First rule of computer security: Don't trust your e-mail
From The Providence Journal
October 17, 2004
By David McGuire
Special to The Washington Post
E-mail is a nightmare for clean freaks. No matter how fastidious you are, it's a good bet your inbox is filthy -- swimming with more viruses than a year-old dish sponge. Some
e-mail messages are innocuous, but many contain programs that can let hackers take control of your computer. Others contain links that take you to Web sites that trick you into giving online thieves your personal
The bad news is that you'll probably never get rid of it all; the good news is that there are simple steps you can take to scrub away most of it.
Don't trust your e-mail. "Basically, everything advertised in spam is fake. Your mortgage won't get cheaper, your body parts won't get bigger, the Canadian drugs
they'll sell you aren't real and they aren't from Canada," said John Levine, author of Internet for Dummies and Fighting Spam for Dummies. Not only that, scammers can fake, or "spoof,"
e-mail addresses so they look as if they're coming from your friends or colleagues. If one of those shows up unannounced, urging you to open an attachment or click on a link, there's a strong chance your
friend didn't send it. When in doubt, delete.
And remember: There are more of these messages out there than ever before. Denver anti-spam firm MX Logic reported that 84 percent of the mail it scanned for its corporate customers
in the month of July was spam. The figure is estimated to be even higher for home users.
Vaccinate: All of the major anti-virus products for home computers contain a mail-scan function. Invest in an anti-virus program, keep it running and make sure to download the regular
Don't click on the link: "Phishing" scams dupe users into turning over their account numbers and other personal data by luring them to Web pages that look identical to
legitimate sites run by companies such as Citibank, eBay and PayPal. Matthew Prince, chief executive of Chicago anti-spam firm Unspam, said it's "virtually impossible, even for very tech-savvy people,"
to distinguish between the real sites and the fake ones. Never click on a link in an e-mail asking you to update your account information. If you want to know if the request is real, call the company's customer
Leave that attachment alone: Unsolicited e-mail attachments often contain viruses. Opening the attachment launches the virus, sidelining your computer and sending copies of itself to
everyone in your e-mail address book. If you aren't expecting the attachment, don't open it. Ever.
Skip the previews: Some of the more sophisticated viruses spread without any action on your part. As soon as you open a message in the "preview" window of your e-mail
program, it can begin installing malicious programs on your computer. Users of Microsoft's Outlook e-mail program are particularly susceptible. Closing that window so that you have to double-click on a message
in order to read it can provide another layer of protection.
Look out for Outlook: Try using another e-mail program. A disproportionate number of viruses are designed to exploit Outlook's weaknesses, mostly because so many people use it.
"Microsoft is everyone's big target. Using Outlook just makes you that much more susceptible," said Steve Ruskin, a senior market analyst for MX Logic. Several companies offer free e-mail software with
all the same functions and more.
Shop around: If you are dissatisfied with your existing Internet service, look for a provider that blocks spam e-mail and quarantines suspicious messages in a "bulk" or
"spam" mail folder. Some providers let you create a "white list" of trusted e-mail addresses. Others force senders to identify themselves before allowing messages through.
Join neighborhood watch: If your e-mail provider offers a "report spam" function, use it. You also can forward your spam to the Federal Trade Commission's junk-mail
address, uce [at] ftc.gov. FTC investigators are always trying to nab fraudsters.
Don't panic: There's no need to hit the ceiling if you think your computer is infected. If you suspect hackers may have got hold of your financial data, contact one or all of
the three major credit bureau -- Equifax, Experian and TransUnion -- and ask them to put a fraud alert on your file. The fraud line for Equifax is (800) 525-6285; for Experian it's (888) 397-3742, and for
TransUnion it's (800) 680-7289.
If your Internet service provider cuts you off because a hacker has been using your machine to send spam, call the ISP and it will walk you through the steps of cleaning your computer
and reinstating your service.