B. How to Read Email Safely(Beta)
<<-- Email-Security Start Page
This is the track for ordinary (POP) email -- not webmail -- email that you read in an email client, which is just the technical name for an email program. Safeguards for webmail are covered in a separate track.
1. Set up your email client for the security level you want:
Cyber-bandits heavily target email because it's an easy way to get into computers. Email clients are vulnerable to evil-email unless they're set up properly and patched (updated) promptly when new ones are found.
Thunderbird has the tools you need to set it up to be immune to the hazards of HTML email. That doesn't make you immune to your own stupidity though, for example, opening malicious attachments. ;-)
Outlook Express is now considerably safer (if you have installed Internet Explorer 7) if you set it up right. You can also improve it's basic security. Windows Live Mail replaces Outlook Express, and I suggest that you upgrade. [learn more about settings for either]
You need safeguards that go beyond the ordinary if you want the best email security. Running with reduced rights is the most important one. It takes more work, and your program will be less convenient to use, but you will be very secure.
2. Screen your messages carefully before you open them:
The whole point of screening messages is to delete the evil ones before you open one that does you or your computer in. Don't leave them around to tempt you. ;-)
Look for messages that don't look quite right -- you don't know the sender, the subject or attachment seems strange, it's urgent or alarming, its too good to be true, the subject doesn't jibe with the sender -- just delete the message.
Examine messages and attachments as a whole when deciding if one or both are malicious. The nature of the attachment -- its size, name or extension -- combined with details of the message will give most bogus email away.
If you are suspicious about a message but decide not to delete it immediately, you can check it further. Preview it using some passive method before you open it. You may be able to read enough to dispense with it then and there.
You can safely preview messages by saving them as a text file and opening them with Notepad. Or you can do it directly in Outlook Express: [Right click the suspicious message > Select "Properties" from the context menu > select the "Details" tab in the properties window > finally click the "Message Source" button > maximize the "Message Source" window so you can examine the message fully.
Learn more about evil email messages.
3. Never click links in suspicious messages:
It's very easy to "spoof" links in email messages so that they look like they're legitimate, but actually take you to a counterfeit or hostile Web site. Particularly messages that purport to come from a financially related sender. They could have a fish hook in them.
4. Handle attachments safely:
Never, ever open an email attachment that you have any doubts about -- even if it's addressed directly to you and comes from someone you know. Always check with the sender directly -- most worms appear to come from someone you know these days -- make sure they intended to send the attachment. (Just send them an email and ask. Even then be cautious with attachments.) If you're satisfied with how they got the file, it's probably OK, but you still need to handle it appropriately.