Email has become a critical way to communicate with friends and families and conduct business – it’s quick, convenient, and effective. Many email messages contain attachments, such as documents, photos, or links to Web sites that senders think might be of interest.
However, cyber criminals often use email to trick people into opening attachments and visiting Web sites that collect personal information (phishing) or download malicious software (spyware). They overload our email inboxes with messages we didn’t ask for and don’t want (spam).
Criminals will continue to evolve their practices, but you can keep ahead of them by staying alert for suspicious email and using technology to filter unwanted messages.
Left unchecked, any email account will quickly become overloaded with junk, some of which will contain viruses and scams. The good news is that most email programs contain options for filtering out what you don’t want. Learn how to use those tools properly to make your email experience faster, safer and simpler.
The first thing to do is to enable a junk email or spam filter. Most email programs and online services come with one of these installed. In many cases, these are set to “on” by default, but if they’re not, you can easily activate by finding your filtering preferences tab, or using your program’s “help” tool.
Some junk mail filters, like the one that comes with Microsoft Outlook, have multiple junk mail settings. At the highest level, these will filter out virtually everything you don’t want. Just be aware that at the highest settings, spam filters can sometimes trap emails you want to receive. If you have high junk mail settings, make sure to take an occasional peek at your junk mail folder.
The next level of email filtering is to block all email from specific addresses. This works differently in different programs. In Microsoft Outlook, for instance, you just select the message from the sender you wish to block, select “block sender” from the “message” pull-down window, then click “yes” and “ok.”
IMPORTANT NOTE: No email filter is perfect, so you still want to treat every message you get — even the ones that appear to come from companies you do business with — with a certain degree of caution.
Top of page.
Phishing attacks use email or malicious Web sites to collect personal and financial information. Attackers may send urgent emails that request account information, seemingly from a reputable credit card company or financial institution. When users respond with the requested information, attackers can use it to gain access to the accounts.
How do you avoid being a victim?
- Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Do not send sensitive information over the Internet before checking a Web site’s security.
- Pay attention to the URL of a web site. Malicious Web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.
- Install and maintain anti-virus software, firewalls, and email filters to reduce spam.
What do you do if you think you are a victim?
- Report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).
- Watch for any unauthorized charges to your account.
- Consider reporting the attack to the police, and file a report with the Federal Trade Commission or the FBI’s Internet Crime Complaint Center.
More information about Phishing
For more information on phishing, visit:
- Anti Phishing Working Group
- United States Computer Emergency Readiness Team (US-CERT), a partnership between the U.S. Department of Homeland Security and the public and private sectors.
Information provided by US-CERT.