© 2009 charles d. knutson unclogging my email: spam, phishing attacks, netiquette dr. charles d....

© 2009 Charles D. Knutson

Unclogging My Email:Spam, Phishing Attacks,

Netiquette

Dr. Charles D. Knutson

Brigham Young University

www.charlesknutson.net


Positives and negatives

Email is amazingly useful and efficient

Abuses of the technologyInappropriate contentTechnically destructiveCriminal behaviorAnnoying and cumbersomeBandwidth limiting

2


Brief email tutorial

Individuals license domainsbyu.edu, lds.org, etc.

Owner may manage subdomainscs.byu.edu

Owner may support and manage email [email protected]

3



Messages routed across InternetDomain owner routes individual

emails to particular accountsSending

SMTP - Simple Mail Transfer ProtocolReceiving

POP - Post Office ProtocolIMAP - Internet Message Access Protocol

4



Email programsMicrosoft OutlookMac Mail

Web-based services (Webmail)Microsoft HotmailYahoo! MailGoogle GmailAmerica Online

5


Email concerns

Malicious Spam Phishing attacks Email worms

Annoying Hoaxes

Education generally needed Forwarding Netiquette Email at work

6


Spam

Generically -- Sending copies of the same message to large numbers of recipients who didn't ask for itEmail, instant messaging, blogs, fax

transmissions, cell phone messagesHere we're concerned specifically

with email spamMost common form of spam

7


Spam

Almost no cost to send an email to millions of addresses

Very profitableWhich means -- people are buying stuff

from these emails!Requires very low hit rate to be

profitable It will only stop when people stop

clicking!

8


Spam - Volume

100 billion spam emails sent each day90% of all incoming corporate email

Dr. K receives around 2,000/month50-100 each dayMost captured by spam filterAnother handful manually deleted each

day

9


Spam - Cost

FraudDependent on content, obviously

Lost productivityLost bandwidthSupport to alleviate the burden

Hardware, software, personnel$20 billion per year in U.S. alone

just to combat spam

10


Spam - Content

Significant areas:PornographySexual productsFraudulent activities

Indiscriminately sent to everyoneChildren can be exposed

11


Spam - Some statistics

80% of youth said they receive inappropriate email on a daily basis.

Such email makes them:Annoyed – 51%Uncomfortable – 34%Offended – 23%Curious – 13%

38% do not tell their parents about receiving inappropriate email

12


Spam - Solutions

Never buy anything advertised by a spam email!!Any company with whom you don't

already have a relationshipDo not use unsubscribe feature

Confirms your email is accurateSpam filters

Not perfect, but very helpful

13


Spam filters

Attempt to automatically detect and remove spam email

Very hard problem!False positives - Non-spam tossed into

the junk folderWhen searching, include junk folder

Missed positives - Spam that makes it through the filter into your inbox

14


Spam filters

Solutions:Many email programs have built-inPrograms can be installedServer-based solutionsInternet service provider (ISP)Generally a training phase

Software learns from you as you identify spam email

15


Phishing attacks

Fraudulent attempt to gain access to usernames, passwords, credit card information, etc.

Key source of identity theft1.2 million computer users in US

suffered losses in 2004$929 million in personal losses

UK losses doubled from '04 to '05

16


Phishing attacks

Authentic-looking fraudulent emails lead user to authentic-looking fraudulent websitesUser types in name and password, or

credit card information

17


Phishing - Protection

Don't click on the link in an emailType it yourself, or click from favorites

Many email filters detect spamBut don't rely exclusively!

Double check the web address of the link to be sureMost are pretty flagrant

18


Phishing attacks

19


Email worms

Attachment in the emailTrick you into clicking on itInstalls itselfChecks your address bookSends a copy to everyoneMay or may not be damaging

20


Hoaxes

Benign email worms that are spread entirely by…Gullible users!!

Almost every email that asks you to forward it to everyone in your address book... is a hoaxThis is not an exaggeration!

21


Hoaxes - Samples Warning about cash back charges being

placed on WalMart customers' credit cards

Warning that the Obama health care reform bill mandates that seniors be given euthanasia counseling

Internet-circulated coupon offers free lunch from Wendy's

Electronic petition seeks to overturn Congressional vote granting Social Security benefits to illegal aliens

22


Hoaxes - Samples The planet Mars will make a remarkably

close approach to Earth in August 2009 Warning that cell phone numbers are

about to be given to telemarketers Warning about baby carrots made from

deformed full-sized carrots which have been permeated with chlorine

A new Pepsi soda can design omits the words "under God" from the Pledge of Allegiance

23


Hoaxes - Cost

If all Internet users received a single hoax, spent 1 minute, and discarded~$40 million

If forwarded, spread is exponential10 people per spread = 1,000,000 on

the 6th hopSpammers harvest email addresses

from hoax emails

24


Hoaxes - What to do

Assume the email is a hoaxAttempt to independently validate If you can personally validate that

the information is true...Send it to select individuals with whom

you have a relationshipAnd who don't mind receiving things

If you can't... DON'T FORWARD IT!

25


Hoaxes - Validating

GoogleSearch for specific phrasesSee where that leads you

Check hoax tracking siteswww.snopes.comSymantecMcAfeeMany others…

… but these are absolutely credible

26


Forwarding

What about forwarding other stuff?Any email that actively encourages

you to send it to everyone is very bad form

Email forms a community or social network

Must respect the rules of that social network

27


Netiquette

Network etiquetteRules of proper social behavior in

the new digital societyRemember that users are human

Never say in an email or online something you wouldn't say in person

Don't forward junk/hoax emails

28


Netiquette

Limit all forwarding to people you personally know, and who you know want to receive it from youThe noise can be overwhelming!

Lurk before you leapUnderstand the social rules of any new

community before diving in and embarrassing yourself

29


Netiquette

Be careful about "Reply to All"Accidentally spam a large group trying

to respond to one userALL CAPS IS SHOUTING!!!!!!!!!!!One exclamation point is enough!Use subject lines appropriately

Helps users sort, find, prioritize

30


Netiquette

BCC for multiple sendersOtherwise you expose a large number

of email addresses to people who don't know each other

Include relevant portions of email that you're responding toIntersperse your comments

31


Netiquette

Remember that emotion is not fully conveyed via emailEmoticons can help

:) ;) :( :D

<grin> <g> <smile>

<rant> ... </rant> (HTML humor)

Non-emotion can be helpful!Work through issues that would be too

emotional face-to-face

32


Flaming

Flame: Hostile or rude email or communicationThat would never happen in person

Flame bait:Trolling for a fight in cyberspace

Flame war:Challenge accepted, combat engaged

Generally very bad form

33


Email at work

34


Questions?

Internet Safety Podcastwww.internetsafetypodcast.com

Internet Safety Wikiwiki.internetsafetypodcast.com

Dr. Charles Knutson

[email protected]

35

© 2009 charles d. knutson unclogging my email: spam, phishing attacks, netiquette dr. charles d....

Documents