Posts

How to handle suspicious e-mail

Guidelines for dealing with suspicious e-mail — updated from the 2009 guide that referenced Windows Live Hotmail and a retired FileHippo updater.
Table of Contents

There are good reasons to be suspicious of e-mail.

Some e-mail messages might be phishing scams, some might carry viruses. Images in spam e-mail might turn out to be pornographic, or to include Web beacons, which can be adapted to secretly send a message back to the sender.

Follow these guidelines to help protect yourself when suspicious mail shows up in your Inbox.

1. Do not respond — and don’t open junk mail

  • If an e-mail looks suspicious, don’t risk your personal information by responding to it.
  • Delete junk e-mail messages without opening them. Sometimes even opening spam can alert spammers or put an unprotected computer at risk.
  • Don’t reply to e-mail unless you’re certain that the message comes from a legitimate source. This includes not responding to messages that offer an option to “Remove me from your list.”
  • Do not “unsubscribe” unless the mail is from a known or trusted sender.
  • Use the junk mail tools in your e-mail program. Gmail, Outlook, Yahoo, and most providers let you mark messages as spam or phishing, which trains their filters and blocks the sender.

Links in phishing e-mail messages often take you to phony sites that encourage you to transmit personal or financial information to con artists. Avoid clicking a link in an e-mail message unless you are sure of the real target address, or URL.

Most e-mail programs show you the real target address of a link when you hover the mouse over the link.

Before you click a link, make sure to read the target address. If the e-mail message appears to come from your bank, but the target address is just a meaningless series of numbers, do not click the link.

Make sure that the spelling of words in the link matches what you expect. Fraudsters often use URLs with typos in them that are easy to overlook, such as “micosoft.”

3. Approach images with caution

Just as a lighthouse beacon beams a message with light, pictures in e-mail messages — also called “Web beacons” — can be adapted to secretly send a message back to the sender.

Spammers rely on information returned by these images to locate active e-mail addresses. Images can also contain harmful code and can be used to deliver a spammer’s message in spite of filters.

The best defense against Web beacons is to prevent pictures from downloading until you’ve had a chance to review the message. Gmail, Outlook, and most modern e-mail clients block remote images by default for messages from unknown senders. Leave that setting on.

4. Approach attachments with caution

Attachments might be viruses or spyware that download to your machine when you open the attachment file. If you don’t know who the attachment is from or if you weren’t expecting it, don’t open it.

5. Don’t trust the sender information

Even if the e-mail message appears to come from a sender that you know and trust, use the same precautions that you would use with any other e-mail message. Fraudsters can easily spoof the identity information in an e-mail message.

6. Don’t trust offers that seem too good to be true

If a deal or offer in an e-mail message looks too good to be true, it probably is. Exercise your common sense when you read and respond to e-mail messages.

7. Report suspicious e-mail

If you receive a suspicious e-mail that looks like it came from a company that you know and trust, report the e-mail to the faked or “spoofed” organization.

Contact the organization directly — not through the e-mail you received — and ask for confirmation. Or call the organization’s toll-free number and speak to a customer service representative. Report the e-mail to the proper authorities, including the FBI, the Federal Trade Commission (FTC), and the Anti-Phishing Working Group.

8. Don’t enter information into pop-up windows

One common phishing technique is to launch a fake pop-up window when someone clicks a link in a phishing e-mail message. To make the pop-up window look more convincing, it might be displayed over a window you trust.

Even if the pop-up window looks official or claims to be secure, avoid entering sensitive information, because there is no way to check the security certificate. Close pop-up windows by clicking the red X in the top right corner (a “Cancel” button may not work as you’d expect).

9. Don’t forward chain e-mail messages

Not only do you lose control over who sees your e-mail address, but you also may be furthering a hoax or aiding in the delivery of a virus.

Plus, there are reports that spammers start chain letters expressly to gather e-mail addresses. If you don’t know whether a message is a hoax or not, a site like Snopes can help you separate fact from fiction.

10. Update your computer software

Keep Windows and your applications patched. See Check for Windows Updates for a practical checklist covering both the OS and third-party programs.