With its increased popularity, e-mail has become subject to a wide variety of security threats. As a result, using e-mail safely is a key part of keeping your computer and personal information safe. Unsolicited commercial e-mail (or "spam") has grown into a serious obstacle to communication and also carries the threat of identity theft, with "phishing" attacks attempting to steal banking website passwords and other valuable personal information. Viruses and worms are spread largely using e-mail, often disguised as messages from friends, family and business associates. These many threats result in an inbox that is more dangerous than ever.
ICT recommends that you always use caution when using e-mail. In addition, taking the following steps can help you use e-mail safely and help keep your computer and personal information safe.
Spammers continually trade and combine lists of e-mail addresses. Because of this, once your address falls into their hands, it is essentially impossible to stop receiving spam. You can minimize the level of spam you receive by managing your e-mail address as if it were a valuable piece of personal information.
Regardless of how well you protect your e-mail address, you will almost certainly receive some amount of spam. The U of S operates a campus-wide spam filter that does a reasonable job of preventing spam from reaching your U of S e-mail inbox. Once a day it sends out a summary for each address and alias that has quarantined spam. Occasionally legitimate messages are quarantined so you should check your quarantine messages periodically to ensure that you do not miss any legitimate messages. You can release legitimate messages that have been quarantined.
The past few years have seen the rise of a particularly dangerous type of spam, designed to trick users into revealing sensitive personal information, particularly login credentials for financial institutions and other high-value sites. So-called "phishing" scams target people with fraudulent e-mail messages claiming to be from their bank, credit card provider, or other company they trust.
These messages encourage people to log into a website that may at first glance, appear to be that of the legitimate company. However, they are actually logging into a fraudulent site under the control of a con artist. The site will capture any information provided (username, password, credit card number, etc.) and allows the con artist to masquerade as the person to either steal from them, or commit further crimes in their name.
These scams have become increasingly sophisticated, and often use graphics and text from the true website to lend an air of authenticity to the fraudulent site and e-mail. Links in the e-mail will appear to be to the valid site, but may actually direct the user to a numeric address or a site with a similar-looking domain name (e.g. www.royal-bank.ca instead of www.royalbank.ca).
Recognizing a phishing scam is the easiest way to avoid being caught. Look for some standard clues in any suspicious e-mail you receive:
If you are still in doubt about the legitimacy of an e-mail that you have received, telephone the customer service department of the company who supposedly sent it for confirmation.
Some browsers also have the ability to automatically check websites against a database of known phishing sites. If your browser includes it, using this capability provides an additional layer of protection in case you accidentally follow a phishing link. However, like viruses and spyware, there is always a delay between phishing sites being created and being added to the database. As such, you should not rely on filters to catch every attempt and should exercise good judgment when choosing whether or not to follow instructions in e-mail you have received.
E-mail is more than just a text-based method of communication. E-mail also provides the ability to attach files to messages and distribute them to a wide audience. E-mail is used to collaborate with colleagues by sending documents, spreadsheets and presentations back and forth. Attachments are also used to share photos and video with family and friends.
Unfortunately, attachments are one of the most common ways for viruses to spread. Although up-to-date anti-virus software provides protection from most known viruses, your first line of defence should be exercising caution when handling attachments.
Be extremely wary of e-mail messages with attachments that:
For assistance with your e-mail settings, consult with your local IT support personnel or contact the ICT Help Desk.