet.

Mail Client

There are a number of mail clients around. A couple of the more well known that you’ve probably heard of are Outlook and Windows Live Mail (previously known as Outlook Express). These clients communicate with your email accounts and download incoming emails to your hard-drive as well as uploading outgoing mail for sending. The email already downloaded to your hard-drive is available for viewing whether you’re connected to the ‘Net or not.

Comparison

Both modes offer essentially the same functional capabilities, but using a mail client offers a couple of major advantages, beyond access to your emails even when off-line.

 

Capability

Webmail

Email Client

Filtering/trapping spam and malware

Yes

Yes

Sorting/nesting storage folders

Limited

Yes

Multiple accounts on screen

No

Yes

Copying/moving between accounts

No

Yes

Checking source without opening

No

Yes

Searching for specific content

No

Yes

 

Email Safety Precautions: Verifying the source of a message

One of these capabilities is extremely useful, in terms of checking out an incoming email without opening or previewing it – the ability to check the source code of the message beforehand.

A savvy individual can build an email that will display To: and From: fields that are totally misleading. I receive emails all the time, saying that my PayPal account has been disabled or that my eBay account is about to be suspended. Both will usually show something like “PayPal” or “eBay Account Management” in the From: field.

First red flag: These often arrive in the inbox of an email account that isn’t connected in any way with my PayPal or eBay account.

Since you already have an indication that this email may be a phony, you could just delete it at this point. But out of curiosity, let’s investigate further.

First of all, if you’re using the Preview Pane on your client, click the Reading Pane button to close the preview, then right-click on the message, and left-click on Properties. A small pop-up will open, displaying some general information, such as the subject, From: address, message size, priority and sent and received time & date stamps.

Clicking on the Details tab shows the header data for the message. Sometimes this will show that the message came from someone other than the address shown in the From: field, but an accomplished bad guy will be able to mask this. Near the bottom of the pop-up, click on the Message Source button.

Ah…. NOW we’re getting somewhere! Now you can see the entire message, including the HTML markup, and you can see if the message was routed through some server in Romania, even if it claims to be from Mountain View, CA. You can also read the content of the text of the message, without any risk of inadvertently exposing yourself to any attached malware.

Down in the body of such phishing and scam emails there will usually be a link, perhaps a “Log in” or “Click to Confirm” button. The true destination of that link will show up in the source code, such as in this example:

<table width=”126″ border=”0″ cellpadding=”0″ cellspacing=”0″ style=”font-style: normal; font-variant: normal; font-weight: normal; font-size: 11px; font-family: Verdana, Arial, Helvetica, sans-serif”>

<tr>

<td style=”border-left: 1px solid #bfbfbf; border-right: 1px solid #908d8d; border-top: 1px solid #bfbfbf; border-bottom: 1px solid #908d8d; padding-left: 10px; padding-right: 10px; padding-top: 1px; padding-bottom: 1px” bgcolor=”#ffa822″>

<a href=”http://www.ounmuim.com”>

Click To Confirm</a></td>

</tr>

</table>

(notice the link I show above in bold red text)

Second red flag: The destination of a link contained in the message is different from what it says it is.

If you find nothing that looks fishy and you feel as though the message may be authentic, it may be safe, but not necessarily. Some scripts that aren’t obvious to the casual user can still be present and can be activated by opening an email. But at least you’re now able to see a lot more than you could before, without putting yourself and your system at risk.

We’ve all heard warnings about opening attachments or clicking on links that come from people we don’t know. But these days, a lot of malware will send itself out to every address in the infected machine’s address book, so the fact that a message comes from a close friend or family member doesn’t necessarily mean it’s safe to open or click. If their machine has been infected, they won’t even be aware that the message has been sent to you.

At the end of the day, your common sense is your greatest protection… put it to good use.

If you’d like to more tips on using common sense online visit Doc Sheldon’s post on Top Shelf Copy: “The best tool you have is your head use it”.