29 Sep How To Protect Yourself Online
Advice – Online Security
Every day, thousands of individuals fall victim to online scams and malicious activities. The dangers online are varied and increasingly difficult to recognize. As these threats become more pervasive and complex, it’s important to educate yourself.
Online security and the activities required to avoid fraud and tricksters are sometimes a matter of common sense, but often the complexities of the technology can make is more difficult to recognize malicious intent. Be suspicious, learn as much as you can, and make good choices.
In addition to the information here, you’ll find a wealth of non-technical and common sense advice online. Some good information is available from the Canadian Federal Government.
How to Spot A Dangerous Email
Emails can be dangerous. Reading the simple text contents of an email should be safe if you have the latest security patches, but email attachments can be harmful. Of course, the text contents may be requesting the receiver to take action, sometimes in very convincing manner. Fraudulent emails can be difficult to detect. Successful fraudsters may use the names of legitimate companies (without authorization) or use similar-sounding names in hopes that the recipient will respond. This process is called “phishing.” Educate yourself and learn more about phishing. Be suspicious of any call-to-action received via email.
Any type of file can be attached to an email, including .exe program files. Many email servers will perform virus scanning and remove potentially dangerous attachments, but you can’t rely on this. Look for the common warning signs so you can avoid viruses, worms, and Trojans.
So-called “spear-phishing campaigns” that go after high-value corporate and government targets have used email attachments to take advantage of previously unknown security vulnerabilities. Email attachments can be dangerous to anyone.
Dangerous File Extensions
The easiest way to identify whether a file is dangerous is by its file extension, which tells you the type of file it is. For example, a file with the .exe file extension is a Windows program and should not be opened. Many email services will block such attachments.
However, .exe isn’t the only type of dangerous file extension. Other potentially dangerous file extensions that can run code include: .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar and more. This is not an exhaustive list — there are many different file extensions in Windows that will run code on your computer when executed.
Microsoft Office documents have been notorious delivery mechanisms for virus and trojan programs. Newer Microsoft Office document formats attempt to provide better security by identifying whether the document contains macros (programs that run when the document is opened) and are therefore more dangerous. If an Office document extension ends with an m, it can — and probably does — contain macros. In theory, .docx, .xlsx, and .pptx should be safer than .docm, .xlsm, and .pptm can contain macros and can be harmful. Older formats, identified as .doc, .xls, .ppt don’t provide any information in the extension to identify the presence of macro content. It’s a good policy to avoid opening any Microsoft Office documents that are received via email unless there are no alternatives. If possible, instruct the sender to send documents in .pdf format, which are generally safer (but not guaranteed safe).
In general, you should only open files with attachments that you know are safe. For example, .jpg and .png are image files and should be safe. .pdf files are likely safe. .docx, .xlsx, and .pptx document files should be treated with suspicion, and opened with caution only if necessary. Never open a .docx, .xlsx or .pptx file that you weren’t expecting to receive. It’s important to have the latest security patches so malicious types of these files can’t infect you via security holes in Adobe Reader or Microsoft Office.
Archives, Especially Encrypted Ones
In an attempt to make it around email filters, someone may email you malicious file attachments in an archive — especially an encrypted one. For example, you may receive an email with a .zip, .rar, or .7z file and its password. You’d need to download the archive file and extract its contents with the password to access them.
The password-protection — or encryption — on the archive prevents email scanners and antivirus programs from examining it, so it’s very possible that the archive could contain malware. Of course, password-protected archives are also an effective way to email sensitive files. You’ll have to use your judgment once again.
If you’ve received a .zip, .rar or any other archive file, or any extension that you don’t recognize, delete it immediately.
Looking at who an email was sent by can help you identify whether an email attachment is malicious or not. Beware: an attachment can be malicious even if you know the sender! If they’ve become infected, a malware program may send you emails from their email address, disguised as emails they’d send.
If you get an email from someone you don’t know with a questionable-looking attachment, it’s probably malware. If you receive a macro-enabled Office document from someone you’re not expecting one from, delete it immediately.
On the other hand, if a trusted individual tells you in person that they’ll email you a macro-enabled Excel spreadsheet and you get an email from her with an .xlsm file moments later, then we can assume that the sender, at least, believes the attachment to be safe.
If you’re not sure whether someone sent you a suspicious-looking email attachment, you may want to give them a phone call or ask them in person. If they didn’t send the attachment, they’ll appreciate the warning that their computer is infected or their email address has been hijacked.
The Email Itself
The email’s contents can also offer clues. If you get an email from someone you know and something seems a bit off, it may be written by malware or a hijacker. Such emails could also be phishing emails without any dangerous attachments — for example, if you get an email from someone you know saying they’re trapped and need you to wire some money with Western Union, this could easily be a phishing scam.
If you get an email from FedEx or UPS and it asks you to download an email attachment and run it, that’s another red flag. Legitimate businesses will never ask you to download and run programs attached to an email.
If you’re using a webmail service like Gmail, Outlook.com, or Yahoo! Mail, your webmail service will automatically scan incoming attachments for malware and inform you if the attachments are dangerous. Of course, if you see a warning that an attachment is malicious, you should not download it! The text of the email may ask you to ignore any problems and assure you that the attachment is actually fine, but this would likely be a trick.
If you download an email attachment and your desktop antivirus program flags it, stop right there. Don’t click through the warning and run it anyway — trust your antivirus program more than the email attachment.
Bear in mind that antivirus programs aren’t perfect. They’ll miss things occasionally, so you can’t only rely on your antivirus. An attachment could be dangerous even if no antivirus flags it.
Have a Healthy Suspicion
When it comes to email attachments, you should exercise extreme caution and assume the worst. Don’t actually download or run an attachment unless you have a good reason to do so. If you’re not expecting an attachment, treat it with a healthy dose of suspicion. If it’s an image attachment, that’s probably okay. PDFs should be okay if you have the latest security patches, too. But if you’re not sure what something is, you shouldn’t run it.
Your webmail client’s preview features can also help. You can preview PDF files, documents, images, and other types of files in your browser without actually downloading them to your computer.
In all things online: Be cautious and security aware at all times. Online scam, extortion, and fraud are a multi-billion dollar industry, involving some of the brightest and most well-funded groups in the world. Be careful!