How to handle suspicious e-mail

There are good reasons to be suspicious of e-mail.

Some e-mail messages might be phishing scams, some might carry viruses. Images in spam e-mail might turn out to be pornographic, or to include Web beacons, which can be adapted to secretly send a message back to the sender.

Follow these guidelines to help protect yourself when suspicious mail shows up in your Inbox.

  1. If you receive a phishing e-mail message, do not respond to it. Don’t open junk mail at all

    • If an e-mail looks suspicious, don’t risk your personal information by responding to it.
    • Delete junk e-mail messages without opening them. Sometimes even opening spam can alert spammers or put an unprotected computer at risk.
    • Don’t reply to e-mail unless you’re certain that the message comes from a legitimate source. This includes not responding to messages that offer an option to “Remove me from your list.”
    • Do not “unsubscribe” unless the mail is from a known or trusted sender.
    • Use the junk mail tools in your e-mail program. For example, Windows Live Hotmail gives you the option to unsubscribe from mail that you previously had trusted or requested. This sends a notice back to the sender to have you removed from their list, while at the same time automatically adding the sender to your block list.
  2. Approach links in e-mail messages with caution

    Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL.

    Most e-mail programs show you the real target address of a link when you hover the mouse over the link.

    Before you click a link, make sure to read the target address. If the e-mail message appears to come from your bank, but the target address is just a meaningless series of numbers, do not click the link.

    Make sure that the spelling of words in the link matches what you expect. Fraudsters often use URLs with typos in them that are easy to overlook, such as “micosoft.”

  3. Approach images in e-mail with caution

    Just as a lighthouse beacon beams a message with light, pictures in e-mail messages—also called “Web beacons”—can be adapted to secretly send a message back to the sender.

    Spammers rely on information returned by these images to locate active e-mail addresses. Images can also contain harmful code and can be used to deliver a spammer’s message in spite of filters.

    The best defense against Web beacons is to prevent pictures from downloading until you’ve had a chance to review the message.

    Both Windows Live Hotmail and Microsoft Outlook 2007 are preset to do this automatically for e-mail from addresses not in your address book.

  4. Approach attachments in e-mail messages with caution

    Attachments might be viruses or spyware that download to your machine when you open the attachment file. If you don’t know who the attachment is from or if you weren’t expecting it, don’t open it.

  5. Don’t trust the sender information in an e-mail message

    Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message.

    Fraudsters can easily spoof the identity information in an e-mail message.

  6. Don’t trust offers that seem too good to be true

    If a deal or offer in an e-mail message looks too good to be true, it probably is. Exercise your common sense when you read and respond to e-mail messages.

  7. Report suspicious e-mail

    If you receive a suspicious e-mail that looks like it came from a company that you know and trust, report the e-mail to the faked or “spoofed” organization.

    Contact the organization directly-not through the e-mail you received-and ask for confirmation. Or call the organization’s toll-free number and speak to a customer service representative. Report the e-mail to the proper authorities, including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group.

  8. Don’t enter personal or financial information into pop-up windows

    One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it might be displayed over a window you trust. Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner (a “Cancel” button may not work as you’d expect).

  9. Don’t forward chain e-mail messages

    Not only do you lose control over who sees your e-mail address, but you also may be furthering a hoax or aiding in the delivery of a virus.

    Plus, there are reports that spammers start chain letters expressly to gather e-mail addresses. If you don’t know whether a message is a hoax or not, a site like Snopes can help you separate fact from fiction.

  10. Update your computer software

    Always keep your computer softwares up-to-date, learn more here: Check For Update

Spam Checklist

Checklist: Protecting your business, your employees and your customers

Do

  • Unsubscribe from legitimate mailings that you no longer want to receive. When signing up to receive mail, verify what additional items you are opting into at the same time. De-select items you do not want to receive.
  • Be selective about the Web sites where you register your email address.
  • Avoid publishing your email address on the Internet. Consider alternate options – for ex-ample, use a separate address when signing up for mailing lists, get multiple addresses for multiple purposes, or look into disposable address services.
  • Using directions provided by your mail administrators report missed spam if you have an option to do so.
  • Delete all spam.
  • Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed websites. We suggest typing web addresses directly in to the browser rather than relying upon links within your messages.
  • Always be sure that your operating system is up-to-date with the latest updates, and em-ploy a comprehensive security suite.
  • Consider a reputable antispam solution to handle filtering across your entire organization such as Symantec Brightmail messaging security family of solutions.
  • Keep up to date on recent spam trends by visiting the Symantec State of Spam site which is located here.

Do Not

  • Open unknown email attachments. These attachments could infect your computer.
  • Reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam.
  • Fill out forms in messages that ask for personal or financial information or passwords. A reputable company is unlikely to ask for your personal details via email. When in doubt, contact the company in question via an independent, trusted mechanism, such as a veri-fied telephone number, or a known Internet address that you type into a new browser window (do not click or cut and paste from a link in the message).
  • Buy products or services from spam messages.
  • Open spam messages.
  • Forward any virus warnings that you receive through email. These are often hoaxes.

What Is Spam?

Spam is any kind of unwanted online communication.

The most common form of spam is unwanted e-mail. You can also get text message spam, instant message spam (sometimes known as spim), and social networking spam.

Some spam is annoying but harmless. However, some spam is part of an identity theft scam or another kind of fraud. Identity theft spam is often called a phishing scam.

To protect yourself against e-mail spam, use e-mail software with built-in spam filtering. For a general guideline on protecting yourself from e-mail spams, please refer to the “Checklist: Protecting your business, your employees and your customers”.