Email security – how to keep your computer safe

Email security breach

One of the most frequent questions we’re asked is “how did this virus get in to my computer / how did this happen?”. Answers can vary be quite complicated but one of the most common methods is through a suspect email you’ve received. The culprit email may come from an unknown source but often arrives from what appears to be a source you know and trust. The real question you should be asking is “what can I do to prevent this from happening (again)?”. Thankfully, there are a few simple rules that you can follow to prevent these nasties from slipping through your defences.

Avoid clicking links in emails

 

https://www.westpac.com.au/content/dam/public/wbc/images/other/security/email-scams/20160607-Security-Message-From-Westpac.jpg

Often, you’ll receive an email from what appears to be a legitimate source¬† asking you to provide them some details. Common targets are banks, couriers and internet providers. They may claim your account has been compromised or that they need to confirm to some additional information to confirm your identity. You just need to click the ‘link’ and enter in your details and the issue will be resolved. When the email is fake, the link will send you to a website that will infect your computer or steal the details you enter. If you’ve received one of these emails and aren’t sure if it’s legitimate ask yourself these questions:

  • Would this organisation normally contact me via email? Is this the type of issue I would expect a phone call for?
  • Have I given this organisation my contact details? How do they know who I am?
  • Do I use this organisation currently? Am I expecting them to contact me?

Even if you believe that the message may be legitimate, don’t use the link in the email,¬† just go there yourself. For example, if the bank wants you to confirm your details, go to the banks website yourself or call the bank and ask them about the email.

Be careful about opening email attachments

Compromised Word documentWe all receive emails from friends with attached documents, family photos or short videos. The problems is when we receive an email from what appears to be a legitimate source with a strange attachment. Opening the attachments in these emails may compromise your computer. From there the sender can steal confidential information from your computer (amongst other things). The easiest way to know what is safe and what isn’t is to be aware of the different file types. There are hundreds of types but the important ones can be broken down into 3 simple categories:

Safe attachments: Music, pictures and video file can generally be considered safe. This means that they can be opened without worrying about security issues. Common music file extensions are .wav, .mp3 & .wma. Common image file extensions are .gif, .jpg & .bmp. Common video file extensions are .avi, .mp4 & .mov.

 

Potentially dangerous attachments: Whilst not dangerous on their own, many document types can request you to (or automatically) run a compromised virus file. The image below is a typical example of a fake Microsoft Word file requesting permission to run a virus. If coming from an unexpected source, you should be wary of these attachments. Of course, you can open documents you’ve requested or are expecting normally. These file types are normally .docx, .xlsx, & .pdf.

File type spoofing

 

Dangerous attachments: The most dangerous attachment types are executables and archives as they can directly infect your PC with a virus. Most email systems will block these file types from being sent for this reason. Whilst there are legitimate reasons for sending these files, you generally should avoid opening these files. Furthermore, a fake file type extension can be inserted to potentially hide danger as in the image below. You should be most careful of .zip, .rar & .cab for archives and .exe, .bat & .cmd for programs / scripts.

Check who really sent the email

Sometimes you’ll receive and email from a friend with poorly worded information and a link to a product you don’t care about. You might receive an email from a famous celebrity asking you to assist them in some way. You may have received what appears to be a legitimate organisation requesting additional information without links or attachments. All of these can be examples of emails origination from illegitimate sources. These emails are the most difficult to detect as (with the better written examples) you may need to delve into the technical details within an email to be certain whether the email is legitimate or not. Some of the simpler things to detect are:

  • long random email addresses (ie. fisof3n9gr_343fds@gmail.com)
  • misspelled email address (attomit@gmail.com or security@nabbank.com)

 

Finally, if you think your systems have been compromised or aren’t sure about whether an email is legitimate, you can always Contact Us for additional assistance.

Posted on: March 20, 2017, by :