Basic Computer Security/Web Security/Email Security
From Wikibooks, open books for an open world
During the everyday usage of your email client, it is possible to encounter certain unwanted programs and scripts in some email messages that may be malicious or otherwise harmful for you or your computer.
- Be careful when opening messages from unknown sources. In best practice, do not open attachments from unknown sources either.
- When directed by an email to "log in" or "change your password" for an online service that you trust, ensure that the link to do so (if there is one in the email) actually points to the online service. There have been many cases in the past in which users have been told to "change your password", but upon clicking the link to do so, the user would be led to a fake website that resembled the original, resulting in the unknown sender gaining access to the user's credentials of the online service.
- Be especially careful of messages asking you to perform a financial transaction, especially if you have never received an email from this sender or if the financial transaction is from a service you never signed up for (if this is the case, you may be a victim of identity theft, which is outside of the bounds of this book). An example of this is the "Nigerian scam".
- Be careful of messages that have no subject, or have a generic subject, such as "hi", or "hello", even if they are coming from a trusted source. Certain viruses and infections have been known to hijack a user's email account and attempt to spread itself by sending a message to every user in the address book.
- Be careful of messages that contain no text in them, or sometimes only contain a link, as these have been known to lead to malicious sites or other content.
- If possible, disconnect the computer from the Internet immediately. This will prevent the infection from spreading to others, and in some cases, will prevent the infection from downloading more malicious software to your computer. Also, in other cases, this will prevent the infection from communicating login credentials and other personal information back to the creator.
- Run a virus scan. Most scanners, such as Malwarebytes' or Spybot Search & Destroy, should be able to pick something up.
- Once you are sure that the threat has been removed, it is safe to connect the computer to the Internet again.