Security

Where There's Email, There's Email Fraud

By Michelle Rafter

If it seems like your email inbox is filled with more spam than ever, you’re right. According to Internet security experts, not only is the amount of unwanted email increasing, more of it is malicious, sent by criminals after your Social Security number, bank account information and other data they can use to make money and perpetrate their illegal efforts.

Email is much less safe than it used to be, says Carol Baroudi, a senior analyst at technology researcher Aberdeen Group who has tracked the email business for 20 years. She’s also written a number of books on email and the Internet, including E-Mail for Dummies, Second Edition, published in 2007.

According to Baroudi, email has gone from being a way for spammers to deliver annoying advertisements, to the vehicle of choice for criminals out to commit fraud. “Internet crime is big business and email is a big piece of how that is perpetrated,” she says.

Criminals use email to launch so-called phishing attacks where they collect people’s private information and use it to sign up for credit cards or break into bank accounts, Baroudi says. Internet criminals also use email to sneak onto someone’s PC then link it to a network of similar slave computers to launch more spam, a set up that’s called a botnet.

Thieves Prey on People’s Trusting Nature

The good news is software companies and security organizations are coming up with new ways to block phishing attacks, botnets and spam. But all of them rely on PC users to install some kind of protective software on their machines. These new methods also rely on people to update their security software constantly to cover new threats as soon as they appear. According to Baroudi, it wouldn’t hurt to run scans as often as every day, since new threats are being discovered all the time.

Identity thieves count on people’s trusting nature and naïveté about Internet crime to trick them into turning over their personal information, says Mike Spinney, a spokesman for The Ponemon Institute, a Detroit electronic privacy think tank. Internet security professionals call this social engineering, and it’s the number one way spammers and other bad guys get people to part with their personal information. “Scammers are playing a percentages game,” Spinney says. “If they send out a million messages and 999,999 trash it but one clicks on the wrong link or provides information, then that’s a successful campaign.”

Tips for Stopping Email Attacks

How else can you stop identify thieves and other criminals from using your email to make off with your information? Baroudi and Spinney offer these other suggestions:

1. Sign up with a reputable Internet service provider. Most major ISPs and Web-based email providers use security software that catches malicious messages before they get through to customers’ email accounts.

2. Use secure passwords. If you use Gmail or another Web-based email account or share a computer, make sure the passwords you use to access other Web-based accounts -- such as your online banking or stock trading accounts -- are hard to guess so hackers can’t figure them out. Look on password generating websites for suggestions, or create your own. The most secure passwords have eight characters and a mix of upper and lower case letters, numbers and symbols. Experts suggest splitting passwords into three groups for high, medium and low security accounts. Then make sure to never access high-security accounts -- like your bank account -- from public computers where someone could be lurking in the background to collect log-in information.

3. When it doubt, take it out. If you’re concerned that, despite your best efforts, identity thieves will invade your Web-based or desktop email program, take the initiative to delete sensitive information from your inbox. That includes data in attachments people send you. Copy the information to a thumb drive or a hard drive and then delete the attachments, says Baroudi, the Aberdeen analyst. If you subscribe to online services like Amazon, eBay or a Web-based travel agent, don’t store your subscription information, account passwords or credit card numbers in an email folder where it could snatched by a hacker. Instead move the data elsewhere on your desktop or laptop and give it a different name, or print it out and store it somewhere safe. Likewise, don’t store account passwords in email folders.

4. Encrypt files. If you’d rather keep information in your email program, put it under virtual lock and key with encryption software, which uses complex mathematical algorithms to digitally scramble the data. Even if your computer files get broken into, thieves can’t use the information because they won’t have the software key to unscramble it. “Some people encrypt their whole hard drive, some their email, some use it on a file by file basis,” Baroudi says. But older encryption software made people go through several extra steps to protect files, so lots of folks didn’t use it, she says. New PCs and laptops take the pain out of the process because they come with operating systems like Microsoft Vista that have software pre-installed for encrypting email, instant messages and other files. To protect data, Vista users can right click on the file or folder they want to encrypt, then select Properties, General, Advanced and “Encrypt contents to secure data.”

The best defense against hackers after your email inbox is common sense, says Spinney, the Ponemon Institute spokesman. If you don’t recognize the person or company sending you an email message, don’t open it. Not sure? Use your email software’s preview feature to see what’s inside a message without opening it. Permanently delete messages you’ve dumped into your email trash folder on a regular basis. Doing so will eliminate the risk that a malicious email could inadvertently be opened by you or someone else using your computer. Whatever you do, Spinney says, “Resist the urge to check something out ‘just in case.’”