Email Safety and Privacy
Be Smart, Be Safe, But Don't be
Protect Your Privacy Online
Essential basics for protecting your privacy using
- Have a reputable Anti-Virus Program running on your computer
at all times. (AVG is free. McAfee and Norton are reputable
commercial anti-virus programs.)(SeeExternal Resources page)
- Never respond to a soliciting email or email that is spam as
it only confirms that your email is active. Often the "opt out"
option in these emails is really an "opt in" option. It is best
not to even open the email if you suspect it is spam because once
you open it a web bug can be placed on your computer without your
anti-virus detecting it.
Essential basics for protecting your privacy when
- Do not open attachments unless you know what is in it, even
if you know the sender
- Read only in "text format" as web bugs and cookies can come
in HTML emails.
- Don't look at ails from people you don't know, delete
- Use a reputable Anti-Virus Program. (AVG is a free anti
Essential basics for protecting privacy when sending
- Do not forward other people's email address. Erase all email
addresses before forwarding messages
- Blind Carbon Copy (BCC) email addresses if you are sending to
a group of people.
- Be careful that you are not spamming, make sure that the
people you send messages to want the email you are sending
- Use a reputable Anti-Virus Program to scan incoming and
outgoing ails (AVG is a free anti virus.)(See External Resources page)
How Information is Collected Via Email
- We believe our email is private between ourselves, whoever
sent it to us, and whoever else it was copied to. In reality once
an email message is sent it is in the Public Domain. Anyone of
the Servers (computers) it is sent through may copy and archive
it to be retrieved later
- Ails that arrive from unknown sources may seem innocent but
may contain a small undetectable program called a "clear
gif" or a "web bug". It is not an attachment because
the web bug is embedded in the HTML and goes undetected by
anti-virus programs . A "web bug" can install a tracking program
on the computer hard drive and because it is opened in
email is independent of the browser, so is not affected by your
browser settings. The tracking program then sends information
back to the "web bug" owner.
- Types of information that may be sent to the "web bug"
- That the email it was in was opened, therefore it is a valid email address
- How many times the email was viewed
- Information about the computer being used
- Internet browsing behavior
- "Web Bugs" are commonly used by Marketing Networks but can
also be used maliciously by Crackers.
- May be in any page using HTML and not composed by the sender,
for instance Online Greeting Cards
- Email messages can introduce malware such as a Virus, a Worm,
or a Trojan to your computer system.
- The malware can corrupt and delete computer files.
- It could hijack your browser's opening page and/or hijack
- The malware could access your Address Book and send out mail
to the addresses in it, also using one of those addresses to
disguise who is sending it. It could also gather any personal
information saved in the properties of each Address Book
- Malware can install monitoring programs that record and
transmit information from your computer. The following are some
examples of what type of information may be gathered:
- Your keystroke pattern
- The keywords you search for in a search engine (google)
- Your Internet history, what web sites you have visited
- Your username(s) and password(s)
- These codes can open a back door that could allow hackers to
take control of your computer from a distance
- Email Addresses as well as Email Messages are in the Public
Domain and never totally confidential or private.
- Your address can be forwarded in the body of an email, seen
by all who read the email.
- Addresses that are sent using CC:(Carbon Copy) in the address
of a message will be visible to all who receive the email. If
someone replies using "Reply All" everyone who received the
original message will receive the reply
- Addresses that are sent using BCC: (Blind Carbon Copy) in the
address of a message will not be visible to everyone who received
the email. If someone replies using "Reply All:" the reply
message will only go back to the sender of the message
- Email addresses are acquired in many ways and may be put into
databases that are sold to third parties to be used for email
- Email Messages, including your email address, can
unintentionally be forwarded to anyone in the world. You can
never know who is reading it, or what they will do with the
- Email Messages can be published on web sites and sit there
How Best to Protect
Your Privacy When Using Email
Special Note: Below are two types of
current illegal techniques used for Identity Theft that
can be initiated through email. There are always new
- Use disposable / free email (e.g. yahoo, hotmail) for
registrations, mailing lists, contests.
- Use disposable email anywhere your email may be added to a
- Be cautious before you give your email anywhere online. Do
not give out your Primary email, only secondary or disposable
- Regularly change your password for accessing email. Regularly
change the passwords used on your computer.
- Don't open email or autopreview messages from someone you
- If you are part of an office or organization that receives
email from unknown sources here is a solution using Outlook
Express for looking at a message without opening it:
- highlight the email,
- right click once on the text you highlighted
- select Properties
- This will allow you to see the email address without opening
- Delete without opening email that has a strange suffix
(b243R@) or if it has a suspicious prefix (@xxx.ca or @markit.com
or @ebay_1.com) or the prefix is from another country you don't
regularly communicate with (@someplace.ru or @someplace.de
- Be aware that fake opt-out links in marketing ails are
common, and are really opt-in links. It is better to delete these
ails without opening them.
- Use Filtering options in your Email program. Each email
program will have "Help" that you can click on to find
information about using the email program, which should include
how to Filter email.
- Use a software program that will recognize and allow you to
delete Spam on the server before you download it to your
computer. Mailwasher is a good example of this type of a program.
(See External Resources
page - Other Free Stuff that is good to have)
- Read your messages when your are off line that way a cookie
or web bug will not be able to send information that the message
has been read.
- Read your messages in Text Only format because, cookies, and
web bugs can be embedded in HTML messages.
- If your email address book, username, and password are
obtained by someone seeing you type them (shoulder surfing), or
finding the files on your computer then your messages can be
downloaded and stored without you knowing.
- Don't ever share your username and password
- Don't keep your username and password on your computer
- Don't put your username and password where anyone can find
- Don't use an option to remember password
- Use an Anti Spam or Anti Spyware program (See External
Resources page - Free Essential
- Use a reputable Anti Virus Program and update it regularly.
Manually update instead of Automatic Updates ensure you know you
are getting the updates.
- Use a Firewall. (See External Resources page - Free Essential Software)
- Delete all Email Addresses from ails before forwarding or
sharing the email message.
- Ask before you ever share someone else's email with a third
- Get Security News from Microsoft.
- Be aware of new ways malicious often illegal programs can
gather your information. The same as you may read the Daily News,
read Anti Virus, or Security based web sites that have articles
on current Security or Privacy threats. Be informed.
- The creation and use of ails and web sites designed to
look like they come from well-known legitimate, and trusted
businesses, financial institutions, and government agencies, in
an attempt to gather personal financial and sensitive
- Has been around since 2003
- Banks and Government Agencies WILL NOT send you email asking
for information or asking you to go to their web site to give
information. They will call you on the phone or mail you the old
- Is currently used by organized crime for Identity Theft.
- Canada's Dept. of Public Safety and Emergency Preparedness
and the USA Dept. of Justice are jointly issuing a special report
about the threat of Phishing. It can be found in Canada on the
Public Safety and Emergency Preparedness web site at the
following address: ( http://www.psepc-sppcc.gc.ca/prg/le/bs/phish-en.asp
you must be online to access it from this link.)
What to do:
Phishing Through Pop Ups
- Recognize it: Your bank will not send you email
asking you to go to a web site to correct information. If any
email comes in like this DO NOT OPEN IT .
- Report it: If you do receive email that seems to be
from your bank or a trusted organization report it to them.
Report it to the RCMP. Report it to the credit bureaus. (See
External Resources )
- Stop it: Be aware of how organizations and
institutions you deal with operate. For instance most will not
contact you by email.
- The latest is a Phishing scheme, and a virus that is in a
small pop up window that looks like it is from your Anti Virus
Program. It asks you to click on a button to delete the Virus or
to download the latest anti-virus update. DO NOT CLICK. By
clicking you are actually installing a virus on your
Keyloggers or "Keystroke logger"
(Note: a search
of "key stroke" will find information about legitimate
programming for configuring the "key stroke" on a computer, a
search of "keystroke" will more likely find information about
malicious programming related to key strokes.)
- These programs record every key stroke on a computer.
- Traditionally these programs were found in employee computers
where employers were monitoring what an employee typed or on home
computers where a spouse's or child's computer activity were
- Now being used in malware set by a "web bug", trojan, etc.
and also used in Phishing schemes. The main goal is to get
people's username and password and other identifying information
for Identity Theft. (2.)
- Keep your Anti-Virus software up to date
- Use Anti-Spyware software as well
- Use a Firewall that will block unknown programs from sending
information out from your computer
- Use different usernames and passwords, not always the same
one for everything
- Don't keep usernames and passwords on your computer
1.) Public Safety and Emergency Preparedness Canada, "Phishing: A
new form of identity theft.", viewed 14 January, 2006 (
2.) Hakins, Walaika, "Keyloggers Foster New Crime Wave."
Newsfactor Magazine Online, 16 November 2005, viewed 14 January,