[AI] How to avoid email threats

Sudhir R (NeSTIT) sudhir.r at nestgroup.net
Mon Mar 24 02:24:15 EDT 2008


How to avoid email threats



Checking your email has become a dangerous business. The number and types of email borne threats that can cause harm to your computer or your privacy are growing.  Sometimes the actual danger imposed by these threats can be over hyped, but you still need to know what could constitute a dangerous email message and how to respond to the threat.


Virus attacks


When emails are sent as plain text, it becomes impossible to contract a computer virus just by reading email. That's because something -- a programme, worm, or other active threat -- actually has to run on your computer in order to infect it.  Increasingly today, we all send and receive emails in HTML format, this makes users more vulnerable to contracting a potentially destructive computer virus that plain text emails.  As when an email is sent in an HTML format (the same format used to create Web pages, on which various types of programmes can be run automatically) the possibility of receiving a virus on reading an email message does exist.

There are, however, ways to safeguard against this. The first is to keep your email security programme updated, downloading and applying the latest security patches and fixes.  Second is to set up your email programme to allow messages to be read only in plain text format. Most email programmes provide this option. In Microsoft's Outlook programme, for instance, you would open the Tools menu, and select Options.


Then, from the Options dialog box, click E-mail Options, and select the check box labelled "Read all standard mail in plain text."



Dangerous links


Remember, though, that most email viruses are contracted when you perform some action, such as opening an infected attachment or clicking a link that takes you to a site that downloads a virus on to your computer.


So the golden rule of reading email is this: if it looks suspicious, don't open anything attached to it or click any links in it. These days, in fact, it makes sense not to click links in email messages at all. Instead, if you think a legitimate source has sent you a message, open a web browser separately and visit the website.



Email 'bomb' at work


An email "bomb" refers to the large number of email messages sent to an account with the primary aim of bringing the account down. When an email server is flooded with email messages, it is unable to receive other email messages and effectively becomes useless.  An account that receives an email bomb will also experience an interruption in the transfer and processing of legitimate mail, as well.  Email bombs are particularly dangerous as even if an email server is brought down to stave off the problem, the email bombardment will continue where it left off when the server is restarted.  Another type of "bombing" occurs when a user signs someone for multiple newsletter services and other automatic email generation services that can bring a person's inbox to its knees.


The only way to recover from an email bomb is probably to contact your Internet service provider for help. It may be necessary for you to disable or change your email address, at least temporarily.



Spammers on the move


You think those spam mails only clutter your inbox, there's more they can do. This includes installing spytools or other malware on your comp.  Sender of spam and potentially harmful emails use a number of tactics to get your email address. If you have posted your email address anywhere on the Internet, it can be "harvested" by programmes designed to scour the Internet and retrieve freely available email addresses.


To prevent this from happening, never post your email address anywhere on the Internet -- including message boards and personal websites -- in an unaltered form.


If you must post your address somewhere online, write it in a form that is understandable by humans but not by a machine, such as "yourname -- at-- hotmail.com." Also, take advantage of the multiple email accounts you can have.



Email Spyware


Another significant email threat is email spyware. Most often transmitted as part of another related software programme, email spyware compromises personal information, distributing it to unauthorised parties. While some spyware programmes are distributed through email by association with Trojan horses, others are sent directly as a worm or virus.


An example of an email spyware is 'Ssppyy programme' which gathers sensitive information from infected computers and transmits it to an e-mail address. Ssppppy arrives as an electronic greeting card, and, once opened, the e-mail spyware installs itself surreptitiously on the user's computer.



Can kill privacy


Emails can also threaten your privacy. Remember, they can be forwarded to any number of people and can be used against you. If you do not want to risk the whole world knowing something, it is best to convey it verbally.  Use the 'Reply All' button sparingly and thoughtfully. Someone ended up forwarding his PAN number to the entire office!



More information about the AccessIndia mailing list