|
|
SLAC Computer Security | ||
| SLAC Home | Computing Home | Computing Outages | Help | |||
Cyber Security Awareness Month
These tips are part of a month long effort to distribute useful computer security information to the SLAC community.
- Day 25 - Email and Instant Messaging
We have a mix of info today. As usual the information from Internet Storm Center is in italics:
Today's issue revolves around the various thin communication mechanisms of e-mail, instant messaging, and IRC. With spam taking up about 90% of all e-mail going across the Internet, what can be done to make it a reliable mechanism? Instant messaging is increasingly being used to exploit end users and with phishing striving to look more "legitimate", instant messaging provides a crucial attack vector. IRC is not just for botnets, how can those who use it do so safely?
Instant Messaging Safety Websites:
For anyone who uses email:
- wiredsafety.org Be sure to drill down into the more specific tips listed on this page. You'll learn about chain letters, how to identify a hoax/phishing/scam email, spam, spoofing, and viruses.
- microsoft.com (viruses in email)
- microsoft.com (browsing and email)
- Use Plain Text for receiving and sending emails.
- Use a Spam filter. It's not perfect, but it's an improvement.
- Black list those sites where users "sign-up" for spam. You know the free offer sites. We should also consider boycotting the companies which use those sites for advertising.
- Maintain a "Junk" Email account. Whenever you have to give out your email address online to a site that you don't trust, use a junk address.
Mailinator is a site which will give you a temporary email address just for this purpose.
- Don't open unexpected attachments. If you weren't expecting an email, even if you know the person, send an email to them asking if they meant to send you a file and with the particular subject line that was included.
- Don't click on links in email. Pull up a new browser, manually type the website address in from memory. You just avoided ebay and paypal fraud without breaking a sweat.
- Use the BCC (blind carbon copy) field when emailing to groups. One way spammers get email addresses is by infecting people's PCs and collecting all the email addresses they find on the box. Well, less email addresses showing up, less people who get spam.
- If you don't have anti-virus software on your box, you don't get my email address.
- You don't get my email address if you aren't family and I can't figure out how you are making a profit.
- Never forward anything that 'MUST BE FORWARDED' to everyone, ever. And if you do (see the first rule), clear off all the extra from addresses, clean up the subject, and send it on using BCC. SLAC Computer Security has an investigating hoaxes page telling how to check validity of emails like this.
- If you read your email with a browser and are curious about a dubious e-mail you can always look at it with "View -> message source." That way your browser will not be tempted to execute anything.
Owner: SLAC Computer Security |
