Spam email isn’t just an inconvenience. It’s a big security risk to your online business. Check out this post to see how you can defend yourself against unsavory emailers.
If you recently received a spam email, you can take heart in knowing you’re not alone. In fact, of the 107 trillion emails sent in 2010, 89% of them were spam. And although the amount of spam has slightly reduced over the last two years, the holiday season is notorious for bringing all sorts of spam and phishing scams in tow.
So it’s time to protect yourself and your business by getting the low-down on malicious email. The more you know, the better you can protect yourself, your business and your customers.
How are spammers getting my email address?
One of the most common questions people ask is “How did they get my email in the first place?” Often, spammers will harvest email addresses from mailing lists, websites, yellow pages, social networks and more. Sometimes they even guess email addresses based on popular email providers and commonly used email formats, like email@example.com.
However, these tactics give spammers lots of invalid, malformed or undeliverable email addresses. So to find out which ones are valid, spammers send emails with web beacons.
Email web beacon: A very small or invisible image embedded in an email which, when downloaded, automatically reports to the sender that the email has been opened by the recipient. Web beacons can also collect additional information about the recipient such as time of reading and IP address.
In other words, when you open a spam email, you risk verifying that your email address is valid. Once your email address been verified, you can bet your bottom dollar that you’ll be receiving a lot more spam.
What can I do about it?
Thankfully, most browsers nowadays have caught on to the email web beacon tactic and now block external images by default.
However, spammers can still use other techniques to validate your address, like an email header option that requests a confirmation email be sent to the sender when the spam email has been opened. So when it comes to defending yourself from malicious email, the absolute best practice is to permanently delete suspicious emails without opening or previewing them.
If you’re unsure about the legitimacy of the email and decide to open it, you can do it safely by converting the email message to plain text format. In Outlook 2010, this setting can be found under:
File -> Options -> Trust Center -> Trust Center Settings… -> Email Security -> Read all standard mail in plain text
Viewing emails in plain text disables all HTML code, which is great for two reasons:
- Any malicious code will be disabled
- All hyperlinks will be displayed with the exact URLs that they point you to
Never click on untrusted links or open any suspicious attachments
What if it’s a phishing scam?
Phishing emails are emails that look like they’re from a legitimate sender, but have links in them that take you to a fraudulent website and entice you to enter personal information.
Typically in a phishing email, the hyperlink’s visible text doesn’t match the URL of the page where it actually takes you. For an example, let’s look at this link:
There are two ways you can check the legitimacy of a link:
- Right click on the link and select “Copy link address” or “Copy link location”, then paste that address in a blank Notepad file.
- For Chrome, Firefox, IE and Outlook: Hover over the hyperlink and see if the URL that appears in the lower left hand corner of your window is where you want to go
With either method, you’ll see that our example link doesn’t actually plan to take you to Volusion.com. And sure enough, if you click on it, the link takes you to a different, non-Volusion website. That’s phishing in a nutshell.
You can report phishing email messages and websites to “firstname.lastname@example.org.” And for more information on reporting, please visit the U.S. government’s Computer Emergency Readiness Team to get all of the details.
Don’t let malicious email get in the way of having a fantastic holiday season. Although they may be headed your way, you can disarm all spam emails and phishing scams with awareness, a little caution and your delete button.
-Elena Seufert, Volusion