Email Safety Precautions and Best Practices
Some people are very cautious about the sites they visit and the files they download but are very careless about protecting themselves from exploitation via emails. So I thought I’d share some safety precautions you can utilize to keep from getting infected with various types of malware via your email accounts. First of all, let’s look at two different ways of handling your email: webmail and email clients.
Webmail
Webmail is what you’re using when you log into your service via your browser, such as at www.hotmail.com or www.gmail.com. You’re able to read, send and forward emails from the server’s site, and usually, they’ll offer some level of spam detection and filtering. Obviously, since you’re using your browser, it’s only available when you’re actually connected to the Internet.
Mail Client
There are a number of mail clients around. A couple of the more well-known that you’ve probably heard of are Outlook and Windows Live Mail (previously known as Outlook Express). These clients communicate with your email accounts and download incoming emails to your hard drive as well as upload outgoing mail for sending. The email already downloaded to your hard drive is available for viewing whether you’re connected to the internet or not.
Comparison
Both modes offer essentially the same functional capabilities, but using a mail client offers a couple of major advantages, beyond access to your emails even when offline.
Capability | Webmail | Email Client |
Filtering/trapping spam and malware | Yes | Yes |
Sorting/nesting storage folders | Limited | Yes |
Multiple accounts on screen | No | Yes |
Copying/moving between accounts | No | Yes |
Checking source without opening | No | Yes |
Searching for specific content | No | Yes |
Email Safety Precautions: Verifying the source of a message
One of these capabilities is extremely useful, in terms of checking out an incoming email without opening or previewing it – the ability to check the source code of the message beforehand.
A savvy individual can build an email that will display the ‘To’ and ‘From’ fields that are totally misleading. I receive emails all the time, saying that my PayPal account has been disabled or that my eBay account is about to be suspended. Both will usually show something like “PayPal” or “eBay Account Management” in the ‘From’ field.
First red flag:
These often arrive in the inbox of an email account that isn’t connected in any way to my PayPal or eBay account.
Since you already have an indication that this email may be phony, you could just delete it at this point. But out of curiosity, let’s investigate further.
First of all, if you’re using the Preview Pane on your client, click the ‘Reading Pane’ button to close the preview, then right-click on the message, and left-click on Properties. A small pop-up will open, displaying some general information, such as the subject, ‘From’, the address, message size, priority, and sent and received time and date stamps.
Clicking on the ‘Details’ tab shows the header data for the message. Sometimes this will show that the message came from someone other than the address shown in the ‘From’ field, but an accomplished bad guy will be able to mask this. Near the bottom of the pop-up, click on the ‘Message Source’ button.
Now you can see the entire message, including the HTML markup, and you can see if the message was routed through some server in Romania, even if it claims to be from Mountain View, CA. You can also read the content of the text of the message, without the potential risk of inadvertently exposing yourself to any attached malware.
Down in the body of such phishing and scam emails, there will usually be a link, perhaps a “Log in” or “Click to Confirm” button. The true destination of that link will show up in the source code, such as in this example:
| Click To Confirm |
(Notice the link I show above in bold red text)
Second red flag:
The destination of a link contained in the message is different from what it says it is.
If you find nothing that looks fishy and you feel as though the message may be authentic, it may be safe, but not necessarily. Some scripts that aren’t obvious to the casual user can still be present and can be activated by opening an email. But at least you’re now able to see a lot more than you could before, without putting yourself and your system at risk.
We’ve all heard warnings about opening attachments or clicking on links that come from people we don’t know. But these days, a lot of malware will send itself out to every address in the infected machine’s address book, so the fact that a message comes from a close friend or family member doesn’t necessarily mean it’s safe to open or click. If their machine has been infected, they won’t even be aware that the message has been sent to you.
At the end of the day, your common sense is your greatest protection. Use it and don’t get duped.
If you’d like more tips on using common sense online visit Doc Sheldon’s post on Top Shelf Copy: “The best tool you have is your head use it”.
Rob Jennings
