Be safe using email
Our email inbox is a “lifeline” of sorts to the world. Email is what we use to communicate with our peers and students. It’s how we send proposals, requests, and assignments.
Avoiding email is not a realistic proposition as email is often our primary focus when computing. Email is a primary attack vector to our personal data and computer systems. Email-based computer attacks can be especially devastating whether the attacker is a malicious person or program such as a virus or worm.
Here are some tips for using email safely:
Never share your password
Email administrators should not ask for your password. They can reset your password if they need access to your account for trouble-shooting or problem-solving. As a rule, never give out your email password.
Scan unopened messages
Take a moment to look through the list of messages. Note strange looking sender names or odd subject lines. Look for random-looking numbers, too much space, or anything out of the ordinary.
Don’t open any suspicious email – not even with the preview pane. Just delete it.
Opening malicious email (even with the preview pane) will often download images and scripts from the internet. That is a powerful vector of attack.
Avoid clicking on links
Outlook displays email formatted as HTML by default. This makes for beautiful newsletters but can also hide the target URL of text.
For example, the email message may say, “Click Here to enroll with the early bird savings!!!!” The words you see in the email are “Click Here” but when you click it may take you to a malicious site (e.g., steal-my-identity-please.com).
Be wary of email messages about services you use. Malicious sites are often like URLs you may know or expect, such as Amazon, Walmart, Yahoo, or Chase. The malicious sites can compromise your computer when they load code in your browser that takes advantage of exploits in the browser, the computer, or plugins such as Java, Flash, and Adobe Reader.
One way to protect against this is simply to not click on any links you aren’t expecting and are not from someone you know. You can hover your mouse cursor over links to see the target URL. You can right-click on the hyper-text and copy the link, then paste it into your browser if you are sure it’s OK.
You can also view all your email as plain-text.
Avoid opening unexpected attachments
Do not open an attached file that you aren’t expecting even if it is from someone that you know. Attachments must always be opened with care.
Opening a file on your computer allows malicious code to execute directly on your system with your level of privileges. A malicious person can have immediate access to your computer and all of your files.
For example, if you ask your students to email in Word attachments for their term paper, open those attachments from those students.
You can avoid attachments altogether by using an online service and asking students to send you the link (see above for best practices about links).
Using Google Drive
You can create documents on Google Drive and use the Share button to send a link to that document.
Using Dropbox
Students using Dropbox (or any number of other file storage services) can upload their word document and send you a share link that you can copy from your email and paste into your browser to download.
Sending links to documents instead of attaching them to messages also helps keep your inbox working faster.
The prominent security firm, RSA, was attacked when someone opened a malicious Excel file, leading to the loss of confidential information.
Avoid sending personal or private information
Avoid sending usernames and passwords in email messages, especially with the accompanying URL. One approach is to send the URL and username via email and then send the password from another system (not email). You could call the person, send them an instant message, or a text message.
Never send unencrypted documents that contain your personally identifiable information. This includes your Social Security Number, address, etc.
Email sent off campus is stored on external servers and may be viewed by people you aren’t expecting.
It is safe to consider that any email message you send is a public document and any attachments are for the world to see. This is not hyperbole. Río Hondo College can only control email within its own system.