Many people are rightly concerned to protect themselves thoroughly when exploring the wilder reaches of the internet, but ones own inbox sometimes feels like a more secure place – after all it’s our email, isn’t it, and it’s only messages? However, the sad fact is that most of the scams that people fall victim to online originate with an email message.
Malicious emails come in a number of shapes and sizes, the worst of them containing attachments with viruses embedded. In many ways these are the easiest to protect yourself against, as even free webmail like msn or Gmail these days comes with good scanning software that will stop you even seeing these, and if you use an offline mail reader like Outlook then low-cost services like Postini can provide a similar level of protection. It’s important though not to be complacent when using these filters, scammers work constantly to beat them and sometimes something slips through, especially if a known safe sender (like one of your friends) gets their system compromised. If you receive an unexpected/unsolicited attachment, scan the file with your virus scanner before you open it (and you do have a regularly-updated virus scanner, don’t you?)
The most annoying form of dodgy email is spam pure and simple, stuff trying to get you to click through to a link, and this can also be propagated by a hacked email account so it looks like it’s coming from a friend of yours. If your friend doesn’t typically send you badly-spelled hot tips about working from home or unlikely medical interventions, don’t click, delete the email, and let your friend know (by phone might be good), because they need to log in to their email account and change the password immediately.
Unfortunately the filters don’t tackle this kind of situation so well, so you need to use your judgement and wits. Typically filters err on the side of caution and may well block ALL links, even if a trusted friend is clearly sending you something genuinely of interest. Rather than mess with your filter settings you can often access a single link by holding the ‘ctrl’ key down whilst you click, if you are confident it is safe to do so. Filters typically flag new content and small/non-aged domains as potentially unsafe content simply because scammers tend to fly-by-night, but they have no way of distinguishing them from your friend’s new blog entry they are trying to send you. Visiting a website is rarely dangerous of itself, unless you click or otherwise interact there.
A further email risk is one we will all have encountered, and one we will revisit in more detail soon. ‘Phishing’ is when an email address, and sometimes a whole website back-end, is set up to mimic a trusted and known brand/service – to encourage you to use the site and enter details. Such as an alert from what looks like your bank. Sometimes these are so badly put together as to be laughable and you wonder how on earth they succeed at all, other times they are pretty passable at first glance – so be very careful. Inspect any links visually… what matters is the domain name, which is the bit right before the .com (and if it isn’t .com, .co.uk or .es the alarm bells should sound straight away). Anything before a dot before the actual domain is a subdomain and anyone could set that up – for example, www.whatever.paypal.com would have to be a genuine paypal.com subdomain, but I could easily create www.paypal.costaconnected.com if I wanted to scam you, and if I sent it to enough people (and these guys work in the millions), a few would see the word PayPal, think ‘oh that’s ok’, and click in and enter their password.
A topical one hitting a lot of British email addresses just now purports to be from HMRC. If you are expecting/hoping for a tax rebate, remember that HMRC will NOT contact you by email and invite you to log in and handover your bank details to claim it. But that is how these scams work, it’s all about catching you at your point of readiness and expectation – even if that succeeds less than 1% of the time, they are usually quids in.
How do they get millions of email addresses, incidentally? Usually via screenscrapers, which trawl websites (especially social sites) looking for text that resembles an email address. This is why you should protect yourself by NEVER posting your email address online – any responsible social networking or forum site will offer a private messaging/inbox service which you should use instead. Think of your email address as at least as private as your phone number, and just as important to protect from nuisance contacts.
Next week we will take a quick look at all the other stuff you don’t really want in your inbox and how to get on top of it somehow, but let me leave you with a scary thought. One day someone will start scamming and phishing who can actually write in correct English, and might sound passably like a communication from a real bank or government. Then we could all be in trouble! So, attune your radar to the delicate whiff of a scammer in good time, so we all stay safe.
Published in Costa Connected, Costa Blanca News, 17th February 2012