e-Mail Threats and Tips for System Admin
e-Mails are just like postcards from which the information can be viewed by anyone. When a mail is transferred from one mail server to another mail server there are various stops at which there is a possibility of unauthorized users trying to view the information or modify it.
Since a backup is maintained for an e-Mail server all the messages will be stored in the form of clear text though it has been deleted from your mailbox. Hence there is a chance of viewing the information by the people who are maintaining backups. So it is not advisable to send personal information through e-Mails.
- Say you have won a lottery of million dollars, Getting or receiving such kind of mails is a great thing, and really it’s the happiest thing. However these mails may not be true. By responding to such a kind of mails many people lost huge amount of money. So ignore such kind of e-Mails, do not participate in it and consider it as a scam.
- Sometimes e-Mails offering free gifts and asking personal information are received from unknown addresses . This is one way to trap your personal information.
- One way of stealing the password is standing behind an individual and looking over their password while they are typing it or searching for the papers where they have written the password.
- Another way of stealing the password is by guessing. Hackers try all possible combinations with the help of personal information of an individual.
- When there are large numbers of combinations of passwords the hackers use fast processors and some software tools to crack the password. This method of cracking password is known as “Brute force attack”.
- Hackers also try all the possible words in a dictionary to crack the password with the help of some software tools. This is called a “dictionary attack”.
- Generally spammers or hackers try to steal e-Mail address and send malicious software or code through attachments, fake e-Mails, and spam and also try to collect your personal information.
Sometimes attachments come with e-mails and may contain executable code like macros, .EXE files and ZIPPED files. Sometimes attachments come with double extensions like “attachment.exe.doc” By opening or executing such attachments malicious code may downloaded into your system and can infect your system.
Always scan the attachments before you open them.
Sometimes e-Mails are received with fake e-mail address like http://infosecawareness.in/mail_icon.gif") 0px 1px no-repeat transparent;">email@example.com by an attachment named, “Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91exe" that, the e-mail claims, contains the user's new facebook password. When a user downloads the file, it could cause a mess on their computer and which can be infected with malicious software.
Always check and confirm from where the e-mail has been received, generally service people will never ask or provide your password to change.
Spam messages may trouble you by filling your inbox or your e-mail database. Spam involves identical messages sent to various recipients by e-Mail. Sometimes spam e-mails come with advertisements and may contain a virus. By opening such e-Mails, your system can be infected and your e-Mail ID is listed in spammers list.
It is always recommended to ignore or delete spam e-mails.
e-Mails offering free gifts
Sometimes e-Mails are targeted at you by unknown users by offering gifts, lottery, prizes, which might be free of cost, and this may ask your personal information for accepting the free gift or may ask money to claim lottery and prizes it is one way to trap your personal information.
Always ignore free gifts offered from unknown users.
Hoax is an attempt to make the person believe something which is false as true. It is also defined as an attempt to deliberately spread fear, doubt among the users.
How to prevent?
Using filtering software’s
Use e-Mail filtering software to avoid Spam so that only messages from authorized users are received. Most email providers offer filtering services.
Ignore e-mails from strangers
Avoid opening attachments coming from strangers, since they may contain a virus along with the received message.
Be careful while downloading attachments from e-Mails into your hard disk. Scan the attachment with updated antivirus software before saving it.
Guidelines for using e-Mail safely
- Since the e-Mail messages are transferred in clear text, it is advisable to use some encryption software like PGP (pretty good privacy) to encrypt email messages before sending, so that it can be decrypted only by the specified recipient only.
- Use Email filtering software to avoid Spam so that only messages from authorized users are received. Most e-Mail providers offer filtering services.
- Do not open attachments coming from strangers, since they may contain a virus along with the received message.
- Be careful while downloading attachments from e-Mails into your hard disk. Scan the attachment with updated antivirus software before saving it.
- Do not send messages with attachments that contain executable code like Word documents with macros, .EXE files and ZIPPED files. We can use Rich Text Format instead of the standard .DOC format. RTF will keep your formatting, but will not include any macros. This may prevent you from sending virus to others if you are already infected by it.
- Avoid sending personal information through e-Mails.
- Avoid filling forms that come via e-Mail asking for your personal information and do not click on links that come via e-Mail.
- Do not click on the e-Mails that you receive from un trusted users as clicking itself may execute some malicious code and spread into your system.