Email Frauds: some things to help protect yourself
Background
Email fraud has been with us for many years and much has been done to combat it.
In a recent conversation with my email provider (after one of my email addresses had been compromised) I was told that over 80% of the emails received by their servers are deleted automatically as fraudulent by their security systems and never get sent on to the intended recipient.
These systems grade each email against a set of ‘rules’ and take action depending on how many and how serious the rules that are broken are, varying from deletion for the worst, to being sent on with a ‘SPAM’ tag for those with minor or possible digression, to straight forwarding for those that are probably ok. This is why some emails arrive with a spam warning in the title. They may also be put into your Spam folder (so check for new content) rather than your Inbox. This action is automatic and neither the sender nor receiver has any control over it.
There are two main types of email fraud, those that attempt to put malicious software on your system (often called ‘Trojans’) and those that try to get you go to their rogue website by clicking on a link to obtain security information such as passwords and financial details (called ‘Phishing).
How can I help protect myself?
Fundamentals
- Make sure your operating software is up to date (includes security patches)
- Make sure your security software is active (eg Windows Defender)
- Add third party security software (eg Malwarebytes) if you want extra security
Practical
Your best defence is the computer between your ears, especially intuition. If something looks a bit unusual, unexpected or weird treat it with caution, even if the mail appears to come from someone you know and trust. Most email addresses are on a rogues’ database somewhere waiting to be used maliciously.
If you are using a central email service (eg Gmail, Hotmail) by logging on through your browser you can safely open the message as it will only be on your screen, not stored on your device.
If you feel competent you can look at the source document ‘in the raw’ including its origin without opening it by using the ‘View message source’, ‘View raw message’ or similar from the menu bar. This will show the originating email address as the lowest of the mail nodes the email has passed through.
If it is not what you expect DELETE the email immediately.
DO NOT just click on a link in the email, especially if it may lead to anything financial like a purchase. Banks and finance companies do not normally provide links, they ask you to log on to their website. If you are not certain about the link type it into your web browser, DO NOT copy and paste. A link that looks innocuous on a screen may contain non-visible elements which will direct you to a rogue web site.