UC Santa CruzInformation Technology Services
  Home About ITS Services ITS News Policies Governance ITS Staff Site Jobs Find An Answer Feedback

Computer Security Tutorial Module 4 (Text-Only Version)

Home > IT Security Awareness > Computer Security Tutorial Module 4 (Text-Only Version)

Computer Security Tutorial (Text-Only Version)
Module 4: Practice "Safe Emailing"


While email is an extremely useful tool, it is important to remember that opening email attachments or clicking on web addresses in emails can infect your computer. Malicious people will try to get you to open harmful email or even to reveal your personal or financial information through email scams.

What are some risks of email?

Spam: Unsolicited bulk email, including commercial solicitations, advertisements, chain letters, pyramid schemes, and fraudulent offers.

Phishing Scams: Email pretending to be from someone in authority or from trusted names, such as Citibank or Paypal requesting password or credit card information in order to "set up your account," "reactivate settings," or some other "helpful" operation, but really directing recipients to rogue websites.
A reputable company will never ask you to send your password through email.

Attachments: Attachments can contain malicious programs.

Fake "security warning" emails: Always use known and trusted web addresses instead of following links in email. Example: Don't use a "Microsoft software security update" link in unsolicited email-- go to the Microsoft security web page directly on your own.

Privacy: Never assume that email or attachments are private or confidential.

Email Safety Practices

  • Don't open email attachments unless you REALLY know what you're opening (see next section below).
  • Don't click on website addresses in email unless you REALLY know where you're going.
    • If an email is unsolicited or even slightly suspicious, look up the website yourself and go there directly instead of clicking on an email link.
  • Delete spam and suspicious e-mails; don't open, forward, or reply to them.
    • If you have questions about the contents of an email message, contact the I.T.S. Support Center (459-HELP or help@ucsc.edu)

Should you open that email attachment?

  • If it's suspicious, don't open it!
  • What is suspicious?
    • Not work-related
    • The email containing the attachment was not addressed to you, specifically, by name
    • Incorrect or suspicious filename
    • Unexpected attachments
    • Attachments with suspicious or unknown file extensions (e.g.: *.exe, *.vbs, *.bin, *.com, *.pif, or *.zzx)
    • Unusual topic lines; "Your car?"; "Oh!" ; "Nice Pic!"; "Family Update!"; "Very Funny!"

Some sure signs of a scam email

  • It's not addressed to you by name
  • It asks you for personal or financial information
  • It asks you for a password
  • It asks you to forward it to lots of other people

Additional "Best Practices" for Email

  • Avoid sending large attachments.
  • Avoid sending proprietary file formats (e.g. Word or Excel documents). Send PDFs instead when possible.
    • Work with your computing coordinator for assistance or alternatives.
  • Use the "Bcc:" (blind carbon copy) line for large numbers of recipients.
    • This protects the email addresses of the recipients by hiding them and makes your email easier to read.
  • To help avoid viruses, don't use Microsoft Outlook unless you have a specific business need to do so. More secure alternatives may include Thunderbird and Apple Mail, or ask your computing coordinator.

 

Practice "Safe Emailing" Completion Cerificate

Other Training Modules:

Introduction to Computer Security
Social Engineering
Internet Privacy and Security
Password Strength and Security
Ten Other Essential Security Measures
Protecting PII and Other Restricted Data
Reporting I.T. Security Incidents
Additional Information & Resources
Security Self-Test: Questions & Scenarios

Rev. January 2009