A part of social engineering; people may gain unauthorized access to your system not so much to directly steal from you,but to facilitate the spread of what is known as Spam-unsolicited emails sent out from your machine.The contents of these emails range from annoying but harmless advertising, to deceptive links designed to defraud the receiver of the email,or download malware.Even if your system is not sending out spam you will undoubtedly receive some in your email account at some point.
To help you understand and protect yourself against these practices. Below are range of general rules do provide a strong basis for warding off the bulk of scams,spam and associated malware.
Social Networking:- The rise of social networking sites such as Facebook,Google+ and Twitter have made the job of hacking into accounts much easier.This is because people will often unwittingly make a great deal of personal information about themselves available to others via social networking.This information can be used maliciously in various ways such as hacking into your accounts via the account recovery method, or to undertake Identity Fraud by setting up a False account and pretending to be you. At the very least you must make sure you go through all of the privacy options in your social networking account to secure your personal information against access by the general public.More generally, i would recommended against ever entering my sensitive information such as physical addresses,dates of birth,medical histories,credit card number and the like in such accounts.
One's It's on Internet ,It's Out Of Your Hands:- To go hand in hand with the social networking advice above, a general warning putting any personal or sensitive information anywhere on the internet: once information is stored online, It's out of your hands . There is no way to know precisely how far the information will spread , and it is impossible to destroy every copy of it. Information on the internet is routinely stored in multiple locations such as the cached copies held in search engines like Google, copies found on backup servers and of course people who download the information may make it widely available by other means. The basic rule is that you should never upload anything onto any part of the internet-and this includes via private email-if you wouldn't want anyone else to see it or know about it.Once any data leaves your machine its out of your control.
Address Book/ Contacts:- If you are infected with malware or have your email account breached by a spammer,one of the first method to redistribute the malware or initiate the spam is through the use of your contacts list.This is because an email that comes from a known person is more likely to be opened and the contents read,and any links clicked than if it came from a stranger. One method of negating this form of attack is to not maintain an address book or contacts list.Instead save at least one email you have received from people you wish to contact regularly in a separate mail folder. Then whenever you want to email that person , open this folder , search for their name and reply to their last email, clearing the existing contents and subject line before entering your text.The lack of consolidated and categorized list of contacts makes it much harder for anyone else who accesses your account , to quickly spam all of your contacts and to workout the relationship between you and various people on the list.
Stay Up To Date:- Regularly keep your system up to date in terms of windows patches and security updates,definition files for malware scanners and the latest version of your installed programs. These updates often contain fixes for unknown security exploits and vulnerabilities and are a simple but effective way to prevent infection. Don't wait untill you suspect infection before updating your system .as by then it may be too late since some malware deliberately blocks the use of certain updating features.
Attachments and Downloads:- A common method for spreading malware is through infected email attachments and file downloads . Different file types can hold or trigger malware on your system depending on your settings. Any email attachment or download link should be viewed as a potential source of malware even if it is from a known source because even if the sender/host is not deliberately malicious , they could be infected themselves and hence accidentally spreading infected files.Only save attachments or obtain downloads from trusted sources.Also downloaded file using MSE or another anti malware package before using it.
Patches And Security Updates:- In addition to the advice above,if you receive an email with an update or security patch for a software package or windows,do not use it.Whether attached to the email itself,or linked to in the body of email,most of these updates or patches are fraudulent.No reputable software company publicly distributes updates or patches via email, they are always hosted on the company's site ,or downloaded automatically by the software itself.If you are unsure ,use a bookmark or manually type the legitimate company's web address into your browser and check for any updates or patches on their site.
Unknown Sender: If you receive an email or message from someone you don't know,this is instant cause for suspicion.The vast majority of message from unknown individuals are spams,malicious and/or fraudulent.
Too Good To Be True: If you receive a message or see an online offer of of any kind which seems too good to be true,then almost without exception it is likely to be scam or a form of malware. It may not be malicious it might simply be a hoax or a chain letter , but in virtually every case ,it is worth deleting.
Spelling And Grammar Oddities: A dead giveaway that is something is potentially malicious ,spam or scam is the presence of bad spelling and grammar. This is not necessarily due to the author being foreign;the use of misspelling of common words ,or symbols and other character in place of standard letters, in a tactic designed to circumvent certain keywords used by spam filters to block such emails ,this is why for example the brand name Viagra is spelled V1agra or ViaGr@ or any number of variations.
Address Check: If a particular website or email appears suspicious,check the address closely.Often times the address of an apparently well-known site can be easily spotted as false if you pay attention.For example the address http://www.amazon.shop.com and http://webstore.us/amazon.com/ having nothing to do with the reputable online store http://www.amazon.com Similarly the address http://www.facebook.users.org has no relationship with the social networking site http://www.facebook.com. A domain name is always read from right to left from before the first single slash(/) mark. The component of an address when read from right to left is the Top Level Domain (TLD) found in the main site name. such as .com, .net, .co.uk and so forth. The real site name always appears just after the first incidence of a TLD when read from right to left. So in the example http://www.amazon.shop.com the amazon portion of the address is just sub-location of the website shop.com. Scammers and advertisers are very inventive and create all sorts of variations on legitimate site names, sometimes with only a letter or two out of place , so in reality the only true way to be completely sure you are going to the correct site is to open a new tab or window in your browser and manually and enter a known and trusted site address or use your bookmark.
Unknown Sender: If you receive an email or message from someone you don't know,this is instant cause for suspicion.The vast majority of message from unknown individuals are spams,malicious and/or fraudulent.
Too Good To Be True: If you receive a message or see an online offer of of any kind which seems too good to be true,then almost without exception it is likely to be scam or a form of malware. It may not be malicious it might simply be a hoax or a chain letter , but in virtually every case ,it is worth deleting.
Spelling And Grammar Oddities: A dead giveaway that is something is potentially malicious ,spam or scam is the presence of bad spelling and grammar. This is not necessarily due to the author being foreign;the use of misspelling of common words ,or symbols and other character in place of standard letters, in a tactic designed to circumvent certain keywords used by spam filters to block such emails ,this is why for example the brand name Viagra is spelled V1agra or ViaGr@ or any number of variations.
Address Check: If a particular website or email appears suspicious,check the address closely.Often times the address of an apparently well-known site can be easily spotted as false if you pay attention.For example the address http://www.amazon.shop.com and http://webstore.us/amazon.com/ having nothing to do with the reputable online store http://www.amazon.com Similarly the address http://www.facebook.users.org has no relationship with the social networking site http://www.facebook.com. A domain name is always read from right to left from before the first single slash(/) mark. The component of an address when read from right to left is the Top Level Domain (TLD) found in the main site name. such as .com, .net, .co.uk and so forth. The real site name always appears just after the first incidence of a TLD when read from right to left. So in the example http://www.amazon.shop.com the amazon portion of the address is just sub-location of the website shop.com. Scammers and advertisers are very inventive and create all sorts of variations on legitimate site names, sometimes with only a letter or two out of place , so in reality the only true way to be completely sure you are going to the correct site is to open a new tab or window in your browser and manually and enter a known and trusted site address or use your bookmark.
