ServicesReport IncidentsBest PracticesResources
Site sarch:
Report your Incident Report your Incident
Contact us Contact us
Latest news:
  Email spoofing
  Digital Signatures graphically explained
  Hotmail Passwords leaked online
  POPFile-Automatic Email Classification

Best Practices/Email Security

  1. Never reply to unsolicited email messages
  2. Never give your private email address to sites you do not trust
  3. Avoid putting sensitive data in dubious websites
  4. Never respond to emails requesting your bank details
  5. Cautious when opening email attachments
  6. Strong passwords
  7. Some general guidelines on using passwords
  8. Using Digital Signatures
  9. Check before downloading programmes
  10. Email spoofing

Never reply to unsolicited email messages
Spam emails may contain a virus or some kind of exploit that could potentially damage your system. Its best to delete spam straight away and not respond.
Spammers share a list of email address that some of them are dead. Since it does
not cost anything for a spammer to send messages to eved dead addresses, it is always to their advantage to know that an email address is useds. Most spammers make money by selling their mailing lists and they can make lots of profits if their lists have a lot
of used addresses.
For them to distinguish between a dead address and a live one, they send those email messages and prompt the receiver to respond to it.
10 most popular email scams:
1. The 'Nigerian' email scam
2. Phishing
3. Work-at-home scams
4. Weight loss claims
5. Foreign lotteries
6. Cure-all products
Emails claiming that their product is a 'miracle cure' or a 'scientific breakthrough' for all ailments and diseases. Make sure you consult a healthcare professional before buying any of those products.
7. Check overpayment scams
8. Pay-in-advance credit offers
You receive news that you have been 'selected' to get a low interest loan, even though banks have turned you down. But to take advantage of this offer you have to pay them a processing fee of several hundred dollars immediately. Legitimate lenders never guarantee a loan before you even apply.
9. Debt relief
Email promising a way you can consolidate your bills into one monthly payment without borrowing or promising to wipe out all your debts. These offers usually drive you to bankruptcy.
10. Investment schemes
Investment scams promising high rates of return.

Never give your private email address to sites you do not trust
Its wiser practice not to sign up to any sites that you are not sure of their content.
An alternative option could be keeping a secondary email address for commercial use.

Avoid putting sensitive data in dubious websites
Before submitting your bank details you should check that the website is on a secure server starting with https which means that your details will travel through the internet encrypted.

Never respond to emails requesting your bank details
Banks generally personalise their emails when they want to communicate with their clients. They never ask for their clients' password or account details by email.

Cautious when opening email attachments
Some unsolicited emails use plausible scenarios like winning in a contest or details of
a product you might be interested in, trying to intrigue you into opening the attachment. Malicious attachments may contain viruses or worms that could damage your system.
Try to avoid opening email attachments from addresses you do not recognize.

Strong passwords
Your password is like a key to your home door. You can use complicated passwords like having a combination of capital letters with small, digits, symbols, or a word with
no meaning. Lengths can vary too. The important thing is that you are able to remember your password without having to write it down anywhere. Furthermore, it is important
to change your password regularly, especially when it gives you access to important accounts. Read more
There have been some new technologies on password management that use picture selection as a sign on process. Passface is one of them. The user needs to download some pictures of faces known or unknown and each time he/she logs in, needs to identify the face that he/she has selected out of a range of others. This method eliminates the chances of automated sign in and key loggers. You do not need to remember any passwords just identify faces. Read more

Some general guidelines on using passwords:

  • Never share your password with anyone. Keep it personal
  • Never give out your password if prompted by your browser or other programs
  • Change it often
  • Never send your password in email even if the request looks official.
    Most probably it's a phishing attempt

Using Digital Signatures
Digital Signatures are a way of providing sender authenticity (authenticate the source of the message) and message integrity (gives confidence that the message has not been altered during transmission).
We need digital signatures because it is easy for attackers to 'spoof' email addresses, making it hard to identify legitimate messages which is very important for business correspondence. A signed message also indicates that no changes have been made to the content since it was sent.
Some useful terms to help you understand how digital signatures work:

  • Public key
    Key pairs are used to create digital signatures. The public key is the part of the key that is available to other people. People use it to check the validity of your signature.
  • Private key
    The private key is kept secret and it is protected by a password. It is the other part of the key that you should never give to others. It is used to sign your email messages.
  • Fingerprint
    The fingerprint is a series of letters and numbers that appears at the bottom of a signed email message.
  • Key Ring
    A Key ring contatins public keys of the people you have sent you their keys. A public key server contains keys of people who have chosen to upload their keys online.
  • Digital Certificate
    When selecting a key from a key ring, you can see its key certificate which contains information about the key, the key owner, the date the key was created and the day it expires.
  • Web of Trust
    When someone signs your key, they are confirming it belongs to you. The more signatures a key collects the stronger it becomes.
  • The whole process:
    1. You create a key using PGP or GNuPG software
    2. You upload your key to a key server so that when someone has received a signed message from you, they can verify it.
    3. You send your public key to the people you want to correspond with
    4. You sing your email messages with your private key

    You may have received emails that have a block of letters and numbers at the bottom of the message. Although it may look like useless text or some kind of error, this information is actually a digital signature. To generate a signature, a mathematical algorithm is used to combine the information in a key with the information in the message. The result is a random-looking string of letters and numbers.

    Check before downloading programmes
    A lot of programs have holes which means that they are vulnerable to attacks, that may compromise your system or put it at risk.

    Email spoofing
    Email spoofing is a qute common attempt to trick users into giving away sensitive information, especially passwords. Spoofed emails messages usually claim to be coming from system administrators that request users to change their system passwords or see their password file to check whether it is secure enough. If users do not comply they threaten them that they are going to cancel their accounts and that they pose a huge security list to the company.
    Legitimate emails coming from administrators, never ask to see the password file
    or propose a few 'secure' passwords that you could use through email. If anything like that happens, you need to make sure you inform the system administrators in your company or any system support team immediately.
    Read more


    FORTH Logo