IT Tips - September 2012

IT Tips – September 2012

                                                                             

The days are rapidly getting shorter and the changing leaves have already begun their transformation. Don’t worry about bundling up, this tip is a hot topic and will keep you toasty.

What’s Inside:

Tech Section

·         Spam/Phishing Email



Spam/Phishing Email



This month I want to impart some street-smarts to keep you safe in the seedy metropolis we call ‘the internet’. We have been seeing reports of spam email a bit more frequently and this tip should keep you safe and informed.

I have discussed malware and viruses in past tips, but I’ve yet to go into detail regarding spam email. It is an ever-present threat and not something to be taken lightly.

What is Spam email?

The spammer is probably this guy...

“Spam email” refers to unsolicited email messages. They’re usually sent to several recipients and the email will pitch anything from cell phones to magic weight-loss pills. You may even see a plea from a poor soul stranded in a Nigerian hotel in desperate need of your cash. A simple wire transfer from your bank account can save this person you’ve never heard of! Surely, an email from a stranger is all you need to part with your hard-earned cash!

That last bit was sarcasm, very deliberate sarcasm intended to prove a point: if it seems fishy on the internet, then it’s probably baloney. Let’s keep that in mind and move on.

Not all email solicitations are illegal and unsafe.

Some email messages and advertisements may be annoying, but they’re not spam. For example: When you bought that shiny new car and gave them your email address, you effectively consented to the solicitation. These messages are not spam. Rather, they are legitimate messages. Legitimate, legal, email solicitations must follow the guidelines of the ‘CAN-SPAM Act of 2003’.

The CAN-SPAM Act of 2003 has many guidelines. These guidelines can help one distinguish between legitimate email and, pardon the word, crap. Obviously, I’m not going to bore you to death with the entire contents of the CAN-SPAM act. Rather, I have what I think are the two most useful parts of the law for you to keep in mind:

1.       Legitimate email solicitation must contain a ‘visible and operable unsubscribe mechanism’ (which must me honored within 10 days). Legal email solicitations must have a link to opt-out or unsubscribe clearly presented on the message.

2.       Proper email must also contain ‘a legitimate physical address of the publisher and/or advertiser’. The email message should have a valid address contained in the message. If it still looks fishy and you see an address, take a moment and Google the address to check its authenticity.

If you don’t remember (or know) the source, don’t click any links or open any attachments! Simply, mark the email as junk and block the sender. Do not forward the message around. Sending it to others only increases the chance of someone clicking the (potentially malicious) links.

Why don’t you guys in IT get off your lazy bums and do something about it?

Though I hear silver bullets work on these guys.

Unfortunately, there is no silver bullet for combating spam.



We have a spam filter in place on the email server. The filter works hard and stops a lot of junk from coming through. In the last 3 weeks alone our spam filter stopped 1,400 spam messages! However, some things can slip through the cracks! When something does slip through, always use your best judgment and remember this tip when you see strange email.

 Why am I getting all of this spam?

They’re after you! Look out!!

There are many devious mechanisms throughout the internet designed to retrieve your email address. Once the spammers have your address, there is nothing you can do to take it back.

Be very mindful of where you provide your email address. Not all websites are trustworthy and many will distribute your address to third-parties without your knowledge.

Most of all: Your Iredale email address is not for personal use. Providing your Iredale email address to websites increases the chances of your email being snared by spam sites. Furthermore, spam messages coming into our server can potentially compromise our entire network. Be mindful, young padawan.

Well then what the heck is “Phishing” email?

Phishing is an especially dangerous form of spam email. A phishing email looks like a legitimate message from a company with which you have an account.

Paypal phishing scams are very common. The spammer copies the Paypal email design and changes the links to point to a website of their creation. This website also looks just like the Paypal website and asks you to log in. When you log into this phony webpage, your credentials are stored on the spammer’s server and he can now access your account!

This type of phishing scam happens with all kinds of financial companies so please take a moment to review the precautions below.

If you receive an email from AMEX, PayPal or any other company that may have your sensitive information, please consider the following:

1.      Do you even do business with the sender of the email? If you don't have an account from the company (or the company they're pretending to be), then it's spam. What's more, if you do have an account with the company, log in yourself from a web browser (NOT THE LINK IN THE EMAIL) and check to see if there truly was a charge on the account

2.     Again, DO NOT click the links in the email. Links like, “Click here to view the details of this transaction” are commonly used to steal your information and spread viruses. If the email is indeed spam, then the link will redirect you to a fake webpage designed to trick you into logging in with your real account information. If you’re curious about your account, open a web browser yourself and manually enter their web address. Again, never log in through an email link.

3.     Companies like PayPal (AMEX, ADP etc...) will not email sensitive information to several people (especially different people). Generally, you have a single email address that they will use for communications.

4.      If it seems fishy, then it’s probably a phishing email.  

Mark Unsafe Email as Junk

Our spam filter works hard and stops a lot of junk from coming through. However, some things can slip through the cracks. Always use your best judgment and never log in through an email link.

Now you have a solid understanding of what types of messages to avoid, right? Good. Now when you identify an email as spam you can mark it as ‘Junk E-Mail’ in Outlook.

To do so, simply right click on the spam message, mouse-over ‘Junk E-Mail’ and click ‘Add sender to Blocked Senders List’.

You will now see the pop-up below which indicates that the sender will be blocked, and the message deleted. Simply click OK and you’ve successfully blocked the spam.

I received a spam email from someone I know, should I still block them?!
It’s possible for some spammers to send email as a person or company with whom you actually communicate. This practice is called spoofing. Spammers use an email address and/or name they've gathered and make the email look like it's coming from that person to fool you.

In these rare circumstances, you may not want to block them. Instead, you’ll have to delete the messages that are spam and manually filter the junk. There is also a chance that their email account has been compromised. It would be a good idea to give that person a call and advise them to change the password on their account.

Have a great month, everyone!

-Keith

Please don’t hesitate to shoot me an email if you have a something that you think will make a good tip. You’ll get credit on the blog for your contribution and I might give you a high-five!