Thursday, August 06, 2015

How Email Threatens the Security of your Devices and How to Protect Yourself

Email is a staple of our lives yet at times it threats the security of our devices.  Using caution when opening email is important to protect devices from unwanted malware, spyware, and viruses.  Unfortunately email can be malicious even when we know the sender if their email account has been compromised.

Examples of how emails provide threats to the security of devices are:
  • Using images infested with malware or spyware - adding images to emails is helpful for many reasons but can also be used for harmful reasons.  Since people learn differently adding images to present a statistic rather than just sentences is a better way to cater to any audience.  In some cases images tell a story in a way words never could.  Unfortunately, images can also carry malware or spyware or simply link to malicious sites.
  • Through attached files infested with malware or spyware - file extensions of attached files are often masked to appear to be documents when they are really executable files.  If opened or clicked, these files can cause real damage.
  • By misrepresented links - these are links that appear to go to a specific website but actually go somewhere else.  Due to the way hyperlinks are created, the name of the link can be set to anything while the code behind the link may be pointed to somewhere completely different.  A hyperlink is coded like this:
    • <a href="http://www.eyonic.com/about/renewable-energy">Apple</a>
    • In an email or on a website the user would see the word "Apple" for the hyperlink, but in this example, the link is set to go to our website.
  • From misrepresented senders - emails from known individuals seem safe but at times the sender name set up has nothing to do with the actual email account.  Spoofing email accounts increases the likelihood people will open infected emails.
  • From hacked email accounts - getting an email from friends or coworkers seems and usually is safe to open.  However, if their email account was compromised, emails from them are likely full of malware, spyware or virus.  When this happens, the program usually propagates by sending out to everyone in your address book, then everyone from those people's address books and continues on.
Ways to Protect the Security of your Devices


When Using Webmail (Google, Yahoo, AT&T, Comcast, Hotmail, etc)
When accessing email via webmail, or Internet mail, there are a few ways to prevent bad emails from infecting devices.  First, if unsure of an email, hover over the sender name before opening it which provided a pop up showing who the email was really sent from.




Second, hover over links inside the email to see if they point to where they say they are going.  In other words, if you get an email from your bank and there is a link labeled "Login to your account", hovering over the text should show a https: link to the bank's website, not some random xyz domain you have never seen.

When Using Email Apps on Smartphone and Touch Devices
Accessing email using a smartphone and other touch devices means there is no way to hover over senders and links the way you can on a desktop.  If you touch the link it will open or execute and hovering above the screen is not detected.  On touch devices, touch and hold the link for a few seconds.  This activates the hover effect and a pop up will appear showing the link.  Once the pop up appears it is safe to release the link.  Check the link destination then select the desired option for the link.



Within Email Applications (Outlook, Thunderbird, GroupWise, Mail)
Each email application allows users to set different levels of security in different ways.  Beyond setting the SPAM level for catching bad email, the best way to protect a device is to set the Inbox layout not to preview emails.  Email previews can download images or allow files to execute in the background.  To turn off the email preview setting:

  • In Outlook, go to the View tab, click Message Preview and select Off.
  • In Thunderbird, go to View, Layout, and uncheck the box next to Message Pane.





However many emails you receive each day, there is a high probability some of them present risks to the devices you use.  Reducing the risk can make all the difference between a fully functioning and secure device, and one tracking every keystroke, sending unauthorized emails to your contacts or one that does not work at all.

As always, protect yourself and keep your data and identity secure!

No comments:

Post a Comment