Site Menu
Essential Safety
Web Site Safety
Chat Safety
Email Safety
 - Phishing
 - Keylogging
Social Networking
Privacy Rights
FAQs
External Resources
Site Map
To Provide Feedback:
lj@dignatis.com
Copyright

Email Safety and Privacy

Be Smart, Be Safe, But Don't be Left Behind!
Protect Your Privacy Online

Essential basics for protecting your privacy using email:

  • Have a reputable Anti-Virus Program running on your computer at all times. (AVG is free. McAfee and Norton are reputable commercial anti-virus programs.)(SeeExternal Resources page)
  • Never respond to a soliciting email or email that is spam as it only confirms that your email is active. Often the "opt out" option in these emails is really an "opt in" option. It is best not to even open the email if you suspect it is spam because once you open it a web bug can be placed on your computer without your anti-virus detecting it.

Essential basics for protecting your privacy when reading email:

  • Do not open attachments unless you know what is in it, even if you know the sender
  • Read only in "text format" as web bugs and cookies can come in HTML emails.
  • Don't look at ails from people you don't know, delete them
  • Use a reputable Anti-Virus Program. (AVG is a free anti virus.)(See External Resources page)

Essential basics for protecting privacy when sending email:

  • Do not forward other people's email address. Erase all email addresses before forwarding messages
  • Blind Carbon Copy (BCC) email addresses if you are sending to a group of people.
  • Be careful that you are not spamming, make sure that the people you send messages to want the email you are sending
  • Use a reputable Anti-Virus Program to scan incoming and outgoing ails (AVG is a free anti virus.)(See External Resources page)
How Information is Collected Via Email
  • We believe our email is private between ourselves, whoever sent it to us, and whoever else it was copied to. In reality once an email message is sent it is in the Public Domain. Anyone of the Servers (computers) it is sent through may copy and archive it to be retrieved later
  • Ails that arrive from unknown sources may seem innocent but may contain a small undetectable program called a "clear gif" or a "web bug". It is not an attachment because the web bug is embedded in the HTML and goes undetected by anti-virus programs . A "web bug" can install a tracking program on the computer hard drive and because it is opened in email is independent of the browser, so is not affected by your browser settings. The tracking program then sends information back to the "web bug" owner.
    • Types of information that may be sent to the "web bug" owner:
      • That the email it was in was opened, therefore it is a valid email address
      • How many times the email was viewed
      • Information about the computer being used
      • Internet browsing behavior
    • "Web Bugs" are commonly used by Marketing Networks but can also be used maliciously by Crackers.
    • May be in any page using HTML and not composed by the sender, for instance Online Greeting Cards
  • Email messages can introduce malware such as a Virus, a Worm, or a Trojan to your computer system.
    • The malware can corrupt and delete computer files.
    • It could hijack your browser's opening page and/or hijack your modem
    • The malware could access your Address Book and send out mail to the addresses in it, also using one of those addresses to disguise who is sending it. It could also gather any personal information saved in the properties of each Address Book entry.
    • Malware can install monitoring programs that record and transmit information from your computer. The following are some examples of what type of information may be gathered:
      • Your keystroke pattern
      • The keywords you search for in a search engine (google)
      • Your Internet history, what web sites you have visited
      • Your username(s) and password(s)
    • These codes can open a back door that could allow hackers to take control of your computer from a distance
  • Email Addresses as well as Email Messages are in the Public Domain and never totally confidential or private.
    • Your address can be forwarded in the body of an email, seen by all who read the email.
    • Addresses that are sent using CC:(Carbon Copy) in the address of a message will be visible to all who receive the email. If someone replies using "Reply All" everyone who received the original message will receive the reply
    • Addresses that are sent using BCC: (Blind Carbon Copy) in the address of a message will not be visible to everyone who received the email. If someone replies using "Reply All:" the reply message will only go back to the sender of the message
    • Email addresses are acquired in many ways and may be put into databases that are sold to third parties to be used for email marketing, etc.
    • Email Messages, including your email address, can unintentionally be forwarded to anyone in the world. You can never know who is reading it, or what they will do with the information
    • Email Messages can be published on web sites and sit there indefinitely
How Best to Protect Your Privacy When Using Email
  •  Use disposable / free email (e.g. yahoo, hotmail) for registrations, mailing lists, contests.
  • Use disposable email anywhere your email may be added to a database.
  • Be cautious before you give your email anywhere online. Do not give out your Primary email, only secondary or disposable email.
  • Regularly change your password for accessing email. Regularly change the passwords used on your computer.
  • Don't open email or autopreview messages from someone you don't know
  • If you are part of an office or organization that receives email from unknown sources here is a solution using Outlook Express for looking at a message without opening it:
    • highlight the email,
    • right click once on the text you highlighted
    • select Properties
    • This will allow you to see the email address without opening the email.
    • Delete without opening email that has a strange suffix (b243R@) or if it has a suspicious prefix (@xxx.ca or @markit.com or @ebay_1.com) or the prefix is from another country you don't regularly communicate with (@someplace.ru or @someplace.de @someplace.jp).
  • Be aware that fake opt-out links in marketing ails are common, and are really opt-in links. It is better to delete these ails without opening them.
  • Use Filtering options in your Email program. Each email program will have "Help" that you can click on to find information about using the email program, which should include how to Filter email.
  • Use a software program that will recognize and allow you to delete Spam on the server before you download it to your computer. Mailwasher is a good example of this type of a program. (See External Resources page - Other Free Stuff that is good to have)
  • Read your messages when your are off line that way a cookie or web bug will not be able to send information that the message has been read.
  • Read your messages in Text Only format because, cookies, and web bugs can be embedded in HTML messages.
  • If your email address book, username, and password are obtained by someone seeing you type them (shoulder surfing), or finding the files on your computer then your messages can be downloaded and stored without you knowing.
    • Don't ever share your username and password
    • Don't keep your username and password on your computer
    • Don't put your username and password where anyone can find it
    • Don't use an option to remember password
  • Use an Anti Spam or Anti Spyware program (See External Resources page - Free Essential Software)
  • Use a reputable Anti Virus Program and update it regularly. Manually update instead of Automatic Updates ensure you know you are getting the updates.
  • Use a Firewall. (See External Resources page - Free Essential Software)
  • Delete all Email Addresses from ails before forwarding or sharing the email message.
  • Ask before you ever share someone else's email with a third party.
  • Get Security News from Microsoft.
  • Be aware of new ways malicious often illegal programs can gather your information. The same as you may read the Daily News, read Anti Virus, or Security based web sites that have articles on current Security or Privacy threats. Be informed.
Special Note: Below are two types of current illegal techniques used for Identity Theft that can be initiated through email. There are always new threats occurring.

Phishing:
  • The creation and use of ails and web  sites designed to look like they come from well-known legitimate, and trusted businesses, financial institutions, and government agencies, in an attempt to gather personal financial and sensitive information. (1.)
  • Has been around since 2003
  • Banks and Government Agencies WILL NOT send you email asking for information or asking you to go to their web site to give information. They will call you on the phone or mail you the old fashioned way.
  • Is currently used by organized crime for Identity Theft.
  • Canada's Dept. of Public Safety and Emergency Preparedness and the USA Dept. of Justice are jointly issuing a special report about the threat of Phishing. It can be found in Canada on the Public Safety and Emergency Preparedness web site at the following address:  ( http://www.psepc-sppcc.gc.ca/prg/le/bs/phish-en.asp you must be online to access it from this link.)
 What to do:
  •  Recognize it: Your bank will not send you email asking you to go to a web site to correct information. If any email comes in like this DO NOT OPEN IT .
  • Report it: If you do receive email that seems to be from your bank or a trusted organization report it to them. Report it to the RCMP. Report it to the credit bureaus. (See External Resources )
  • Stop it: Be aware of how organizations and institutions you deal with operate. For instance most will not contact you by email.
Phishing Through Pop Ups
  • The latest is a Phishing scheme, and a virus that is in a small pop up window that looks like it is from your Anti Virus Program. It asks you to click on a button to delete the Virus or to download the latest anti-virus update. DO NOT CLICK. By clicking you are actually installing a virus on your computer.
Keyloggers or "Keystroke logger" programs
 (Note: a search of "key stroke" will find information about legitimate programming for configuring the "key stroke" on a computer, a search of "keystroke" will more likely find information about malicious programming related to key strokes.)
  • These programs record every key stroke on a computer.
    • Traditionally these programs were found in employee computers where employers were monitoring what an employee typed or on home computers where a spouse's or child's computer activity were being monitored.
    • Now being used in malware set by a "web bug", trojan, etc. and also used in Phishing schemes. The main goal is to get people's username and password and other identifying information for Identity Theft. (2.)
What to do
  • Keep your Anti-Virus software up to date
  • Use Anti-Spyware software as well
  • Use a Firewall that will block unknown programs from sending information out from your computer
  • Use different usernames and passwords, not always the same one for everything
  • Don't keep usernames and passwords on your computer
Bibliography
1.) Public Safety and Emergency Preparedness Canada, "Phishing: A new form of identity theft.", viewed 14 January, 2006 ( http://www.psepc-sppcc.gc.ca/prg/le/bs/phish-en.asp)

2.) Hakins, Walaika, "Keyloggers Foster New Crime Wave." Newsfactor Magazine Online, 16 November 2005, viewed 14 January, 2006 ( URL)