Tag Archives: security

Look before you click

Think before you link.

Personal and professional computing has always been threatened by malicious parties wanting to do nasty things to you. Mostly to their own profit but not seldom just for the sake of bullying. There are many ways they try to enter your systems and a lot of software has been developed to guard us against them.
In addition to this security software I believe that common sense is a good means of defense. Today I will focus on how to regard your incoming E-mail.
The practice of sending you unwanted mail is called scam and has many subcategories like spam, spoofing and phishing.
email-spam
The first measure you should take is configuring your E-mail client not to open any mail before you want it.  The screen of your client is usually made up from several areas. Many times one area shows the content of the currently selected  mail (if you didn’t make a selection yet, this will be the top item in the listing of you inbox). Some clients come with such a screen layout as a default. And even reset it after an update.
This gives any script present in a malicious mail the opportunity to run without your consent. So you should get rid of this so called preview pane.

If you use Thunderbird (which I recommend for PC’s – it’s free) you just have to remove the check mark in front of the “Message Pane” option in the “View”/”Layout” menu, or just hit the F8 key.

messagePane

You can download Thunderbird for Windows from here.
For other brands or web mail you’ll have find out the settings on your own. To my dismay, the web mail client of my ISP (KPN) doesn’t offer a layout option without a preview pane (you can only choose for a preview below or next to the list).

spam_key
Usually you can spot spam mail easily. In fact it ‘s easier for you than it is for most spam filters. If your provider has a filter installed or your ant-virus packages checks for it, you still my encounter spam in your Inbox. Usually can can spot it by looking at the subject. Also pay attention to the  “From” column for senders you don’t trust.
If you’re sure an entry in the list is spam (or a worse form of scam) just select and delete it. Use the Shift-Delete key combination, rather than just Delete, to bypass the recycle folder.

Spoofing.

email-spoofing

By spoofing a malicious sender pretends the mail is sent from a more trustworthy source. Spoofing e-mail is easy because the cheating is done in the header of the mail, before someone sends it out to an SMTP server. When the content of the mail lures you to a webpage where you’re asked to enter some sensitive information, like passwords or pin-codes  this is called phishing. Below is an e-mail I received a while ago, opened in Thunderbird, that spoofs to be a message from Twitter.

TwitterScam

As you can see, the spam filter of my provider marked this mail as spam (prefixed the subject). Also, upon receipt, Thunderbird marked it as scam (hence the warning).
Before clicking on a link, you should just hold the mouse pointer over it and notice the real address the link refers to, in the status line at the bottom of the window.
(If in any doubt, Google for the domain).
You should also check the address of links that offer you to unsubscribe from newsletters and the like.

trustme