Computersicherheit – Email Security
Email Security Email is not secure! This means three main things: - Messages can theoretically be read by others as they travel across the internet.
- Messages can theoretically be modified by others as they travel across the internet.
- The person sending you an email may not be the person you think they are. There are two common possibilities:
- Using appropriate software, a criminal can set the Sender Name and Sender Address of an email to anything they want! So, they do not need to be using your friend’s computer to impersonate your friend!
- Your friend/colleague/bank’s computer may in fact have a virus on it which is emailing you (and probably all other email contacts of the victim) in order to spread itself.
As a consequence of the above facts, you should follow the rules below to keep yourself safe: - Do not open emails from people you don’t know. Both before and after opening an email, check the “Sender Name” and “Sender Address” to see if they look valid. Scammers will often send you an email which contains your friend/boss/bank’s name as the Sender Name, but from a totally different Sender Address to what you would normally expect. Social Engineering attacks are often done this way using free email services like Hotmail, Yahoo, Gmail, etc.
- Be extremely cautious when you open an email from someone you know and it contains spelling or grammatical errors. Criminals in places like Africa, eastern Europe, China, and Russia often send scam emails which appear to be sent to you from someone you know but since the criminals are not native speakers of your language, the scam emails they send often contain language errors.
- Do not reply to emails from people you don’t know.
- Do not give your or anyone else’s email address to someone you don’t know.
- Do not publish your or anyone else’s email address on any website using plain text. If you really need to do it, then put the email address in an image. Reasoning: Robots (i.e. nasty computer programs written by criminals) scour the Internet looking for email addresses, and text email addresses are easy targets. Images on the other hand are much more difficult for robots to read.
- Do not run programs sent to you by people you don’t know. To be super-safe, don’t even run programs sent to you by people you do know.
- Do not open any email attachments (e.g. MS Word, MS Excel, Adobe PDF documents, Zip files, etc.) sent to you by people you don’t know. To be super-safe, don’t even open email attachments sent to you by people you do know.
- Do not click on web links in emails sent to you by people you don’t know. To be super-safe, don’t even click on web links in emails sent to you by people you do know.
- If you do click on a web link in an email, make sure that the website you’re actually taken to by your web browser is the same as what the email says it will be. Reasoning: A very common scam used by criminals is to send thousands of people an email which looks like it has come from your bank (for example it may contain your name and your bank’s logo) but clicking on a web link within the email will take you to fake banking website where the criminals will steal your banking details (and then your money).
- If you receive an email supposedly from your bank, or Internet Service Provider, that says something like “Your account has a problem, please click this link to go to our website and confirm your details”, then don’t fall for it! Such emails are almost always a scam as mentioned in the point above.
- Do not install programs sent to you by people you don’t know. To be super-safe, don’t even install programs sent to you by people you do know.
- Do not view documents, images, or videos sent to you by people you don’t know. To be super-safe, don’t even view documents, images, or videos sent to you by people you do know.
- Do not have your email program or email website configured to play audio, or display images, video, or HTML by default. Reasoning: Criminals have been known to use bugs in audio, image, video, and HTML rendering software to secretly install viruses and trojans into your computer.
- Do not reply to emails from anyone if they ask you for your password or any other personal information (whether you know the sender or not). The email you received may in fact have come from a virus or criminal, not from your friend/colleague/bank/etc.
- Avoid sending private information in emails, even to friends (since even if you think your computer is secure, theirs may not be!). Private information includes, but is not limited to, your or someone else’s ...
- Full Name,
- Age,
- Gender,
- Marital Status,
- ID Card number,
- Bank Account number,
- Credit Card number,
- Home Address,
- What days or times you will or will not be at home.
- When forwarding a joke, or funny article, etc. to a friend (or group of friends), before sending the email, remove all email addresses and other private information from the body of the email you’re about to forward. Tell all your friends to do the same. (This will reduce the chance of your friends’ email addresses ever getting onto a spam list, and thus also reduce the chance of your email address ever getting onto a spam list.)
- Make sure that your email account has a strong password (see Password Security).
- If you’re using an email client like Outlook Express, Windows Mail, Thunderbird, etc. to access a remote email system via POP3 or IMAP, consider using SSL if it’s available. Reasoning: This will mean that your email password and the emails you send and receive will be transmitted to and from your email provider in an encrypted manner (i.e. securely). This will lower the chance of a hacker breaking into your email account and make it almost impossible for someone to read your email as it travels between your computer and your email service provider’s computer.
- If you’re using a web browser to access a remote email system such as Gmail, Hotmail, Yahoo, etc. you should use SSL. i.e. Type “https://gmail.com”, not “http://gmail.com”. Reasoning: This will mean that your email password and the emails you send and receive will be transmitted to and from your email provider in an encrypted manner (i.e. securely). This will lower the chance of a hacker breaking into your email account and make it almost impossible for someone to read your email as it travels between your computer and your email service provider’s computer. Note: If your remote email system doesn’t support https access then you should seriously consider not using it, as such websites expose you to man-in-the-middle attacks.
- When on vacation, do not use Out-of-Office Notifications for emails sent to you from outside your company. These leak information and may allow potential attackers to gather information that they would not otherwise have access to which could later be used in Spear Phishing attacks, e.g. the names, email address, and phone numbers of people within the company.
- Do not enable Read Notifications. These leak information and may allow potential attackers to gather information that they would not otherwise have access to, e.g. hostnames, IP addresses, software versions, and software configurations of computers within your network.
| |
|
Copyright © 2009 Andrew White | Created: 12 Aug 2009 | Page authored by Andrew White | Updated: 26 Aug 2019 |
Email Security, Spear Phishing, Out of office, Read Notification, email attachments, forwarding email, strong password, Outlook Express, Windows Mail, Thunderbird, SSL, POP3, IMAP, Computersicherheit |