washingtonpost.com  > Technology > Tech Policy > Security

Quick Quotes

Skepticism Is the Message for E-Mail

Avoid Attachments That Come With Spam

By David McGuire
Special to The Washington Post
Sunday, August 15, 2004; Page F08

E-mail is a nightmare for clean freaks. No matter how fastidious you are, it's a good bet your inbox is filthy -- swimming with more viruses than a year-old dish sponge and more grifters than a traveling carnival. Some e-mail messages are innocuous, but many contain programs that can let hackers take control of your computer. Others contain links that take you to Web sites that trick you into giving online thieves your personal data.

The bad news is that you'll probably never get rid of it all; the good news is that there are simple steps you can take to scrub away most of it.

_____Live Discussion_____
Monday, 2 p.m. ET: Fast Forward columnist Rob Pegoraro will be online to discuss cybersecurity.
_____How to Stay Safe Online_____
'SP2' a Must For XP Users (The Washington Post, Aug 15, 2004)
When to Leave What Closed (The Washington Post, Aug 15, 2004)
Computer Users Need a Good Backup Plan (The Washington Post, Aug 15, 2004)
Take Care to Guard Your Windows (The Washington Post, Aug 15, 2004)
Geek Speak (The Washington Post, Aug 15, 2004)
_____From the Security Files_____
What a Tangled Web I Wove (The Washington Post, Aug 15, 2004)
A Digital Doctor Treats Computer Contamination (The Washington Post, Aug 15, 2004)
_____Spam In The News_____
Consumer Protection: Spam (Live Online, Aug 26, 2004)
Justice Dept. to Announce Cyber-Crime Crackdown (The Washington Post, Aug 25, 2004)
Google Aims For ISP White Lists (washingtonpost.com, Aug 9, 2004)
More Spam News
_____Free E-mail Newsletters_____
• TechNews Daily Report
See a Sample  |  Sign Up Now
• Personal Finance
See a Sample  |  Sign Up Now
• Personal Tech
See a Sample  |  Sign Up Now
• Tech Policy & Security
See a Sample  |  Sign Up Now

Caveat surfer: Don't trust your e-mail. "Basically, everything advertised in spam is fake. Your mortgage won't get cheaper, your body parts won't get bigger, the Canadian drugs they'll sell you aren't real and they aren't from Canada," said John R. Levine, author of "Internet for Dummies" and "Fighting Spam for Dummies." Not only that, scammers can fake, or "spoof," e-mail addresses so they look as if they're coming from your friends or colleagues. If one of those shows up unannounced, urging you to open an attachment or click on a link, there's a strong chance your friend didn't send it. Confirm first, but when in doubt, delete the e-mail.

And remember: There are more of these messages out there than ever before. Denver anti-spam firm MX Logic reported that 84 percent of the mail it scanned for its corporate customers in the month of July was spam. The figure is estimated to be even higher for home users.

Vaccinate: All of the major anti-virus products for home computers contain a mail-scan function. Invest in an anti-virus program, keep it running and make sure to download the regular virus updates.

Don't click on the link: "Phishing" scams dupe users into turning over their account numbers and other personal data by luring them to Web pages that look identical to legitimate sites run by companies such as Citibank, eBay and PayPal. Matthew Prince, chief executive of Chicago anti-spam firm Unspam, said it's "virtually impossible, even for very tech-savvy people," to distinguish between the real sites and the fake ones. Never click on a link in an e-mail asking you to update your account information. If you want to know if the request is real, go to the company's Web site in a separate browser window and send an e-mail query. Better yet, call the company's customer support line.

Leave that attachment alone: Unsolicited e-mail attachments often contain viruses. Opening the attachment launches the virus, sidelining your computer and sending copies of itself to everyone in your e-mail address book. If you aren't expecting the attachment, don't open it. Ever.

Skip the previews: Some of the more sophisticated viruses spread without any action on your part. As soon as you open a message in the "preview" window of your e-mail program, it can begin installing malicious programs on your computer. Users of Microsoft's Outlook e-mail program are particularly susceptible. Closing that window so that you have to double-click on a message in order to read it can provide another layer of protection.

Look out for Outlook: Try using another e-mail program. A disproportionate number of viruses are designed to exploit Outlook's weaknesses, mostly because so many people use it. "Microsoft is everyone's big target. Using Outlook just makes you that much more susceptible," said Steve Ruskin a senior market analyst for MX Logic.

Several companies offer free e-mail software with all the same functions and more.

Shop around: If you are dissatisfied with your existing Internet service, look for a provider that blocks spam e-mail and quarantines suspicious messages in a "bulk" or "spam" mail folder. Some providers let you create a "white list" of trusted e-mail addresses. Others force senders to identify themselves before allowing messages through.

Join neighborhood watch: If your e-mail provider offers a "report spam" function, use it. You also can forward your spam to the Federal Trade Commission's junk-mail address, uce@ftc.gov. FTC investigators are always trying to nab fraudsters.

Don't panic: There's no need to hit the ceiling if you think your computer is infected. If you suspect hackers may have got hold of your financial data, contact one or all of the three major credit bureau -- Equifax, Experian and TransUnion -- and ask them to put a fraud alert on your file. The fraud line for Equifax is 800-525-6285; for Experian it's 888-397-3742, and for TransUnion it's 800-680-7289.

If your Internet service provider cuts you off because a hacker has been using your machine to send spam, call the ISP and it will walk you through the steps of cleaning your computer and reinstating your service.


© 2004 The Washington Post Company