If you’re anything like us, the go-to method of communication in your office is email. It’s not the best way to communicate, but it’s certainly one of the most widely adopted. Unfortunately, that means it’s one of the easiest places for someone with a nefarious agenda to attack. Hackers have had decades to come up with new tricks.
In this post, we’re going to discuss some of the best practices for general email usage. The tips below aren’t for any specific service or program. No matter how you get your email, there are certain rules you should follow in order to avoid attack.
Let’s start from the beginning. Choosing a complex password is essential to security for all computer systems. Microsoft recommends that complex passwords contain characters from three of five categories. Uppercase, lowercase, numbers, Non-alphanumeric characters, and Unicode characters. The chosen password must also not contain more than two consecutive letters also found in the account name.
It’s also important that you have different passwords for different services. The reason is that, in reality, there’s not much you can do to prevent hackers from getting your password from Target or any other service you’ve set up an account with. However, you can mitigate the amount of damage they can do with the password they find. When a hacker obtains a password, one of the first things they do is test that password and username against banking websites and software, then they move on other services. The goal is typically to get ahold of the holy grail; your credit card numbers that could be stored with that service. By having different passwords for different services, you stop the attack with only one account being compromised.
One of the best ways for an attacker to infect your computer is to send a file to your email with some official looking language in the body, telling you open the file. Once you open the file, the outbreak starts. It’s impossible to predict how it will start, and what will be infected. There are just too many methods in the wild to make any predictions. Once you’re infected, your best weapons are a good piece of anti-virus software and a recent backup of the system. Be wary of any and all attachments sent from unknown sources. Abstinence is the safest method of protection.
Spam mostly consists of bulk email that is soliciting some sort of business. Perhaps it’s trying to sell you a new computer or advertising some service that sounds interesting. This mail can clog mail servers and slow them down. In order to prevent spam, we’d recommend that you don’t publish email addresses on websites, and don’t just give your address to any text field asking for it.
Many of the services sending these emails are trying to amass more email addresses to add to their lists, then they sell them to the highest bidder. Some companies buying these addresses are legitimate, and just looking for a wider audience for advertising. Others, however, could be purchasing the addresses so they have one more piece of the puzzle leading to access to your accounts.
Phishing is the act of trying to gain information through social engineering. The people that send these messages are simply looking for information that could lead them to your passwords, and ultimately, your money and identity.
Most of us have received email from the Nigerian prince that needs to transfer some money to the US. Even though he’s a wealthy member of some sort of royal family, he’s resorted to sending emails to complete strangers, hoping some kind soul will help him out of the dire situation he’s found himself in. We know not to respond to these emails. It’s obviously a scam. However, some of these aren’t as obvious.
One of the most effective phishing techniques involves the user receiving an email that appears to be coming from their bank. The message usually says something is wrong with the account, or that there’s been a bank error in the user’s favor. The user is instructed to click on a link which takes you to a website made to look like the banking website. It asks for your credentials, but once you input them, it says something is wrong the info provided, then forwards you to the actual banking site. Once there, the user inputs the credentials, and enters the site like normal. Seeing nothing wrong, the user thinks nothing of the warning, and moves on with their day. Meanwhile the hacker has banking credentials that work.
These are some of the most basic ways to protect yourself from attacks on your email. A good password and a little no-how is your best defense. If you have any questions about best practices or concerns about the security of your email, feel free to contact us. You can reach Responza West, in Seattle, WA, at (206) 762-5100, or Responza East, in Charleston, SC, at (843) 990-9200.