This is part of Windows 10 Security course
Go to Courses Home Page
It is hard to imagine a world where email did not exist and it is the primary medium for communications for both business and private users.
There are some unavoidable security risks associated with email messaging that you need to be aware of and there are two main threats that can arise. One is email attachments and the other is phishing.
The dangers of email attachments
An email attachment is a file that is included with a message. If you want to send someone a photo, a Word document, an Excel spreadsheet, a PDF document or any other type of file, it can be attached to an email and sent over the internet. It is an easy and quick way to get a file to someone that needs it.
The standard symbol for attachments to an email is the paperclip icon. This is frequently displayed in the inbox view that lists all of your email messages.
When a email is opened for reading, it may show a paperclip icon, but it could show a file icon instead. It might even show both.
The ability to include files with an email message facility can be used to spread malware like viruses, Trojans, adware and spyware.
An email will arrive in your inbox that has a seemingly benign and possibly useful attachment and when it is opened it infects the computer with some type of malware.
Be very suspicious of any email that has an attachment. Often the text of the message encourages you to open the attached file and this should immediately arouse your suspicions.
An email might say "Attached is my resume, let me know if it is OK," or "See our offers attached," or "Please read the attached file," and so on.
Beware of emails that contain text that encourages you to click, save or open an attachment. It might say something like "Thank you for your purchase. Your receipt is attached. Please check it." You wonder what the purchase was and are therefore tempted to open the attachment and see.
There are endless variations of the text, but a common theme is that they try to persuade you to click the attachment and open it. Don't.
Malware spreads through email and if a computer is infected then it may email copies of itself to everyone in the user's contact list. If someone you know sends you an email with an attachment, ask yourself whether it is safe or whether it could be malware. An attachment in an email message from a friend could mean that they have been infected with malware. Avoid opening the attachment unless you know it is safe.
If an email has an attachment that is some form of malware and you do nothing then they do no harm. If you ignore an attachment and you do not save it, click it or view it, then nothing bad will happen.
There are two ways to use email and you can either run an email program on the computer or you can access your email in a web browser by going to a website. Microsoft Outlook.com, Yahoo! Mail and Google Mail are three popular web-based mail services.
When you access your email through browser, you may see email messages that have attachments. Do not download attached files unless you know that they are safe. You can never be 100% certain, but you can make a good guess.
Some webmail services scan email attachments for malware and they will not let you download them if they are infected. It is therefore safer to use a service like Outlook.com, Gmail and others that scan for malware.
If you run an email program on your computer, such as Outlook, Thunderbird or something else, your security software may provide protection.
Some types of security software will check for bad email attachments. They scan email messages as they arrive on the computer or when they are clicked, viewed, opened or saved.
Windows Defender does not check incoming email for malware attachments. Many free antivirus programs do not check. Usually email protection is available only in paid security software, typically called an internet security suite.
Check your security software and see if it offers email protection.
Deal with bad email attachments
Emails can have files attached to them and this is most commonly indicated by a paperclip icon next to the email title. You might also see file icons at the top or bottom of the email message. Beware of email attachments because some contain malware and will infect your computer.
Here is an example of malware spread through email messages.
1 A suspicious email
This email is from a well known utility company in the UK that provides gas and electric. It has millions of customers and regularly sends out emails to them.
Attached is a file, which looks like it is an electricity bill. The message looks genuine, but you should always be suspicious of emails with attachments.
The email is being viewed using a web browser on Outlook.com. The site has blocked parts of the message for safety reasons and this shows how using webmail like Outlook.com and Gmail can help to prevent phishing, scams and malware.
2 Don’t unblock bad emails
Outlook.com has already identified this email as bad and has blocked it. Not all email services do this, so let’s see what happens when it is unblocked.
Don’t do this yourself. This is an example of how malware is spread using email.
3 Don’t download the attachment
The content has been unblocked (never do this yourself) to show what happens. Not all email services or software on your PC will block attachments like Outlook.com and Gmail do.
You might find step 2 is skipped and on selecting an email you go straight to step 3 and the download.
4 It’s a virus!
Outlook.com scanned the email attachment and found a virus. It will not download.
In this case Outlook.com blocked the attchment and would not download it. If you are using a different email provider they might not check attachments for viruses and might not prevent them from being downloaded.
Take care with email attachments and avoid them wherever possible. If you want to share files with people you can share them using OneDrive, Google Drive, Dropbox and similar online drives.
This is part of Windows 10 Security course
Go to Courses Home Page
Spot and avoid phishing emails
Phishing is the name given to the tricks that hackers, thieves and others use to get you to reveal your login details such as your username and password to various services.
They want to empty your bank account, buy goods using PayPal with your money, buy music and movies using your iTunes account, buy things on eBay with your money, and so on.
They write emails that sound convincingly like the real emails we get from our bank, PayPal, Apple, tax office, and other places.
There is no problem
The messages often tell you that there is a problem of some sort and that you need to log in to solve it. Don't, it is not true.
They don't know your name
Phishing emails are easy to spot with practise and they often do not know your full name. A real email from your bank or PayPal might start "Dear Robert Smith," but a phishing email might say "Dear customer."
Any email that begins with "Dear customer" is a fake, so delete it.
You don't need to log in
An email that looks like it is really from your bank or other place, might ask you to click a link and log in. Do not click links in emails that encourage you to log in to a site or service.
Close your email program or browser, open a new browser window, type in the bank, PayPal, or other place's address and log in. If there really is a problem, you will see a message. There is no need to click links in emails.
One way to protect yourself from phishing emails is to get a second email address.
Services like Google Mail, Outlook.com, Yahoo! Mail, and many others are free. Get another email account and use it only with your most trusted companies, like your bank and a few other trusted places.
Emails to this address will almost certainly be real and not fake phishing attempts. Emails to your other address will be fake.
It is like having public and private email accounts. Phishing attempts will go to your public email account, but your private one will remain clear.
1 Dear client...
This email immediately arouses suspicion because the sender does not know your name. A variation of this is ‘Dear customer’. A real email would include at least your first name and probably your full name.
Beware of emails from people who don’t know your name.
2 Don’t click it
This email pretends to be a security notice warning you of a problem with your account. There is no name in the email, which arouses suspicion. At the bottom it says “Please log in to your account...” which is also raises warning flags.
Clicking the login button will no doubt take you to a fake website that prompts you to log in with your bank username and password. They will then use these to log in to your bank and empty your account.
Never click a link in an email to log in to your bank or other online service. Open a web browser window, type in the address of the bank or site and go there yourself.
Don’t go there by clicking in an email, even if it looks like a genuine one.
Email Security and Phishing Action Points
- Beware of files attached to emails. They may be malware
- Beware of emails that encourage you to open attachments
- Beware of emails that try to trick you into opening attachments
- Beware of emails that pretend to be from banks, PayPal, customers
- Beware of emails that do not include your name
- Beware of emails that encourage you to log in to a site or service
- Do not save, click or open email attachments unless 100% sure they are safe
- Use webmail services that offer malware protection
- Beware of emails that report a problem with your account somewhere
Go to Windows 10 Security course contents
Go to Courses Home Page