Karl W. SwartzComputer Notebook — Keeping Your E-mail Safe

(I recommend you read this excellent article on email spoofing.)

0. Do not respond to email solicitations. I am labeling this #0 because I am adding it last and don't want to renumber everything else; but also, because it is really #0, in that it seems to have become the most common really dangerous thing that people do these days. And this is responding to email from people they don't know, who are impersonating a company or government representative (or something similar) claiming they need to "verify" some personal information about them, or an account belonging to them. Anyone (except perhaps you, if you don't get this) can easily forge a company logo or letterhead by simply copying-and-pasting from the company website. Get this! No legitimate company or government representative will ever solicit your personal information by email! Know who you do business with, and ask for verification of any suspicious email! Do NOT request this verification by responding to the original email! Contact the company by telephone (NOT the number they provide for you in the email, but the number you find on the statements they have previously sent you (you did save some of these, didn't you?). If you are clueless about whatever they are asking of you, then you have no business responding to them!

I'm going to repeat what I said in my section on viruses: If you wouldn't give out this kind of information, or respond to this kind of 'offer' from someone soliciting you on the telephone, why, in God's Name do you think it's all right to do so on your computer???? Wise up, the internet is rife with scam artists, and they succeed by preying on your trust and naïveté.

1. Do not assume that any email is safe. Virus programs can spoof, or forge, a return address to appear to be from someone altogether innocent. A virus program on your computer can get addresses from your address book, from emails in your inbox that have not been added to your address book, and from internet pages in your browser cache. It can send a copy of itself to any (or all!) of these address, and make it appear that it was sent from any of them also. Just because it appears to be from a friend does not guarantee that they actually sent it, or that it even originated on their computer.

2. Do not open any unknown attachment. Unless you know the sender and are expecting the file from them, do not assume that it is safe. Under no circumstances should you ever open an attachment which you have received unsolicited from someone you do not know. If you receive an unexpected attachment from someone you do know, contact them for confirmation before opening to ensure it was they who actually sent it. Do not open attachments from your ISP, from Microsoft, from your bank or credit card company, or any other organization. There is never any legitimate reason for any of these to add an attachment to an email, and they will not do so without prior notification.

3. Do not forward 'chain' mail. Not only is this a waste of computer resources and everyone's time, but it is also one of the primary mechanisms of making your email address available to virus programs and spam marketers. The next time you wonder how "they" got your email address, think about how many other computers may contain your address. It certainly exists on every computer to which you have sent an email, and on every computer to which one of your emails has been forwarded. Remember this the next time you start to forward a chain mail you have received!

4. Do not use simple subject lines. Virus programs which automatically generate emails cannot know you intimately, and therefore can only create a generic subject such as "Hi", "The information you requested", "About our meeting", and so forth. You should always avoid such generic simplicity, and strive to make your subject very specific and descriptive. Good examples are: "Minutes of the faculty meeting on 11/16/04", "My follow-up on our conference last Wed 11/17", "My concerns about Shelly's 5th grade math", etc. If you enclose an attachment, then describe it fully in the body of the email so the addressee will have no doubts as to its contents. If your subject and description are explicit and of a nature that is knowable only to you and the addressee, then you will eliminate concern about the validity of your mail.

5. Do not allow scripts in your email. In your email preferences, or options, turn OFF any reference to scripts or script processing, or javascript. These are all programming instructions to do clever things, but they can also be used to do very destructive things. A cute and clever email is not worth the risk of losing all your data. I would also strongly suggest you send and receive only plain text messages. There is invariably an option to send and receive HTML, and this is usually ON by default. Turn it OFF. Your messages may not look as pretty, but you also won't inherit malicious code.

6. Finally, turn OFF the "Preview" mode in your email application! If your screen previews, or displays your mail immediately upon selection, then you have already opened it! Give yourself back the option to open as a deliberate action. This will then also give you the option to <Delete> without opening if you so choose. In Outlook Express, select <Preview> (down arrow), then un-select <Show Preview Pane>. Personally, I would remove this option altogether:  Right-click on the toolbal, select <Customize...>, under "Current Toolbar Buttons:", select <Preview>, then <Remove>. For other email software, look for similar options. You CAN regain control of your own computer!

Copyright © 2004, 2010 Karl W. Swartz — http://KarlSwartz.com
You may freely reproduce and share this text, only if it is not altered and includes this notice.