Email Security: Email Hacking

Hackers are trying to steal your money

What's the big deal about email security?

A few reasons… if someone gets access to your account, they are probably not there to send out unsavory pictures to your contact list. They are probably there because they want to take all of your money. Wow! How does that happen from my email account?

Once they're in, two things will probably happen:

  1. They’ll sign you up for a million spam email lists. They want you to be getting so much spam that you just throw your hands up and give up on checking your mail.
  2. Once you are getting thousands of spam emails, the hacker will go to every online bank, credit card, and company that they can think of and requesting a password reset with YOUR email address. They are watching carefully. You are overwhelmed by spam. As soon as that password reset email comes in, they’ll take over that account, and delete the email so you never see what has happened. By the time you find out about it, the money is gone, the credit card has hit its limit and they are vanished.

So, you’ve heard this before, but it is worth saying again.
DON’T use the same password for your email that you use anywhere else.
Period.

Attachments

What about attachments? Are they safe?

Attachments are “safe-ish”. IF you have antivirus running on your computer, and it is up to date, and IF your operating system is relatively new and also up to date (No windows 98 or XP), then your computer will warn you before you do something truly bad with an attachment.

  • If it is a Word document or Excel file, make sure that you have word macros turned off in those programs before opening the file.
  • If you don’t recognize the file extension it’s probably best not to touch it, but otherwise you are “reasonably” safe in downloading an attachment and then scanning it with your virus program. Of course “safe-ish” is not “safe” … bad things can still get through, but for the most part if you follow these two precautions, you’ll be fine.
Click Here... it's Safe?

LINKS . . . They are NOT safe.

UNLESS you yourself just requested a password reset on an account, PLEASE don’t click on links from your email. You CAN copy the link into your browser if you recognize it (although this is not 100% safe), but don’t just click on the link directly from your email.

Why not?

  1. Even in regular links, the destination is not necessarily the same as the what you see underlined in the email. These two parts of a link are not related at all and can adjusted by the sender easily. Just because it SAYS that it is going to www.mybank.com doesn’t mean that it is.
  2. OK, then.. I can just copy that link and paste it in my browser.. surely then I’ll know that it is going to my bank, right? Not so fast. Just because the link looks like http://mybank.com doesn’t mean that it is…. Character encoding comes between the computer language and what is rendered on the screen that you see. And just because something looks like the letter you expect, doesn’t mean that it is. There are special characters that your computer “chooses” how to render in standard text. Sometimes your computer getting a character from a language set will spit out a little box or question mark, showing you that “hey, here was something I didn’t know how to render”. Other times - and this is where the danger comes in, it will render a character that you do recognize. And when you copy/paste it, it will copy and paste the original character. Clever criminals can use this to create a fake website that looks and acts exactly like your bank site down to the url. The only way to consistently avoid this particular fraud is to ALWAYS manually type the address into your browser. Here’s a great article that explains this in more detail: https://www.theguardian.com/technology/2017/apr/19/phishing-url-trick-hackers

Well what CAN I do?

The only way to be 100% certain that you are going to the site that you expect (Well 90% certain.. there are other ways that you can be fooled), is by manually typing the address into your browser bar. You can also search for the site in Google or whichever search engine you use and can expect that most of the time the legitimate site will pop up first.