Cyber Security Primer VI

 

EMAIL AND COMMUNICATION - I

 

Understanding Your Computer: Email Clients

How do email clients work?

Every email address has two basic parts: the user name and the domain name. When you are sending email to someone else, your domain's server has to communicate with your recipient's domain server.

For example, let's assume that your email address is johndoe@example.com, and the person you are contacting is at janesmith@anotherexample.org. In very basic terms, after you hit send, the server hosting your domain (example.com) looks at the email address and then contacts the server hosting the recipient's domain (anotherexample.org) to let it know that it has a message for someone at that domain. Once the connection has been established, the server hosting the recipient's domain (anotherexample.org) then looks at the user name of the email address and routes the message to that account.

How many email clients are there?

There are many different email clients and services, each with its own interface. Some are web-based, some are stand-alone graphics-based, and some are text-based. The following are some well-known email programs:

Web-based

·         Hotmail

·         Yahoo! Mail

·         Gmail

Stand-alone graphics-based

·         Outlook and Outlook Express

·         Thunderbird

·         Pegasus

Text-based

·         Pine

How do you choose an email client?

There is usually an email client included with the installation of your operating system, but many other alternatives are available. Be wary of "home-brewed" software, because it may not be as secure or reliable as software that is tested and actively maintained. Some of the factors to consider when deciding which email client best suits your needs include

     security - Do you feel that your email program offers you the level of security you want for sending, receiving, and reading email messages? How does it handle attachments? If you are dealing with sensitive information, do you have the option of sending and receiving signed and/or encrypted messages?

     privacy - If you are using a web-based service, have you read its privacy policy? Do you know what information is being collected and who has access to it? Are there options for filtering spam?

•  functionality - Does the software send, receive, and interpret email messages appropriately?

     reliability - For web-based services, is the server reliable, or is your email frequently unavailable due to maintenance, security problems, a high volume of users, or other reasons?

     availability - Do you need to be able to access your account from any computer?

     ease of use - Are the menus and options easy to understand and use?

     visual appeal - Do you find the interface appealing?

Each email client may have a different way of organizing drafted, sent, saved, and deleted mail. Familiarize yourself with the software so that you can find and store messages easily, and so that you don't unintentionally lose messages. Once you have chosen the software you want to use for your email, protect yourself and your contacts by following good security practices.

Can you have use more than one email client?

You can have more than one email client, although you may have issues with compatibility. Some email accounts, such as those issued through your internet service provider (ISP) or place of employment, are only accessible from a computer that has appropriate privileges and settings for you to access that account. You can use any stand-alone email client to read those messages, but if you have more than one client installed on your machine, you should choose one as your default. When you click an email link in a browser or email message, your computer will open that default email client that you chose.

Most vendors give you the option to download their email software directly from their web sites. Make sure to verify the authenticity of the site before downloading any files, and follow other good security practices, like using a firewall and keeping anti-virus software up to date, to further minimize risk.

You can also maintain free email accounts through browser-based email clients (e.g., Yahoo!, Hotmail, Gmail) that you can access from any computer. Because these accounts are maintained directly on the vendors' servers, they don't interfere with other email accounts.

Using Caution with Email Attachments

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

     Email is easily circulated - Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email—they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.

     Email programs try to address all users' needs - Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.

     Email programs offer many "user-friendly" features - Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

What steps can you take to protect yourself and others in your address book?

     Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.

     Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

     Trust your instincts - If an email or email attachment seems suspicious, don't open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it's legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don't let your curiosity put your computer at risk.

     Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps:

1.         Be sure the signatures in your anti-virus software are up to date.

2.         Save the file to your computer or a disk.

3.         Manually scan the file using your anti-virus software.

4.         If the file is clean and doesn't seem suspicious, go ahead and open it.

     Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.

     Consider creating separate accounts on your computer - Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need "administrator" privileges to infect a computer.

     Apply additional security practices - You may be able to filter certain types of attachments through your email software or a firewall.

Reducing Spam

What is spam?

Spam is the electronic version of "junk mail." The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses—valid messages from legitimate sources could fall into this category.

How can you reduce the amount of spam?

There are some steps you can take to significantly reduce the amount of spam you receive:

     Don't give your email address out arbitrarily - Email addresses have become so common that a space for them is often included on any form that asks for your address—even comment cards at restaurants. It seems harmless so many people write them in the space provided without realizing what could happen to that information. For example, companies often enter the addresses into a database so that they can keep track of their customers and the customers' preferences. Sometimes these lists are sold to or shared with other companies, and suddenly you are receiving email that you didn't request.

     Check privacy policies - Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information.

     Be aware of options selected by default - When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from lists those lists as well.

     Use filters - Many email programs offer filtering capabilities that allow you to block certain addresses or to only allow email from addresses on your contact list. Some ISPs offer spam "tagging" or filtering services, but legitimate messages misclassified as spam might be dropped before reaching your inbox. However, many ISPs that offer filtering services also provide options for tagging suspected spam messages so the end user can more easily identify them. This can be useful in conjunction with filtering capabilities provided by many email programs.

     Report messages as spam - Most email clients offer an option to report a message as spam or junk. If yours has that option, take advantage of it. Reporting messages as spam or junk helps to train the mail filter so that the messages aren't delivered to your inbox. However, check your junk or spam folders occasionally to look for legitimate messages that were incorrectly classified as spam.

     Don't follow links in spam messages - Some spam relies on generators that try variations of email addresses at certain domains. If you click a link within an email message or reply to a certain address, you are just confirming that your email address is valid. Unwanted messages that offer an "unsubscribe" option are particularly tempting, but this is often just a method for collecting valid addresses that are then sent other spam.

     Disable the automatic downloading of graphics in HTML mail - Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message—when your mail client downloads the graphic from their web server, they know you've opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.

     Consider opening an additional email account - Many domains offer free email accounts. If you frequently submit your email address (for online shopping, signing up for services, or including it on something like a comment card), you may want to have a secondary email account to protect your primary email account from any spam that could be generated. You could also use this secondary account when posting to public mailing lists, social networking sites, blogs, and web forums. If the account start to fill up with spam, you can get rid of it and open a different one.

     Use privacy settings on social networking sites - Social networking sites typically allow you to choose who has access to see your email address. Consider hiding your email account or changing the settings so that only a small group of people that you trust are able to see your address. Also, when you use applications on these sites, you may be granting permission for them to access your personal information. Be cautious about which applications you choose to use.

     Don't spam other people - Be a responsible and considerate user. Some people consider email forwards a type of spam, so be selective with the messages you redistribute. Don't forward every message to everyone in your address book, and if someone asks that you not forward messages to them, respect their request.

Benefits and Risks of Free Email Services

What is the appeal of free email services?

Many service providers offer free email accounts (e.g., Yahoo!, Hotmail, Gmail). These email services typically provide you with a browser interface to access your mail. In addition to the monetary savings, these services often offer other benefits:

     accessibility - Because you can access your account(s) from any computer, these services are useful if you cannot be near your computer or are in the process of relocating and do not have an ISP. Even if you are able to access your ISP-based email account remotely, being able to rely on a free email account is ideal if you are using a public computer or a shared wireless hot spot and are concerned about exposing the details of your primary account.

     competitive features - With so many of these service providers competing for users, they now offer additional features such as large amounts of storage, spam filtering, virus protection, and enhanced fonts and graphics.

     additional capabilities - It is becoming more common for service providers to package additional software or services (e.g., instant messaging) with their free email accounts to attract customers.

Free email accounts are also effective tools for reducing the amount of spam you receive at your primary email address. Instead of submitting your primary address when shopping online, requesting services, or participating in online forums, you can set up a free secondary address to use.

What risks are associated with free email services?

Although free email services have many benefits, you should not use them to send sensitive information. Because you are not paying for the account, the organization may not have a strong commitment to protecting you from various threats or to offering you the best service. Some of the elements you risk are

     security - If your login, password, or messages are sent in plain text, they may easily be intercepted. If a service provider offers SSL encryption, you should use it. You can find out whether this is available by looking for a "secure mode" or by replacing the "http:" in the URL with "https:".

     privacy - You aren't paying for your email account, but the service provider has to find some way to recover the costs of providing the service. One way of generating revenue is to sell advertising space, but another is to sell or trade information. Make sure to read the service provider's privacy policy or terms of use to see if your name, your email address, the email addresses in your address book, or any of the information in your profile has the potential of being given to other organizations. If you are considering forwarding your work email to a free email account, check with your employer first. You do not want to violate any established security policies.

     reliability - Although you may be able to access your account from any computer, you need to make sure that the account is going to be available when you want to access it. Familiarize yourself with the service provider's terms of service so that you know exactly what they have committed to providing you. For example, if the service ends or your account disappears, can you retrieve your messages? Does the service provider give you the ability to download messages that you want to archive onto your machine? Also, if you happen to be in a different time zone than the provider, you may find that their server maintenance interferes with your normal email routine.

Benefits of BCC

What is BCC?

BCC, which stands for blind carbon copy, allows you to hide recipients in email messages. Addresses in the To: field and the CC: (carbon copy) field appear in messages, but users cannot see addresses of anyone you included in the BCC: field.

Why would you want to use BCC?

There are a few main reasons for using BCC:

     Privacy - Sometimes it's beneficial, even necessary, for you to let recipients know who else is receiving your email message. However, there may be instances when you want to send the same message to multiple recipients without letting them know who else is receiving the message. If you are sending email on behalf of a business or organization, it may be especially important to keep lists of clients, members, or associates confidential. You may also want to avoid listing an internal email address on a message being sent to external recipients. Another point to remember is that if any of the recipients use the "reply to all" feature to reply to your messages, all of the recipients listed in the To: and CC: fields will receive the reply. If there is potential for a response that is not appropriate for all recipients, consider using BCC.

     Tracking - Maybe you want to access or archive the email message you are sending at another email account. Or maybe you want to make someone, such as a supervisor or team member, aware of the email without actually involving them in the exchange. BCC allows you to accomplish these goals without advertising that you are doing it.

     Respect for your recipients - People often forward email messages without removing the addresses of previous recipients. As a result, messages that are repeatedly sent to many recipients may contain long lists of email addresses. Spammers and email-borne viruses may collect and target those addresses.

To reduce the risk, encourage people who forward messages to you to use BCC so that your email address is less likely to appear in other people's inboxes and be susceptible to being harvested. To avoid becoming part of the problem, in addition to using BCC if you forward messages, take time to remove all existing email addresses within the message. The additional benefit is that the people you're sending the message to will appreciate not having to scroll through large sections of irrelevant information to get to the actual message.

How do you BCC an email message?

Most email clients have the option to BCC listed a few lines below the To: field. However, sometimes it is a separate option that is not listed by default. If you cannot locate it, check the help menu or the software's documentation.

If you want to BCC all recipients and your email client will not send a message without something in the To: field, consider using your own email address in that field. In addition to hiding the identity of other recipients, this option will enable you to confirm that the message was sent successfully.

 

Comments

Post a Comment

Popular posts from this blog

OROP: A DROP IN THE OCEAN 1.  Last few days have seen some unprecedented actions, reactions and lack of action regarding "demand" of OROP by veterans of Indian Armed Forces. Debates on audio and visual media, messages on social media and heated arguments over a glass of beer in messes / clubs have focused on how successive Govts have failed to fulfill long standing demand of OROP, how the wily bureaucrats are putting spokes in its implementation, the base year for calculations and the estimates of budgetary allocations and cash outgo for the treasury. Few enterprising guys have even put up calculated revised pensions for various ranks. People in armed forces - both serving and veterans are agitated that their 'dues' are not being given and that while others like MTNL/BSNL losses of 10000 Cr are being written off, $ 10 Billion aid is being given to Nepal and 6000 Cr worth loans have been waived off, Govt is nickpicking and calculating how it can save a few / few h
Read more

Surgical Strike by Indian Special Forces in POK

1.     Since 1205 hrs on 29 Sep 16 the issue which has been "dissected" by all and sundry specially in Indian Media is the declaration by Lt Gen Ranbir Singh, DGMO of Indian Army that Indian Special Forces conducted surgical strikes inside POK and neutralized terrorists and "those who supported them".  Social media is abuzz like beehive with all kinds of messages being forwarded to all and sundry. Now let me enumerate what happened thereafter:- (a)  Pakistan gave out conflicting statements ranging from flat denial of any such operations, to accepting death of two of its army personnel in cross border" firing (Do they mean LOC is now IB?) to total silence from their Defence Minister who was talking of dropping nuclear bombs on India in case of any military action by India as also Gen Sharief their COAS who retires in a few weeks. Her efforts to raise the matter in UNO have elicited absolutely no response. (b) South Asian Countries gave either thum
Read more

Cyber Security Primer IV

  ATTACKS AND THREATS- I Dealing with Cyber-bullies What is cyber-bullying? Cyber-bullying refers to the new, and growing, practice of using technology to harass, or bully, someone else. Bullies used to be restricted to methods such as physical intimidation, postal mail, or the telephone. Now, developments in electronic media offer forums such as email, instant messaging, web pages, and digital photos to add to the arsenal. Computers, cell phones, and PDAs are new tools that can be applied to an old practice. Forms of cyber-bullying can range in severity from cruel or embarrassing rumors to threats, harassment, or stalking. It can affect any age group; however, teenagers and young adults are common victims, and cyber-bullying is a growing problem in schools. Why has cyber-bullying become such a problem? The relative anonymity of the internet is appealing for bullies because it enhances the intimidation and makes tracing the activity more difficult. Some bullies also find it
Read more