SAFE Washington‎ > ‎Alerts!‎ > ‎

Email Security- An Awareness Message from SAFE Washington

posted Apr 29, 2011, 10:09 AM by Andrew Chadick   [ updated Apr 29, 2011, 10:27 AM ]

Email is a great communication tool, and using it within limits is one of the most effective ways to send and receive information.  But never trust it 100%.

Spammers, Malware writers, Virus Writers, and Thieves in general have become really adept at utilizing email to scam even the most computer savvy business professionals in to giving up an email address, account number and password.

What we want to relay to you is this.  Do not EVER follow a link from an email sent to you. Not even from best Friends.

Read the information presented in the email. Look at the link and where it supposedly goes, and copy it down if you wish, but do not click on it.  Be observant, look at the URL, does the domain shown match the domain of the company it represents?

If you want to find out more from what the email is presenting, then, open a New, fresh web page from your favorite browser, and then in the address bar, Type in the URL of the site you want to visit. Either the exact URL you want, or browse and search for the page you are interested in viewing using the tools on that site. 

Don't Ever look at attachments from people you don't know. Don't trust your anti-virus to save you from this mistake. 

Your anti-virus is only good for viruses that are "known".  Consider this; Even if your AV is fully up to date; The viruses and malware that get the average online user are the ones that are freshly coded / are new enough that they haven't been documented.  If it's not documented, and you have opened it, then there is no telling what damage has, or could happen. 

It doesn't matter what Operating System you are using.  Everyone can be affected by this.

Spam Filters and edge filtration services are generally really good.  You probably get reports from your filters daily of thousands of email that has been rejected and/or quarantined due to virus/possible virus, or malware infection. 

Even then, some of the craftier stuff still gets through. Some Firewalls/UTM's catch some email that that the edge has missed.  Generally this type of dual layer approach stops 99.9% of malware/virus infection that Can get through the filters. 

However; even with overt attacks like malware and viruses handled by layered AV approaches like that mentioned above, the filters cannot stop an email going through that has been newly written to evade detection, and that has been crafted with custom graphics, and that leads you or your users to believe that a bank needs updated information.  If the user follows the links in those type of email, and the filters show that no new malware is being forced back through the connection, then then those users are freely able to enter in an account number, username, and password in to a thief's server. 

Is it really this bad?  YES. 

You may not know this yet, so we will state it here;

DO NOT EVER use the same password for all your online activities.  If an attacker compromises one of your accounts, something beyond your control, like attacking the server that houses such data, and they get your email address and password, then they will likely start visiting known banks, email services, online retailers, and other secure sites, and try using your username/email and password, with the knowledge that it is likely they will get in; because people like to keep things simple.