Even a computer with up-to-date security patches and good anti-malware can be compromised by clicking on a "bad link" in an email message or by opening a "bad attachment". Don’t click on a link unless you know it goes to a mainstream website. Use browser bookmarks/favorites whenever possible instead of links in email messages. Don’t blindly click on advertisements or search results; they are not necessarily screened. It is simple to obscure the true destination of a link in an email message or on a web page. Malware writers and email spammers know how to use personal information and emotions against you. Phishing emails mimic those from banks and other companies. They often have alarming subject lines, causing recipients to click. They constantly refine their ploys as they see what works. Don’t succumb to scare tactics or enticements.
The Department of Homeland Security’s Stop.Think.Connect campaign is good advice. Also see Email Scams and Securing Your Web Browser.
Even messages from a trusted colleague or friend may be compromised. Get in the habit of pausing. Hover over a link to see where it goes (including the ones above). On a smartphone, pause your finger on a link to see its true destination. Only the rightmost part of a domain is significant (e.g., “http://microsoft.com.zzzzz.zzz/index.html” does not go to Microsoft, it goes to zzzzz.zzz).
Be careful opening attachments. Ask yourself some questions:
- Was the email message really written by the apparent sender?
- Was it written to me?
- If the message contains my name or other personal information, could it be from a spammer’s dossier on me?
- What is the original source of the attachment?
- Is it worth the risk?
It’s a shame but you cannot fully trust your best friend (or even your mother). They might unwittingly forward an infection disguised as something interesting.
The Internet is the most powerful tool in human history. Please use it wisely.