Email Safety – Best Practices & Tips

A lot of times, we get questions regarding the safety on email. This guide is applicable to people everywhere, not just to our clients in the Toronto/GTA area!

Easiest answer: if it is too good to be true or looks suspicious, don’t open it. No prince in Africa has left you a huge inheritance, nor did you win some mysterious Microsoft lottery!

More detailed answer of things to watch out for:

 

1. Look for misrepresented URLs/links

With your mouse, hover over (but not click) the link that says, for example www.itsupport.com, and see whether, when the mouse is held over it, it still shows ‘www.itsupport.com’, or now actually displays ‘www.ifooledyou.com’ or something. If these links are different, be suspicious.

 

2. Look for malicious attachments

Did you get an email from Canadapost or UPS saying you missed a package? Those are most-likely spam/virus delivery system. Not all the time, though. To check, do the test describe in #1. These emails also often contain attachments. They may contain an attachment that is called something like Delivery.PDF.exe (or Delivery.PDF .exe). The .exe is the thing that makes this not a PDF (Adobe file), but a malicious executable program. Another way to recognize that it is not a real Adobe file is that even though you see the aforementioned Delivery.PDF, the icon in front of it does not look like a typical PDF icon, with the red and white picture.

 

3. The URL to click, or source of email is misleading

An email from paypalservices .com is bogus (it would have been paypal.com). Also, and email that looks like it came from @paypal.com may contain both techniques decribed in #1 and #2 (more likely #1). It may also now say ‘click here to reactivate your account’ or some other bait to get you to click the link in the email. When you look at the link (or hover on top of it, as per method #1), you notice that it now gives a misleading url like paypalservices .com instead of paypal.com. This is bogus. Common variations of this also pretend to come from Facebook support (utilizing facebookmail .com instead of facebook.com) and other frequently-used websites.

 

4. If the email asks for personal information, never reply to it

If your personal information is needed or needs to be updated, just go to the website directly and do so. Do not fall for the trick described in #3 as per above, for example, and be directed to paypalservices .com or facebookmail .com to fill out those emails. If you think that the email is legitimate, simply open the browser yourself, type in the address of paypal (as an example) yourself, and log in manually. See if anything needs action. If not, it means that the email was bogus.

 

5. If the email threatens to close your account…

have your taxes audited, or the police needing your information by email or some other such odd threat/request, if you don’t respond to the email with various information, this is the same as #4, use the same precautions, as this is most-likely bogus.

 

Summary

This a general guide that allows the basic user to decrease their chances of being harmed by malicious/phishing emails.
Email systems can be compromised, so even someone you know well may have their computer infected (often without their knowledge), and have their email automatically send you an email, which contains a virus (that will attempt to infect your system as well).
Someone who got hold of that person you know may also pretend as if he’s the sender, with the same story.
Nothing basically replaces good I.T. support, a proper antivirus (that also protects your emails), as well as several other solutions that your tech support person can provide, which would harden and drastically-reduce your chances of being infected and having your data compromised.