Email safety

Properly Managing Your Email 

  1. Keep a minimum of three email accounts. Your first email account should be used for personal conversations and contacts, and your third email account should be used as a general catch-all for all hazardous behavior. 
  2. Your second email account should be your work account that is used exclusively for work-related conversations.  Don't risk your company's security by using a personal computer or email address at work.
  3. Your third 'catch-all' account should be used to sign up for newsletters and contests.  You should plan on having to dump and change out this account every six months.
  4. When you are checking your email at a public computer, you need to log out of your email and close the browser window completely. 
  5. Delete browser cache, history and passwords.

    Mozilla Firefox - Ctrl+Shift+Del
    Opera – Tools + Delete Private Data. 
    Microsoft -  Tools + Internet Options 
    click 'Clear History', 'Delete Cookies', and 'Delete Files' 
    Google – More tools + Clear browsing data 

  6. Do not use un-secure email accounts to send and receive sensitive corporate information. 
  7. Unless you need a written record of something or are communicating across the globe, consider whether a simple phone call rather than an email is a better option. Compared with accessing email through a public computer, a phone call is more secure option.

Emailing the Right People

  1. Don’t use the Blind Carbon Copy (BCC) option.  
  2. Don’t use the "Reply All" button.  
  3. Be careful forwarding email.  Forwarding emails can create a significant security threat for yourself and the earlier recipients of the email. As an email is forwarded, the recipients of the mail (until that point in time) are automatically listed in the body of the email. As the chain keeps moving forward, more and more recipient ids are placed on the list. 

Avoiding Phishing Email

Phishing is a type of online fraud wherein the sender of the email tries to trick you into giving out personal information or clicking on a link as a method to try to steal your identity or your money.

  1. Don’t send personal and financial information via email.  Banks and online stores provide, almost without exception, a secured section on their website where you can input your personal and financial information. 
  2. Avoid writing any company that requests that you send them private financial or personal information via email.
  3. Be careful when unsubscribing to newsletters you never subscribed to.  If you don't specifically remember subscribing to a newsletter, you are better off just blacklisting the email address.
  4. If you accidentally open a phishing email, do not reply or click on the link in the email. If you want to verify the message, manually type in the URL into your browser.

Signs of phishing include:

  1. A logo that looks distorted or stretched.
  2. Email that refers to you as "Dear Customer" or "Dear User" rather than including your actual name.
  3. Email that warns you that an account of yours will be shut down.
  4. An email threatening legal action.
  5. Email which comes from an account similar, but different from, the one the company usually uses.
  6. An email that claims 'Security Compromises' or 'Security Threats' and requires immediate action.
  7. Review the signature.  Legitimate businesses always provide contact details.
  8. The hyperlinked address is different from the address that is displayed
  9. The email asks you to make a donation.
  10. You didn't initiate the action of the email subject.

Avoiding Email Malware

  1. Don’t always trust an email from someone you know.  Malware and viruses can be circulated by people who have no idea they are sending it, because hackers are using their computer as a zombie. 
  2. Blacklist spam instead of deleting it.  When you 'blacklist' an email sender, you tell your email client to assume that they are spam. 
  3. Don’t disable the email spam filter.  
  4. Scan all email attachments.  Many free email clients provide an email attachment scanner built-in. You can first forward your attachments to that account before opening them.

Keeping Hackers at Bay

  1. Don’t share your account access information with others.  
  2. Don’t use simple and easy-to-guess passwords.  
  3. Encrypt your important emails.  
  4. Encrypt your wireless connection.  
  5. Use a digital signature whenever you sign an important email. 

Red flags you're about to get scammed

  1. Links that are the only content in the body of an email.
  2. Bit.ly or otherwise shortened links. 
  3. Hyperlinked text.
  4. Inordinate number of recipients.
  5. Vague, generic or nonexistent subject lines.
  6. Intense enthusiasm.
  7. Grammar and spelling errors.
  8. Strange requests.
  9. Urgent message.
  10. Sensitive information requests.
  11. Surefire guarantees promise.

You might have been hacked if:

  1. Friends and family are getting emails or messages you didn’t send.
  2. Your Sent messages folder has messages you didn’t send, or it has been emptied.
  3. Your social media accounts have posts you didn’t make.
  4. You can’t log into your email or social media account.

What to do if email is hacked:

  1. Make sure your security software is up-to-date.
  2. Set your security software, internet browser, and operating system to update automatically.
  3. Update your system and delete any malware.
  4. Change all your passwords.
  5. Check the advice your email provider or social networking site has about restoring your account.
  6. Check that your email signature and "away" message don’t contain unfamiliar links or forwards. 
  7. Look for changes your social networking sites, look for changes to the account since you last logged in.
  8. Tell your friends that they might have gotten a malicious link.