What you should consider the next time you open an email

Let me start off by reminding you NEVER open an attachment in an email even from someone you know unless you are expecting it.  I know what you are thinking, there are situations where you may get an attachment that you weren't expecting, it happens to me as well.  When that happens obviously the safest thing to do is contact the person and verify that it is legitimate.  If that's not possible start asking yourself some questions.  Does the filename mean anything to you such as a project or topic that this person would be discussing with you?  Is the file extension one you recognize?


Anytime you see anything that doesn't seem right it should be a sign that it's not a good idea to open that file.  A file extension that is an executable such as .exe is a bad sign, but it's possible that even a Word document, Excel file or PDF file could be harboring a malicious payload. 


Why is a hyperlink in an email so dangerous?  Won't it just take me to a website?  The risk isn't obvious, a hyperlink is made up of two parts.  The first is the text you see which could be either http://www.google.com or it could just be "Google".  The second part is the code behind the text that tells your browser where it should go.  My point is that the text portion can be altered to send your browser to a different address on the internet.  In other words the text shows you the Google address above, but the code behind my take you to badguys.com and there may be a program (JAVA script, PHP script, etc.) there waiting to ambush you.  This is known sometimes as a drive by attack or a variety of other names.  A quick way I've found to see this in action I will drag the email into my Junk Email folder in Microsoft Outlook, once it's in there the link will be disabled and you can also see the code behind the text.  If you don't use Outlook it's possible that your email program can do a similar thing, but you'll have to figure that out for yourself. 

Another area of concern and one that has been widely used is emails sent posing as your bank or other institution.  The goal is to trick you in to thinking you need to login to your account (hopefully in a panic before you have time to process what is going on).  The bad guy makes the email look very convincing and you don't suspect that it's not actually your bank.  You then click on the link in the email and go to site that looks a lot like your bank and you attempt to login.  The damage is done, the bad guy has your User ID and password and can have full access to your account.  Meanwhile you think the server is down or something caused you not to be able to login.  Once you finally realize what happened it's too late.  The truth is a bank or similar institution will most likely never email confidential information like this.  So now you might be thinking what am I supposed to do then, I need to know if there's really a need to access my account?  Well the safest thing to close the email, open your browser and navigate to the website like you normally would.  Login to your account and chances are the website has a message center where you will see any email they sent you.  This ploy has also been widely used to lead you to believe the IRS has an issue with your tax return or tax payment.  Once again the IRS will NEVER contact you by email, they love to send those envelopes that make your hand shake when you open it (hopefully it's not bad news).  I encourage my client's to contact me immediately if they are ever contacted by the IRS so I can help them understand what's happening, the good news is I don't get those calls.


I hope that this brief article has helped you consider the risks you face on a daily basis.  You are welcome to contact me anytime if you have any questions, I'm always happy to help.