Every computer user uses e-mail. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their e-mail safe and secure.

E-mail is the major way most malware is transmitted across the Internet. E-mail is the largest attack vector against large companies, as it is far more difficult to physically infiltrate a company. In this article, we will help you use e-mail more securely.

A recent experiment of 150,000 test emails sent by Verizon Enterprise Solutions found that 23% of recipients opened the email, 11% click on the attachment. One person clicking on the attachment would have infected the organization.  The human is the weakest link.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

The Golden rules of the Internet:

• Do not trust anyone
• If it is too good to be true, it probably is
• Don’t install software from anonymous sources
• Don’t automatically hit “yes” to any pop-up
• If it looks suspicious, run

Secure Your Router

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, access your e-mail when connected by a hardwired connection such as Ethernet.

Update and Secure Operating System

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Secure Internet Browsers

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Firefox, and Google Chrome.

Pick a Good Email Provider

4. Most people already have an e-mail address that they are connected to. If you are considering a new e-mail address, consider examining how sophisticated the provider is. Infrastructure and state-of-the-art spam filtering are not inexpensive. We recommend users consider e-mail addresses from providers like Lavabit, Google and Hushmail. These companies are committed to staying on the leading edge, and are accessible anywhere. ISP based e-mail is convenient, but locks you in to the ISP. The same argument applies to school or company based e-mail addresses.You can always access these e-mail account via POP access in Gmail. This will allow your email account to utilize Gmail’s excellent spam filters.

Look for e-mail providers that have good spam filters and allow you to control attachments and HTML within e-mail messages.

Make Sure Email is using HTTPS

5. Make sure you are accessing the e-mail provider’s website using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure.

Use Unique Passwords

6. When creating an account at the e-mail provider’s website, we recommend you use a unique password as it is far safer in case the store gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions.

Create Multiple Email Accounts

7. We recommend creating multiple email accounts for different purposes, in order to maximize online safety. Having multiple email accounts linking to different accounts online. One example would be to have one email account for forums, one for banking, and one for shopping. Do not have all your emergency recovery email address be the same. This way if one email account gets compromised, the others are safe.

Use Two Factor Authentication if Available

8. Some e-mail providers support two factor authentication which requires users log in with both a password and a phrase generated on a smartphone, smartcard, or printed on a piece of paper. Gmail is a leading e-mail provider that supports this 2-factor authentication. Yahoo mail added 2-factor support at the end of 2011. A hacker who had your password could not log on without a second means of authentication. This is especially good for people that travel out of the country.

Two factor authentication system using SMS text messages is not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s.

Use 3G/4G connection instead of Public WiFi when checking Email

9. When accessing e-mail on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

Don’t open suspicious links and/or attachments

10. To avoid falling victim to e-mail phishing, never click a link or open an attachment from an e-mail. This is especially true for online banks and online brokerages. Manually type the URL into your browser.

Spear Phishing is utilizing realistic looking e-mails with personalized information, possibly emanating from a known person to steal your login password, run a attachment that contains malware, or force you to visit a web page containing malware.

Fact: When a someone has more information about us, we are more likely to trust them. If your personal details leaked in a company’s data breach, criminals could use that information to craft emails that look more credible.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account.  From there, you can use Google Docs to open Word Processing, Spreadsheets, etc.  No need to endanger your own computer.

Minimize your personal information on Facebook, Twitter, Instagram, etc. Also cleanse or set to Private your Amazon wishlists and eBay bidding history.

Fight SPAM

11. Spam unfortunately, remains a unfortunate element in e-mail. Leading e-mail providers are pretty good at fighting spam, but no one is perfect. Unintended consequences include good mail ending up in a spam folder. Be very careful when accessing the spam folder as many a penetration has been enabled when workers accidentally click on links within spam folder e-mails that look legitimate.

Don’t Display HTML

12. For maximum security set your e-mail provider’s configuration to not display HTML when displaying e-mail. A less secure setting is to allow HTML but not to display images. This additional security tactic helps prevent rogue pages from being displayed within e-mail. (Windows Live Hotmail does not allow you to control this.)

We suggest these settings for Gmail:

• Select Mail Settings from the Gear Icon in the upper right corner
• In the General Tab, next to External Content: Select Ask before displaying external content

Use SSL to access Mail Servers

13. It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, MobileMe, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers.

To enable SSL with Yahoo Mail (not enabled by default) follow these steps:

• Login to your Yahoo Mail account
• Click the Gear icon on the upper-right corner
• Select “Mail Options“
• Click General on the Left, Under Mail Options
• Check the Box next to “Turn on SSL“
• Click Save at the top of the screen.

14. If you have applications other than your web browser accessing your E-mail IE. A desktop mail client suck as Windows Live Mail, Outlook, or Mail.app, make sure you enable SSL secure connections within each application. Here is a tutorial on using Gmail with Windows Live Mail.

Be careful of Short URLs

15. Do not click on shortened URLs, expand them first using a site like URL Expander or run them through a service like Virustotal.

Report Phishing

16. If you encounter phishing emails you can forward them to:

• reportphishing@antiphishing.org
• spam@uce.gov
• Internet Crime Complaint Center
• Anti-Phishing Working Group
• Stay Safe Online has spam reporting information on the top 10 ISPs

Check to see if any Email addresses have been compromised

17. There are databases of email addresses that have been compromised. If you are listed, immediately change all your passwords connected to that email account.

• haveibeenpwned.com

18. Someday phishing will hopefully fade in volume.  DMARC.org which stands for “Domain-based Message Authentication, Reporting & Conformance” may help reduce the volume of problematic emails.

Encrypt the contents of Email

19. Email uses an insecure SMTP protocol to send data between servers.  All the data sent is unencrypted.  This factor has nothing to do with using SSL to connect your email provider.  You need to use tools like PGP (pretty good privacy) to encrypt the contents of your emails to ensure privacy.  Never send a password in email.

Email Attachment

Next to clicking a link in an email, clicking an attachment is the second most dangerous way to get infected.

Block attachments in your email client.

Gmail automatically blocks:

.ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH

We recommend you supplement this by blocking these file types that are not used very often any more. Select Create a new filter from Filters and Blocked Addresss

Things Not To Do

1. Do not access your e-mail from public wifi hot spots unprotected or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.

2. Always log out web-based e-mail account, do not simply close the browser.

3. Do not have a single email address where everything goes.  If everything is linked together, you entire security chain can get compromised with one break in.

The only thing worse than spam in your email box is a spam text message on your cell phone or smartphone. For the last 20 years spam has been clogging up our email, and now it is in full bloom on our phones. Spam Texting needs to stop.

How do Spammers get Phone Numbers?

There are several sources of phone numbers for text message spamming.

• Internet postings
• Random phone number generation
• Auto dialing robo calling

The Dangers in Spam Text Messages

Just like email spam, offers made in unsolicited text messages are full of bogus offers like free iPads, prizes, or gift cards, etc. Clicking on any link or calling a phone number listed in the text message can result in the following:

• Malware being installed on your phone
• Unauthorized charges billed to your phone
• Recurring items added to your phone bill
• Private information being transmitted to cyber criminals

Fighting Unsolicited Text Messages

The major wireless providers, AT&T, Verizon, Sprint, and T-Mobile try to do everything in their power to prevent these. Each person calling to complain costs them from $5 to $50. The carriers are banding together to create anti-spam and mobile security solutions. Slowly, cell phone technology will rise to the same level as email and anti-spam filters.

The Federal Trade Commission files suit against spammers to help reduce the problems.

You can complain to your wireless carrier and let them know that you are receiving unsolicited text messages by doing the following:

Blocking Text Spam

The major wireless carriers provide Free Spam blocking controls for users. However, there are restrictions.

Here is how you can access the blocking controls online for each carrier:

Verizon Wireless – They offer many different free options to block text spam.

1. Log into your My Verizon wireless account
2. Go to My Services
3. Go to Verizon Safeguards
4. Go to Spam Controls
5. Go to Internet Spam Blocking and Call & Message Blocking
6. Save desired configuration

There are 3 options for Internet Spam Blocking you can select from :

1. Block all messages from the web.
2. Block all messages from emails.
3. Block  up to 15 specific email addresses and/or web domains (i.e. domain.com).

There are 2 options for Call & Message Blocking you can select from:

1. Block all calls & text messages originated from specific numbers
2. Block up to 5 specific numbers at one time.
   1. Expires 90 days from the date of your first block.
   2. Can reestablish blocked number by adding blocking preferences after they expire.

Verizon also offers Usage Controls for $4.99/month per line. This allows you to block up to 20 contacts (i.e. phone number, email address, instant messaging screen names).

AT&T Wireless –

They provide different ways to block spam form their source:

Internet spam & email address spam:

• Respond to the spam with “BLOCK” in the body

or

1. Log in to My Messages – This site is different than the main AT&T wireless website, so it requires a separate account to be created.
2. Select Blocking Options under the Preferences section
3. Type the domain or email you wish to block in the Block List section
4. Click Submit to save changes

Create an Alias for your wireless number (Example: your-alias@txt.att.net instead of your-wireless-number@txt.att.net)

1. Log in to My Messages
2. Select Message Options under the Preferences section
3. Input your desired alias without the “@txt.att.net” in the alias option
4. Click Submit to save changes

Short Code Spam (4-digits are shown, not a phone number):

•  Reply “STOP” in the body to block sender from spamming messages to you in the future.

Wireless Number Spam – AT&T does not currently offer a Free solution to wireless number spam. The only way to block wireless number spam currently is by signing up for AT&T’s Smart Limits for Wireless. The service costs $4.99/month per line. Similarly to Verizon’s Usage Controls.

You must purchase the Smart Limits feature before configuring Smart Limit options. Afterward, you may set up Wireless number blocking by following these steps:

1. Log in to your Wireless Account
2. Click the myAT&T tab
3. Click the Wireless category
4. Click Smart Limits under Enhanced Services
5. Click Blocked Numbers under your phone
6. Enter the 9-digit phone number you wish to block
7. Click Submit to add to your Blocked Numbers list

If mobile spam continues to be a problem, you may contact AT&T’s Customer Service at 1-800-331-0500 for additional help or forward the spam to the short code “SPAM” (7726) to open an investigation. AT&T says, “There is no charge to report mobile spam. Messages forwarded to 7726 do not count toward your data usage or voice package.”

Sprint –

• They have a very complex system to manage text blocking, see this page.

or

• Forward spam directly to abuse@messanging.sprintpcs.com or call customer care at *2 (Sprint phones)/ 611 (Nextel phones). More information here.

T-Mobile –

• Forward the message to “SPAM” (7726)
• T-Mobile will send back a confirmation that they have received your message
• T-Mobile will ask you to send them the number of the original sender so they can try to identify the identity of the spammer

*Note* Sprint does not have auto-blocking available yet & T-Mobile does not currently offer a blocking from the Internet.

Remove Text Messaging Completely

If the options to fight text message spam are not versatile enough, we recommend you disable text messaging completely. You can then use a third-party app to send and receive text messages albeit to a different phone number.

Verizon –

Call *611 and ask Verizon’s Customer Support to disable text messaging for you

or

Remove text messaging completely from your phone online in your account settings by doing the following:

1. Log in to My Verizon Account
2. Go to My Services
3. Click Add/Remove Services
4. Select Messages
5. Click Remove
6. Click Next to submit request

AT&T –

You can also go to http://mymessages.wireless.att.com/ to disable text messages sent to you as email. Keep in mind, this just affects text messages sent via email and not directly to your phone number. Most of the text message spam is not sent this way. Call customer service to totally disable texting.

Sprint -Call Sprint Customer Service to disable text messages.

T-Mobile – Allows blocking incoming and outgoing text messages (SMS), picture messages (MMS), Instant Messages (IM), and e-mail to be configured online.

Apps to help you fight Text Spam Messages

These apps help you block texting spam.

smsBlocker – Android – SMS blocking & text filter tool

VeroSMS – iOS – SMS blocking & text filter tool

Free Texting Apps:

Free apps are available to send/receive Text Messages for free on smartphones. These do require you to use a different phone number to receive messages. Simply turn off texting with your carrier and use this.

Text+ – iOS, Android – Ad supported.

Google Voice

Google Voice helps you create virtual phone number to send/receive calls, messages, and texts.  It is available for iOS, Android. Simply turn off texting with your carrier and use this.

Texting spam is costly and time consuming.  There are many techniques for dealing with it, and most are free.