Using Email Safely

Anytime you send or receive communications on the Internet or browse a Web site, there are opportunities for individuals to intercept your communications to obtain your email address. If you post to a Usenet newsgroup, list your email address on a Web site, or fill out insecure forms on the Web, your address can be collected by spammers, individuals who use email addresses for commercial advertising to try to gain profit for themselves and to get rich quick.

Listed below are the most important tasks that are covered in this section:

Dangerous Attachments

Electronic mail can be a major source of security concern. E-mail attachments are an important medium through which viruses, worms, and Trojan Horses spread from one computer to another. Every email attachment is a potential threat to your computer’s security. Choose your email client software carefully.

Regardless of its origin, be cautious and don't open any attachment unless you know the sender. Also, never run or open any attachment from your email program unless it has been scanned with an up-to-date antivirus program. If you're not certain that your antivirus program is working automatically, save the attachment to your hard drive and scan it manually before you open it.

Return to Top

Protecting Against Spam

Junk mail, known as spam, is becoming a very lucrative business for those who use the Internet for commercial advertising. Since email is reasonably inexpensive, senders can blast it out by the millions at a rate much faster and cheaper than using other means such as that delivered by the postal service. Spammers can use automated programs to find email addresses on the Inter­net very quickly. Unchecked, spam will not only overwhelm legitimate mes­sages but may include viruses that can be dangerous to your computer. Always run antivirus software and keep it up to date.

There are several ways to prevent spam email from reaching you:

Despite your best efforts, you will probably still be subject to a certain amount of spam. Some tips for dealing with spam are:

In most cases, it is usually best to decline from providing your email address to any company or organization. UITS at IU offers an antispam service that quarantines suspicious email. This service scans all incoming email for potential spam. For more information about the IU spam quarantine service, see:

http://kb.iu.edu/data/spam.html

For information about other spam filtering options, see:

http://kb.iu.edu/data/alfb.html

You can purchase disposable email addresses from address services such as http://www.spamex.com or http:// www.mailshell.com. For a fee, these services allow you to create a new disposable email address whenever you need to supply one. If spam starts coming to one of the disposable addresses, you can simply turn off the address. You may also be able to determine who supplied your address to spammers.

Return to Top

Protecting Against Phishing (Spoofing)

Phishing is a method that uses spam or pop-up messages to steal identities. Typically it involves an official looking email spoofing its origin to look like it is from a credit card company or bank, or even from Indiana University. It may inform you that a security breach or system failure occurred and states that you need to go to their Web site to verify certain information related to your account. The Web site will look virtually identical to the actual institution’s Web site, but it is counterfeit intended to lead persons into divulging information required for identity theft. To view some samples of current phishing Web sites, go to:

http://www.antiphishing.org/phishing_archive.html

E-mail attempts to obtain personal financial information for fraudulent purposes is growing dramatically. Some tips to avoid getting hooked by a phishing scam are:

If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you have been scammed, file your complaint at http://www.ftc.gov. Also, if you fall victim to an attack, alert your financial institution immediately. Place fraud alerts on your credit cards. Monitor your credit files and account statements closely.

For further information regarding email fraud and phishing and what to do about it, go to the IU Knowledge Base at:

http://kb.indiana.edu/data/afvn.html

Return to Top