One of the most mismanaged items across businesses today is the email inbox. Floods of emails from clients, co-workers, listservs, court notifications and junk quickly overwhelm our inboxes lowering our guard against online threats lurking in plain sight. Most of us think we are smart enough to avoid being swindled by a congratulatory $5 million lottery-winning email, but unfortunately not all threats are so obvious.
Many buzzwords are used daily to describe potential threats and how to handle them, but without a proper understanding of the definitions they can add to the frustration.
Spam: unsolicited email, often advertisements
Opt-in: permission to add email address to one or more mailing lists; subscribe
Opt-out: request to remove email address from one or more mailing lists; unsubscribe
Phishing: deceitful email designed to steal personal information
Spoofing: deceitful email changing sender’s name to appear as a legitimate sender
Whitelist: list of “approved” senders explicitly designated as being safe
Blacklist: list of “blocked” senders used to proactively reject delivery of incoming emails
Email filter: software that screens emails based upon sender information or content
False positive: legitimate email blocked by an email filter
Malware: malicious code often spread via email messages, attachments and internet downloads
Definitions: criteria utilized by anti-malware software to determine threat level and classification of safety
Receiving unwanted emails, especially those containing malware, can be maddening. To prevent harmful threats from slipping through, occasionally email filter settings are too stringent, causing valid emails to be blocked. Sometimes these emails end up in the junk mail folder, while others are blocked at the server level, requiring access to a list of blocked emails so you can release any false positives. Even with the best IT department or email filter, it is important to remember that new viruses and harmful code are written every day. Software definitions are updated regularly to detect new dangers, but until threats are known and detectable, these items will not be blocked. Unfortunately, there is no software package that can eliminate every unwanted or malicious email. Understanding how to protect yourself is imperative.
As Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” Many junk emails are the result of our own doing because we tend to ignore our surroundings online. When signing up for accounts or downloading software, be aware of pre-filled checkboxes opting you in to a series of mailing lists. Remember that if you opt-in, the emails received from that group are not technically spam and you must proactively click the opt-out or unsubscribe link at the
bottom of the email to discontinue receiving them. Be attentive to the sender name, the associated email address and the content of the email to ensure it is from a reputable company before attempting to opt-out. If you are unsure of authenticity, add the sender to your personal blacklist by adjusting junk mail settings. In Outlook, select message, click “Junk” and choose “Block Sender” to automatically send future messages from that sender to the Junk Mail folder.
Beware of phishing expeditions
Phishing emails often spoof major companies such as Amazon, Facebook and FedEx requesting recipients to click links to confirm information or track packages in an effort to steal personal information. It can sometimes be difficult to distinguish these fraudulent emails; remember to remain alert to the sender and associated email address, and review content for spelling errors and bad grammar which are common in phishing emails. When in doubt, contact the company directly without using links or phone numbers contained within the email. If you know the website, open an internet browser and manually type in the address to log in to your account. Otherwise, Google the company to find the correct web address, phone number or email address to contact a true company representative to determine any account issues.
Caution before clicking
Computers are often infected via malicious links and email attachments. Only files and links that you are expecting from senders that you know should be opened. Do not assume that emails from people you regularly communicate with are safe, especially if the body of the email seems strange. If you are unsure of a link, hover your cursor over the link without clicking to display the address of the link. If this address is a series of numbers or does not match the text, do not click it.
Do not attempt to open file types you are unfamiliar with, including Microsoft Office attachments that end with the letter “m” or “b” (ie .docm, .xlsb) unless you know the sender meant to send them to you. Such file types could contain harmful code that will automatically execute upon opening of the file.
By remaining alert and reading before clicking you can prevent a lot of potential headaches.•
Deanna Marquez ([email protected]) is a co-owner of the Indianapolis-based legal technology company Modern Information Solutions LLC. Areas of service include traditional IT services, software training and litigation support including trial presentation services. The opinions expressed are those of the author.