Internet Scheming

Internet Scheming - Don’t let them con you! Excerpts from an article written by Jason Hirose – Network Administrator at ILRC In this day and age of viruses, spam and phishing scams, it is good that many people don’t trust what is coming into their inbox. If you don’t have someone you trust to ask about these things, where do you start when it comes to e-mail security? Here are some questions you can ask yourself before trusting the contents of an e-mail:

• Do you know who sent the e-mail? If you don’t recognize who sent you the message, there is a good chance that it is a hoax. Even if you do know who sent you the e-mail it doesn’t automatically make it safe. People can have their computers or e-mail accounts compromised or someone can send an e-mail with a fake reply address making it look it came from someone you know.

• Is there anything unusual about the e-mail address? With an e-mail address there are two parts: the local part (everything before the @) and the domain part (everything after the @). The local part identifies the individual who sent the e-mail. If this is someone you know they may have numbers or other odd characters but there is no business which will use numbers. The domain part identifies the company or organization who owns the e-mail address. In particular, pay attention to the very end of the address. “.com” and “.ca” we are familiar with but how about “.ru” or “.pl”? For example that stands for Russia or Poland. If you don’t know anyone or deal with any companies in those countries, safely discard the message.

• Does the e-mail contain any links? Use your mouse to hover over any links to make sure that the address the link will send you to matches what you expect before clicking.

• Is the e-mail asking for any information? Reputable companies will never ask for information via e-mail. This includes personal information, account numbers, user names or passwords. Asking you to update, renew or verify anything is not a legitimate practice. If you see a link which says “click here to log-in” delete the message since a real company will not send anyone a direct link to a log-in page. This process is called “Phishing”.

• Does the message indicate urgency? “Must act now” or “two days left” are good signs that a message is not legitimate.

• Are there many typos? Typographical errors are frequently seen in bogus messages. Pay particular attention to weird capitalization, substitution of numbers for letters and incorrect use of punctuation. Are there any attachments? Sometimes someone’s e-mail signature will contain a picture or virtual business card that will show up under attachments and these are generally ok. However, any attachments should be viewed with caution unless you know why the attachment is there.

Hopefully some or all of these tips will keep you and your computer safe.