by Dave Moore, CISSP
08/14/2022
Invented in 1971 by Ray Tomlinson, Electronic Mail changed the way people thought about the US Department of Defense’s predecessor to the Internet, ARPANET (Advanced Research Projects Agency Network).
“E-mail” was an instant hit, and from its humble beginnings, over 300 billion emails are now sent every day. Sadly, a huge portion of that email is annoying, and sometimes dangerous junk mail. Email safety and security is a big deal.
As with most Internet activity, privacy and security are two different ideas. There is a great deal of overlap between the two, but they are often distinctly different.
Email security begins with passwords. If you don’t have a strong password protecting your email, prepare to be hacked. The major reason accounts are hacked is because people use crummy passwords, so if you don’t want to wake up one day and learn you are locked out of your email account, use strong passwords for your email. If your account requires “security questions,” make sure you don’t use truthful answers to those questions. See Parts 4 and 5 of this series, found on the Transcript website.
If you use an email program like Outlook, EM Client or Thunderbird, there are ways of sending and receiving email that are better than others. SSL (Secure Sockets Layer) and Transport Layer Security (TLS) are the two major protocols used for email, but TLS is more secure. Check which one your email program is using, and choose TLS if you can.
If you use “Webmail,” which is what you do when you visit a website to do email (HotMail, Yahoo, MSN, Gmail, etc.), then much of your security depends on how good of a service you are using. You are literally at the mercy of your email provider. Gmail and Outlook online are pretty good. Yahoo is the worst. A few years back, Yahoo was forced to admit every Yahoo account had been hacked; all three billion of them. They have the worst email service on the planet.
The most dangerous emails you will get will be from your friends; this is because many computer viruses send a copy of themselves to everyone in the victims address book. You’ll get an email from someone you know and the temptation is to open the mysterious attachment it carries. Don’t. A healthy dose of suspicion will serve you well.
Learn how to spot fake emails, and don’t open them, no matter how enticing they may seem. If it’s from a stranger, or unknown business, and the subject line seems a little “off,” just delete it. Don’t look at it to see what it is, just get rid of it. Better safe than sorry.
Be wary of email attachments. If you don’t know what it is, don’t open it. Going back to dangerous emails from your friends, I tell folks my email attachment policy: if you are going to send me an attachment, you need to tell me in the body of the email, “Hi, Dave. I’m sending you an attachment. It is a (photo, document, etc.) Here is the filename: listofstuff.doc.” If that information is not included with the attachment, it goes straight in the trash, no exceptions.
A good antivirus program is supposed to catch bad virus-laden emails, but every now and then, something may slip through. Use your brain, instead of depending on an antivirus program to magically protect you, and you’ll be safer.
Next week: fake email, fake websites.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or internetsafetygroup.org