Email Safety

Email has become dangerous these days, because of malicious people that circulate viruses. You might receive a virus even from a trusted friend, who was infected, so it is best to be prepared.
Also, the "spam" (unsolicited email) has increased to a point where sorting out legitimate email is becoming more difficult and time consuming.
The guidelines below are intended as a general guide. Although they are targeted at Windows users, they can be adapted to other operating systems (nobody is secure).
They might also lessen the amount of infected messages I am receiving from some of you unwittingly:-(

Notes:
This page has no images, to make it easier to save.
I know that the plural of "virus" can be "virii", but I prefer "viruses" myself:-)

General

No matter what email program you use, it is always safer to open your email messages first with a text editor , like notepad.
A way to do this is to save your message on your desktop and then shift and right click on it. In the pop up menu choose "open with..." and choose Notepad from the applications (uncheck "Always use this application...").
A faster way is to use "find" to locate your sendto folder and drag there a shortcut of Notepad, or your favorite text editor. Then, when you right click on your message, you can choose "send to" ... Notepad.
That way, you can read all plain text messages (including the headers, which help you to trace the sender of the message, but that is beyond the scope of this page).
HTML mail will look ugly and difficult to read, but you can roughly find what the HTML message is all about, by looking for the text outside the HTML tags (<>). If the message is about a "get rich quick" scheme (or worse...), it is not worth reading anyway.
If you find the word "multipart" , scroll down to see what the other part is. It is probably just HTML, but it might as well be a virus.
Also, sometimes, mainly in advertising or malicious messages, you might see the words "encoding: base64 " and a message source that, although stated as plain text, is unreadable. Do not open this message. Base64 encoding is used mainly for executables.
If the next part is other than text or HTML, it will be just a bunch of nonsense characters, with the indication, just before these characters start, of the name of the file attachment.
If the file attachment has 2 extensions (like image.jpg.pif), then it is almost certainly a virus. Do not open the message
Some (second) file extensions, that might indicate a virus are:
VBS, VBE, EXE, SCR, PIF, LNK, COM, BAT, HTA, SHS, SHB, SCT, WSC, WSF, WSH (there might be others).
A common trick is to use the COM extension, disguised as a web link.
If you see the words: iframe anywhere in the message source, do not open the message! Iframes have a legitimate use in web pages, but in emails, they are just a way to download the virus.
Virus writers take advantage of a shortcoming in Windows to make you open their viruses. Windows hides some files and most file extensions, by default. Thankfully, you can change this.
Open a folder or "my computer" From the menu choose: view->options. Uncheck "hide files of these types.." and check "Show all files". Then uncheck "Hide file extensions for known file types". Select "ok" and you are done.
All of the above apply to all messages, even to those from friends, unfortunately, because viruses strike everybody :-(
Also, bear in mind that some of the newer viruses mascerade as coming from your real friends, or even from your email service (" Undelivered mail returned to sender " is a common header of these).
Do use an antivirus software with the latest updates, but don't count on it as your only protection. New viruses appear every day, plus the email format seems to be quite difficult for most antivirus programs to handle; they may miss some (at least until you open the message).
The best antivirus (in my and many other people's opinion) for email viruses is f-prot. It comes in Windows and DOS versions. The DOS version is free for personal use.
Even if you have another antivirus program, do download f-prot for DOS (and update regularly). Unzip into a folder and make a shortcut to it, either on you desktop, where you can drag any suspicious program or message, or in your send to folder. Be sure to read the message on whether a virus was found!
Although not absolute, the latest viruses add 40 or 120-130 kilobytes to a message, so if you see a message of similar size, do not open before passing through a fine tooth comb (so to say).
Another string to search for in HTML emails is width="1" height="1" with or without the quotes in an image link (img src) or an image link whose URL does not finish with the image filename (like image.jpg), but with question marks and other code, following the file name. These are called "web bugs" and their purpose is to check whether you opened the message, what is your IP address and other details about you (connected to the email address they sent the message) supplied by your web browser (it doesn't matter if you are using an email program - HTML emails are opened by your browser), so that the web site can collect more information about you.
There have been heated discussions about web bugs, used for marketing purposes and most people don't like this invasion on their privacy. BTW, any image linked from an internet URL (and not attached to the message) can give the web site some information about you, since your web browser requests the file from the server, but web bugs are more specific and detailed.
The simpler way to beat web bugs is to open your messages offline , if you have a dial up connection (with Outlook Express you can go "offline", even when connected to the Internet - just double click the "working online" at the bottom and choose not to hang up your modem).
Whatever you do, never open any attachment, even from a trusted source, before double checking it for viruses.
Having your web address displayed on a web page (like me) also invites you to all sorts of "marketing" email or spam. In addition to this, your pages are saved on your visitors' computers' browser cache, from where viruses collect addresses to send themselves. It is a risk you must be aware of and be extra careful to protect yourself and others.
You could write your address in the web page in a way that robots could not use it (so far), like "nameATcompanyDOTcom", but it wouldn't be clickable and so not very user friendly. This is a legitimate way to show your email address - if you choose to do so - in your messages to newsgroups, though.
Finally, it should be mentioned that there are some programs, from free to prohibitely expensive, some for ISPs and some for end users, that are supposed to help preventing spam.
Some of them make it easier for you to work with messages on the server, others are just classifying your email for you, others block certain addresses. They have a varying amount of success. The main problem most people have with them is the blocking of genuine emails (some ISP based programs block entire domains - too bad if you have some friends with email accounts on the blocked domains). And of course, they don't protect from viruses.
By all means, use one that works for you.

Outlook Express

Outlook Express (OE for short) seems the most widespread email program used. After all it is versatile and free, plus it comes as default on most new computers.
OE has been accused of many things, mainly safety related, but that is no problem, if you do what is oulined below. It is a little unsteady and might lose some messages (be sure to save important messages separately from time to time - use the export function, or just drag them to a folder, while you still have them), but that's another matter.
If you use Outlook Express, you don't have to use Notepad to open a message; you can view the message source from within OE. Choose from the menu, while a message is highlighted:
file->properties (or right click on the message and choose properties). Press the tab "Details" and press "Message source". Then maximize the window and you will have the same view of your message as you would if you opened it with a text editor. If it seems like too many mouse clicks (and it is), drag it on your desktop and right click on it as explained in the "General" section above.
Before you do this, you must disable the automatic preview of messages . This is where most viruses start their attack. Choose from the menu: View->layout. Uncheck "Show preview pane". That way, there will be no automatic preview of all messages.
You will be presented with a list of your messages. That way, you can immediately delete those that are obviously spam and check as above on the rest.
After checking, you can open any message by double clicking it.
Rules help to sort out your email as well. You probably know that you can use folders to manage your email, depending on the subject or the sender. The most useful rule, is the one where you separate the emails that are not addressed to you, to a separate folder, maybe named "Mass mail" or something similar.
You choose from the menu tools->message rules->mail. Choose "New mail rule". Give it a meaningful name in the bottom (mass mail). Check the square "Where the To line contains people" in the top pane and go to the third pane and press the link to "contains people" to define it.
In the new window, type your full email address in the first pane (or more addresses - one at a time - if you use more than one) and press "add" (once for every separate email address).
There is another button called "options". Press this and you are faced with a new window. Check "Message does not contain any of the people below" and "Message matches any one of the people below", if you have more than one email addresses. Press ok to get to the first screen of "New message rule" and choose the action from the second pane. You can move it to a folder or delete (in your computer or in the server).
If you are afraid of losing any message, you can create a "massmail" folder and move all these messages there to check them (if after sufficient time, you find out that this folder never contains anything you want to keep, you might decide to delete from server, to save yourself the time needed to download useless messages). Go to the third pane and press the link " specified" folder. In the window that pops up, you can make a new folder, if you don't have one.
Press "ok" to close all windows.
You will still receive some spam addressed to you, but the amount will be much smaller.
If you belong to mailing lists, where the "To" line is not addressed to you, you must make a new rule defining some special characteristics of these mailing rules (maybe they are always from the same address, or they are addressed to the same address, or their subject contains some words) and move the rule up to be processed before your mass mail one.
To be on the safe side, in case you open a malicious message, also choose from the menu:
tools->options->security and check the Restricted sites Zone
Just to save yourself some more trouble, choose from the menu:
tools->options->maintenance and check "Empty messages from the "Deleted Items" folder on exit" and "Purge deleted messages when leaving IMAP folders", so you will not have to delete your deleted messages twice.

If all else fails

If you seem to be getting a lot of spam, with the result that you have difficulty finding out any legitimate messages, and downloading messages takes a very long time, there are two measures you could consider:
- A "safe" list
- Working with messages on the server
The safe list works with most email programs and ISPs (even with web based ones, like hotmail ).
You make a list of all the email addresses of the people you expect to receive email from and make a rule, that messages on your "safe" list will be delivered to your inbox; all the others will go to a separate folder (let's call it "unsafe").
The system will need tweaking for a few days to include all your friends. After that, the "unsafe" folder will only need a casual glance, just to be sure you have not missed anything.
The disadvantage to this is that you may inadvertently delete a genuine email from someone not on your safe list, especially if the subject line doesn't help, or the sender is using a different email address than the one on your list.
Working with messages on the server is not feasible with all email programs or all ISPs, but if it is, you can view the message headers only on the server (or just download the headers), download the messages you choose and delete the rest directly on the server.
This saves you a lot of time, especially with the 130 kb or so virus infected messages. If combined with a safe list, it should eliminate most, if not all, email safety problems and also save you a lot of time, especially if you pay for your connection by bandwidth or time.
To prevent deleting genuine messages, you could ask your friends to include a "safe" keyword on the subject, a word that would be unlikely to be found otherwise.

Safer e-mail Programs

Since the time the above were written, Outlook Express has improved, in trying to protect those who don't protect themselves, by including the option to show messages in plain text and not allowing, by default, the opening of attachments, at the same time that the Internet has become wilder and more dangerous.
But there are safer e-mail programs for free now. The best of them, in my opinion is Mozilla Thunderbird, the little brother of the popular Firefox browser.
It has many options, skins and extensions, but - as regards safety - it has a spam filter that can be trained to analyze your messages and move them to a folder, even a phishing filter to quard against some email scams.

The above safety tips still stand, notwithstanding, because the people who make the malware or try to cheat us by email, seem to depend more and more on the recipients' ignorance of basic safety rules.

Phishing, Scams and Social Emgineering

According to Wikipedia, phishing is a criminal activity using social engineering techniques. The criminal is trying to "fish" his victim's personal information, more commonly passwords and credit card information.

Convincing someone to open a virus (disguised as a web page link) is also a form of social engineering.
This has happened lately to my daughter, who received an instant message, apparently from someone she knew, asking: "Is that you on the photo?". She clicked on the link and the result was that her computer was infected with so many malware, that it took us 3 days and 10 different programs to clean it.

So, phishing is the art of convicing someone. A few years ago, the Nigeria scam was in the news - also see Urban Legends and Wikipedia for a broader view. It had many victims and the criminals became rich with their victims' money.

So, what can you do to protect yourself?

If the message sounds too good (or bad) to be true, it probably isn't.
After all, it is highly unlikely that a criminal would like your help to take the money he stole out of his country, or that you have won a lottery in which you did not buy a ticket, or that you are likely to be invited to pose as a relative of some unknown rich person who died intestate, or that the killer, who has a contract to kill you, is going to ask you to pay to save your life (to say nothing of the unlikeliness of the contract).
Nobody who asks for your password is doing so legitimately. Neither banks nor Paypal will send you an email to change your password with a link to a web page. They are not permitted to ask for your password (their system administrator knows your password), but will help you, under a strict security policy, if you have forgotten it.
And certainly neither Microsoft, nor any serious software company, will send you a security update by email.
If you think that the email from your bank is legitimate, don't click on the link provided in the email you received. There are so many ways to disguise URLs, that it is safer to open your browser and type the bank (or whatever) URL yourself, or search the web for the address, if you don't remember it.
If the sender of the email seems to be a person you trust, don't be too sure, especially if you did not expect this message. It is possible that the sender's email address is fake.
If in doubt, copy the URL given (right click and copy link location) and paste it in a new text document. Examine it for suspicious indications, such as:
- A different name, before the ".com" (or ".net" etc.) part - instead of www.yourbank.com , it is www.yourbank.somethingelse.com or www.yourbank@somethingelse.com . The second part is the real web address of the server.
- A long string of strange characters, and what looks like a different URL in the end, like http%3A%2F%2Fsomething.com%2Fdirectory%2F , which is a way to redirect you somewhere else.
  In fact, any string of strange characters is suspicious, since it could be encoded
Now seeing this written, one might say: "I am not so naive" and that is true - most people are not that naive, but sometimes the circumstances make us more prone to fall victims. Maybe it is the excitement, or somebody we trust, or the message really looks genuine.
It has been reported that some email and URL spoofing attempts are hard to distinguish, even by specialized people or software.

This information is to the best of my knowledge. Please inform me of any errors that you may find.

| Home | Picture Index |

Last Updated: