Malicious Mail

Malicious Mail

The Dangers of Email and How to Avoid Them

Email is one of the oldest forms of communication on the internet. It has become a standard for everything from finding a job to saying hi to mom, but like everything else that touches the world wide web, email can be insecure and even outright dangerous. “The best defense is a good offence” plays out a bit differently in the world of cyber security, after all you can’t just hunt down all the bad guys. What you can do is be vigilant and educate yourself of their tricks.

The following are three types of Malicious Email and how to deal with them:

Unsolicited/Unwanted Ads

Maybe you signed up for a newsletter and forgot about it or no longer have an interest. Maybe you didn’t and you’ve been put on the mailing list anyway. Either way you don’t want it. To be fair, this kind of email isn’t really malicious, but we still want to avoid it. The best way to do this is by using a span filter. Gmail users will rarely need to worry about this part as the built-in google mail spam filter is one of the best out there. Email Clients like Microsoft Outlook and Mac Mail app also have the option to add spam filters and can even ‘learn’ over time based upon the mail you flag as spam. For legitimate mail ads, there will be an unsubscribe link at the bottom of the email. This is the best way to avoid newsletters and the like without missing important important account updates.

Scams

You've likely all heard about the Nigerian Prince scam, right? He needs your ‘help’ keeping a couple million dollars safe from a competing power and you just need to send him your SSN and bank account info to ensure proper delivery. Most people won't fall for that one nowadays, but there are many successful scams and even the brightest person can be fooled. Your best defense is caution. Here are few notes to debunk common scams:

  • No legitimate business will ever ask for your password or other sensitive info via email.
  • Links are easily faked. Just because it says bankofamerica.com does not mean it will actually send you there and hackers are really good at creating fake websites for you login to, harvesting you passwords and other credentials. Best practice is to copy the link, just the text, and paste that into your web browser. Be sure to double check that it’s actually “bankofamerica.com” not “bankofamorica.com” or “bankofamerica.con”. Did you catch the differences there?
  • All legitimate businesses have some sort of support that you can contact. If you get an email warning of a problem with your account and it doesn’t look quite right, reach out. They will be happy to assist you.
  • Be wary of accepting payments from foreign individuals over the internet. Cashier's checks are not guaranteed and can take weeks to come up as counterfeit. The bank is not liable for damages caused by a counterfeit check.
  • Just because the email says it is from Aunt Martha does not mean Aunt Martha actually sent it.

The Better Business Bureau has a great article on this. It’s short and worth the read: https://www.bbb.org/new-york-city/get-consumer-help/articles/the-nigerian-prince-old-scam-new-twist/

Malware Carriers

Unlike scam, these don’t need you to do anything except open the email or attachment. If you get an email from an unknown or suspicious address or one with a ‘catching’ subject line like “You’ve got to see this!”, it’s probably malware. A good quality anti-virus (we at MintzIT recommend only Bitdefender for Android, macOS/Mac OS X, and Windows) will usually catch this, but your best defense is to just delete the email. You won’t die just because you missed seeing that adorable cat do a backflip, I promise.

Warmly,
Kyle Dozier, CompTIA A+, Network+, Security+, ACSP
Certified IT Consultant
Mintz InfoTech, Inc.
Serving all of New Mexico 24/7/365 for 30 years
505.814.1413 • 888.479.0690 • www.mintzit.com

No Comments Yet.

Leave a comment