Best
Practices/Email Security
- Never
reply to unsolicited email messages
- Never
give your private email address to sites you do not trust
- Avoid
putting sensitive data in dubious websites
- Never
respond to emails requesting your bank details
- Cautious
when opening email attachments
- Strong passwords
- Some
general guidelines on using passwords
- Using Digital Signatures
- Check
before downloading programmes
- Email spoofing
Never
reply to unsolicited email messages
Spam emails may contain a virus or some
kind of exploit that could potentially damage your system.
Its best to delete spam straight away and not respond.
Spammers share a list of email address that some of them are
dead. Since it does
not cost anything for a spammer to send messages to eved dead
addresses, it is always to their advantage to know that an
email address is useds. Most spammers make money by selling
their mailing lists and they can make lots of profits if their
lists have a lot
of used addresses.
For them to distinguish between a dead address and a live
one, they send those email messages and prompt the receiver
to respond to it.
10 most popular email scams:
1. The
'Nigerian' email scam
2. Phishing
3. Work-at-home
scams
4. Weight
loss claims
5. Foreign
lotteries
6. Cure-all products
Emails claiming that their product is a 'miracle cure' or
a 'scientific breakthrough' for all ailments and diseases.
Make sure you consult a healthcare professional before buying
any of those products.
7. Check
overpayment scams
8. Pay-in-advance credit offers
You receive news that you have been 'selected' to get a low
interest loan, even though banks have turned you down. But
to take advantage of this offer you have to pay them a processing
fee of several hundred dollars immediately. Legitimate lenders
never guarantee a loan before you even apply.
9. Debt relief
Email promising a way you can consolidate your bills into
one monthly payment without borrowing or promising to wipe
out all your debts. These offers usually drive you to bankruptcy.
10. Investment schemes
Investment scams promising high rates of return.
Never
give your private email address to sites you do not trust
Its wiser practice not to sign up to any sites that you are
not sure of their content.
An alternative option could be keeping a secondary email address
for commercial use.
Avoid
putting sensitive data in dubious websites
Before submitting your bank details you should check that
the website is on a secure server starting with https which
means that your details will travel through the internet encrypted.
Never
respond to emails requesting your bank details
Banks generally personalise their emails when they want to
communicate with their clients. They never ask for their clients'
password or account details by email.
Cautious
when opening email attachments
Some unsolicited emails use plausible scenarios like
winning in a contest or details of
a product you might be interested in, trying to intrigue you
into opening the attachment. Malicious attachments may contain
viruses or worms that could damage your system.
Try to avoid opening email attachments from addresses you
do not recognize.
Strong passwords
Your password is like a key to your home door. You can use
complicated passwords like having a combination of capital
letters with small, digits, symbols, or a word with
no meaning. Lengths can vary too. The important thing is that
you are able to remember your password without having to write
it down anywhere. Furthermore, it is important
to change your password regularly, especially when it gives
you access to important accounts. Read
more
There have been some new technologies on password
management that use picture selection as a sign on process.
Passface is one of them. The user needs to
download some pictures of faces known or unknown and each
time he/she logs in, needs to identify the face that he/she
has selected out of a range of others. This method eliminates
the chances of automated sign in and key loggers. You do not
need to remember any passwords just identify faces. Read
more
Some
general guidelines on using passwords:
- Never share your password with anyone. Keep it personal
- Never give out your password if prompted by your browser
or other programs
- Change it often
- Never send your password in email even if the request
looks official.
Most probably it's a phishing attempt
Using Digital
Signatures
Digital Signatures
are a way of providing sender authenticity (authenticate the
source of the message) and message integrity (gives confidence
that the message has not been altered during transmission).
We need digital signatures because it is easy for attackers
to 'spoof' email addresses, making it hard to identify legitimate
messages which is very important for business correspondence.
A signed message also indicates that no changes have been
made to the content since it was sent.
Some useful terms to help you understand how digital signatures
work:
Public key
Key pairs are used to create digital signatures. The public
key is the part of the key that is available to other people.
People use it to check the validity of your signature.
Private key
The private key is kept secret and it is protected by a password.
It is the other part of the key that you should never give
to others. It is used to sign your email messages.
Fingerprint
The fingerprint is a series of letters and numbers that appears
at the bottom of a signed email message.
Key Ring
A Key ring contatins public keys of the people you have sent
you their keys. A public key server contains keys of people
who have chosen to upload their keys online.
Digital Certificate
When selecting a key from a key ring, you can see its key
certificate which contains information about the key, the
key owner, the date the key was created and the day it expires.
Web of Trust
When someone signs your key, they are confirming it belongs
to you. The more signatures a key collects the stronger it
becomes.
The whole process:
1. You create a key using PGP or GNuPG software
2. You upload your key to a key server so that when someone
has received a signed message from you, they can verify it.
3. You send your public key to the people you want to correspond
with
4. You sing your email messages with your private key
You may have received emails that have a block of letters
and numbers at the bottom of the message. Although it may
look like useless text or some kind of error, this information
is actually a digital signature. To generate a signature,
a mathematical algorithm is used to combine the information
in a key with the information in the message. The result is
a random-looking string of letters and numbers.
Check
before downloading programmes
A lot of programs have holes which means that they are vulnerable
to attacks, that may compromise your system or put it at risk.
Email spoofing
Email spoofing is a qute common attempt to trick
users into giving away sensitive information, especially passwords.
Spoofed emails messages usually claim to be coming from system
administrators that request users to change their system passwords
or see their password file to check whether it is secure enough.
If users do not comply they threaten them that they are going
to cancel their accounts and that they pose a huge security
list to the company.
Legitimate emails coming from administrators, never ask to
see the password file
or propose a few 'secure' passwords that you could use through
email. If anything like that happens, you need to make sure
you inform the system administrators in your company or any
system support team immediately.
Read
more
|
