E-mail virus problems seem to get worse each week with a new e-mail virus appearing almost daily, and they're getting smarter. Each new virus is an opportunity for even more people to become infected.
If you do the right things, you cannot get a virus just by reading your e-mail. And the "right things" are really quite straightforward. There are three main areas you need to be aware of – the format of the incoming mail, attachments to the mail and phishing attacks.
E-mail formats
There are two standard formats you can accept e-mails in – HTML and Plain text.
- when e-mail is sent in HTML format you are in fact being sent a web page. Web pages can be manipulated to hide viruses. By opening a mail in this format you could be leaving your PC wide open to attack
- to prevent this you should only open HTML e-mails when you are sure they are from a trusted source
- e-mails received in plain text could still harbour a virus in an attached file. Please see e-mail attachments for guidance on what to do
- if you do choose to accept HTML formatted mails then only accept them from a trusted source
- also make sure you have all the latest versions of your operating system, mail reader and anti-virus installed
back to topE-mail attachments
E-mail attachments are the files attached to an e-mail that you have to click to open. Many of the most common computer viruses and other malicious software are spread through e-mail attachments.
- if a file attached to an e-mail message contains a virus, it's often launched when you open the file attachment (usually by double-clicking the attachment icon)
- when you receive a mail with an attachment before you open it double check to make sure it is from a trusted source and is also something you would expect to see
- if it is not from a trusted source, delete it
- if it looks like it is from a trusted source, but is unusual to have an attachment, delete it
- it sounds a bit brutal, but it is better to be safe than sorry. Genuine mails can always be re-transmitted by the sender
Phishing attacks
The term phishing stems from the use of complex lures by fraudsters to "fish" for financial information and passwords from unsuspecting users. The origins of phishing are somewhat clouded in history, but it does seem to stem from phone fraud in the USA. The term 'phreaking', where the 'ph' spelling of phishing is derived, comes from the practice of defrauding phone companies by recreating the dial tone to bypass the charging system. People who did this were called 'Phreaks' (a phonetic term derived from phone frequency). Whatever the origin of phishing it is certainly illegal and can be financially hurtful to victims. So here are some tips to avoid becoming a victim:
- apart from viruses some e-mails can be dressed up to look like they are from genuine organisations
- be very suspicious of these mails if they are requesting personal information such as passwords
- be even more suspicious if they contain a link that takes you to a site that looks genuine, but where you are required to input your passwords 'to confirm your security details'
- no bank or building society will ever ask you to submit such information via e-mail or require you to log-on to 'confirm' your details
- if you supply the information requested then do not be surprised if your bank account is emptied of substantial amounts of your hard earned cash
Things you should do to stay safe with e-mail
- keep your versions of your operating system (e.g. Windows) and your mail readers (e.g. Outlook) up to date with the latest patches
- keep your system clean of viruses and spyware by running the appropriate anti-virus checkers and spyware checkers on a regular basis. Keep those up to date too
- never ever open an attachment unless you're positive you know what it is and that you trust the sender
- never, ever click on a link in an e-mail message unless you're positive you know where it's going and that you trust the sender
- don't believe everything you read in an e-mail. Banks, building societies and online payment systems will not be asking you to verify your account by e-mail - it's probably just a scam to get your credit card number
- if you receive an e-mail message with an attachment from someone you don't know, delete it immediately
- if you need to send an e-mail attachment to someone, let them know you'll be sending it so they don't think it's a virus
- use spam filters to help block unwanted e-mail, much of which contains dangerous attachments