If a stranger knocked on your front door, you wouldn’t let them in, no questions asked (at least we hope not). Then why did more than one in two people click on infected links in email messages from strangers? The reality is, we often disregard the Internet as a pastime activity, something you have to use for work and/or school where, in fact, this is a dangerous assumption. This type of thinking leads people not to invest in cybersecurity measures even though, according to Pew Research, “Most internet users know that key pieces of personal information are available online—such as photos and videos of them, their email addresses, birth dates, phone numbers, home addresses, and the groups to which they belong.”
You see, thanks to the power of the Internet and all that’s in it—social media, websites, search engines—we now have a virtual house too, filled with likes, tweets, shares, and hashtags. It’s time we start respecting it, putting security systems in place just as we do with our physical homes. Unlike our apartments and single-family residences, this doesn’t take much money or effort. See what we mean by doing these 4 quick-and-easy email security changes.
1. Learn the Lingo
Start by familiarizing yourself with the basic cybersecurity language. Before you roll your eyes, know that there’s good reason to because, as neurology and neuro and social and behavioral psychology have shown, categorization makes us remember better. Put another way, NCBHI states, “Categorization…facilitates the storage and retrieval of information, and it supplies a principle of organization by which new information can be banked efficiently in memory.”
So, by learning cybersecurity concepts—like phishing and malware—you’ll be more conscious of when potential incidents (think suspicious emails with foreign links) occur. You’ll be able to think that may be phishing because you know that category, and then will pull similar memories, like what you should when you come across a suspected phishing ploy.
2. Make Spam Filters Superman, Not Clark Kent
With email, spam filters are one of your first layers of defense. So, give spammers a run for their money by making them near penetrable with a Bayesian filter. The thing is, standard spam filters detect stereotypical spam—think “You’re eligible for a $100,000 rebate” or “Claim your FREE prize!” Sometimes, Spammers get around this by replacing letters with symbols that look like them: Ê, Ø, Ï… Bayesian filters identify this type of (spam) text.
Using Bayesian logic, the filter probes the email header and content, assigning a probability number between 0 (0%) and 1 (100%); based on that number, it then labels the email as either “trusted” or “suspect.” Going through the “trusted” emails, you can discard any spam the filter missed—such as spam text with symbols. Unlike your standard spam filter, the Bayesian filter uses this information for future spam detection, now looking for not just stereotypic spam but spam that uses symbols and the non-standard alphabet. Pair this with an anti-virus program, and you’re on your way to banishing spam once and for all.
3. Phishing Ploys Are More Than Cheesy Messages
Meet your traditional phishing ploy. It has an overly market-y, sketchy email header which states something along the lines of winning an outrageously lucrative prize. The body most likely has a link for you to click on to claim it. By now, many of us can identify these cheesy, suspicious email messages. However, where scammer get you is if they can infiltrate an organization’s private email.
Suddenly, an email that may be slightly “weird” is overlooked because it supposedly comes from human resources. You’ll also see this with spam that resembles an email from your bank—or even the IRS. (The reality is, spammers don’t have to infiltrate the IRS or your bank’s network to do this.)
What can you do?
Even your Superman of a spam filter will have a hard time identifying this phishing attack. How can it when it closely resembles a normal email? Let’s say it doesn’t; you pull up your work email and bam! You see a recent email from human resources, the accounting department, or, ironically, IT. It states there’s been some type of malfunction and that you can read the details here, the “here” being hyperlinked. Should you click on it? Simple, no. The reason being, hyperlinks in the body of an email are a red flag. A bigger red flag though is the email sign-off. Spammers may be able to get into the network, but, chances are, they don’t know the first and last name of your human resources/accounting/IT co-worker. They’ll try covering this up by ending the email with “Sincerely, Human Resources” or “Best Regards, IT.”
Also, do you have a rapport with him/her? Inside work jokes? Check the email tone. Yes, the mismatched tone (yellow flag) could indicate that your co-worker could be having an off-day or it’s a mass email. But when you factor this into a generic sign-off and hyperlink in the email body, it’s best to personally call up the department and verify the email.
4. Identifying IP Addresses May Not Be the Answer
Identifying the IP address of the sender can be challenging and a waste of time. IP addresses are like an address on an envelope—there’s a send and return address. There are some IP address tools out there that give you the general location of the device or at least the country based on the “Received: from” header. The thinking is, if you normally expect to receive emails from the US and a sketchy one pops up from Germany, the location is one more red flag against clicking the hyperlink. Our advice though is spammers live in the US, Germany, England, Argentina, everywhere. That and some spammers disguise their actual IP address. So, consider forgoing the IP address lookup, and focus on the other steps we’ve listed above.
If you really want to though, go to your inbox; if you’re using Gmail, click the arrow next to “Reply,” and scroll down to “Show Original.” Go down and find the “Received: From” header, where the IP address of the sender is in the brackets. Copy and paste that to IP address software.