1 / 35

Unclogging My Email: Spam, Phishing Attacks, Netiquette

Unclogging My Email: Spam, Phishing Attacks, Netiquette. Dr. Charles D. Knutson Brigham Young University www.charlesknutson.net. Positives and negatives. Email is amazingly useful and efficient Abuses of the technology Inappropriate content Technically destructive Criminal behavior

elle
Download Presentation

Unclogging My Email: Spam, Phishing Attacks, Netiquette

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Unclogging My Email:Spam, Phishing Attacks, Netiquette • Dr. Charles D. Knutson • Brigham Young University • www.charlesknutson.net

  2. Positives and negatives • Email is amazingly useful and efficient • Abuses of the technology • Inappropriate content • Technically destructive • Criminal behavior • Annoying and cumbersome • Bandwidth limiting

  3. Brief email tutorial • Individuals license domains • byu.edu, lds.org, etc. • Owner may manage subdomains • cs.byu.edu • Owner may support and manage email users • knutson@cs.byu.edu

  4. Brief email tutorial • Messages routed across Internet • Domain owner routes individual emails to particular accounts • Sending • SMTP - Simple Mail Transfer Protocol • Receiving • POP - Post Office Protocol • IMAP - Internet Message Access Protocol

  5. Brief email tutorial • Email programs • Microsoft Outlook • Mac Mail • Web-based services (Webmail) • Microsoft Hotmail • Yahoo! Mail • Google Gmail • America Online

  6. Email concerns • Malicious • Spam • Phishing attacks • Email worms • Annoying • Hoaxes • Education generally needed • Forwarding • Netiquette • Email at work

  7. Spam • Generically -- Sending copies of the same message to large numbers of recipients who didn't ask for it • Email, instant messaging, blogs, fax transmissions, cell phone messages • Here we're concerned specifically with email spam • Most common form of spam

  8. Spam • Almost no cost to send an email to millions of addresses • Very profitable • Which means -- people are buying stuff from these emails! • Requires very low hit rate to be profitable • It will only stop when people stop clicking!

  9. Spam - Volume • 100 billion spam emails sent each day • 90% of all incoming corporate email • Dr. K receives around 2,000/month • 50-100 each day • Most captured by spam filter • Another handful manually deleted each day

  10. Spam - Cost • Fraud • Dependent on content, obviously • Lost productivity • Lost bandwidth • Support to alleviate the burden • Hardware, software, personnel • $20 billion per year in U.S. alone just to combat spam

  11. Spam - Content • Significant areas: • Pornography • Sexual products • Fraudulent activities • Indiscriminately sent to everyone • Children can be exposed

  12. Spam - Some statistics • 80% of youth said they receive inappropriate email on a daily basis. • Such email makes them: • Annoyed – 51% • Uncomfortable – 34% • Offended – 23% • Curious – 13% • 38% do not tell their parents about receiving inappropriate email

  13. Spam - Solutions • Never buy anything advertised by a spam email!! • Any company with whom you don't already have a relationship • Do not use unsubscribe feature • Confirms your email is accurate • Spam filters • Not perfect, but very helpful

  14. Spam filters • Attempt to automatically detect and remove spam email • Very hard problem! • False positives - Non-spam tossed into the junk folder • When searching, include junk folder • Missed positives - Spam that makes it through the filter into your inbox

  15. Spam filters • Solutions: • Many email programs have built-in • Programs can be installed • Server-based solutions • Internet service provider (ISP) • Generally a training phase • Software learns from you as you identify spam email

  16. Phishing attacks • Fraudulent attempt to gain access to usernames, passwords, credit card information, etc. • Key source of identity theft • 1.2 million computer users in US suffered losses in 2004 • $929 million in personal losses • UK losses doubled from '04 to '05

  17. Phishing attacks • Authentic-looking fraudulent emails lead user to authentic-looking fraudulent websites • User types in name and password, or credit card information

  18. Phishing - Protection • Don't click on the link in an email • Type it yourself, or click from favorites • Many email filters detect spam • But don't rely exclusively! • Double check the web address of the link to be sure • Most are pretty flagrant

  19. Phishing attacks

  20. Email worms • Attachment in the email • Trick you into clicking on it • Installs itself • Checks your address book • Sends a copy to everyone • May or may not be damaging

  21. Hoaxes • Benign email worms that are spread entirely by… • Gullible users!! • Almost every email that asks you to forward it to everyone in your address book • ... is a hoax • This is not an exaggeration!

  22. Hoaxes - Samples • Warning about cash back charges being placed on WalMart customers' credit cards • Warning that the Obama health care reform bill mandates that seniors be given euthanasia counseling • Internet-circulated coupon offers free lunch from Wendy's • Electronic petition seeks to overturn Congressional vote granting Social Security benefits to illegal aliens

  23. Hoaxes - Samples • The planet Mars will make a remarkably close approach to Earth in August 2009 • Warning that cell phone numbers are about to be given to telemarketers • Warning about baby carrots made from deformed full-sized carrots which have been permeated with chlorine • A new Pepsi soda can design omits the words "under God" from the Pledge of Allegiance

  24. Hoaxes - Cost • If all Internet users received a single hoax, spent 1 minute, and discarded • ~$40 million • If forwarded, spread is exponential • 10 people per spread = 1,000,000 on the 6th hop • Spammers harvest email addresses from hoax emails

  25. Hoaxes - What to do • Assume the email is a hoax • Attempt to independently validate • If you can personally validate that the information is true... • Send it to select individuals with whom you have a relationship • And who don't mind receiving things • If you can't... DON'T FORWARD IT!

  26. Hoaxes - Validating • Google • Search for specific phrases • See where that leads you • Check hoax tracking sites • www.snopes.com • Symantec • McAfee • Many others… • … but these are absolutely credible

  27. Forwarding • What about forwarding other stuff? • Any email that actively encourages you to send it to everyone is very bad form • Email forms a community or social network • Must respect the rules of that social network

  28. Netiquette • Network etiquette • Rules of proper social behavior in the new digital society • Remember that users are human • Never say in an email or online something you wouldn't say in person • Don't forward junk/hoax emails

  29. Netiquette • Limit all forwarding to people you personally know, and who you know want to receive it from you • The noise can be overwhelming! • Lurk before you leap • Understand the social rules of any new community before diving in and embarrassing yourself

  30. Netiquette • Be careful about "Reply to All" • Accidentally spam a large group trying to respond to one user • ALL CAPS IS SHOUTING!!!!!!!!!!! • One exclamation point is enough! • Use subject lines appropriately • Helps users sort, find, prioritize

  31. Netiquette • BCC for multiple senders • Otherwise you expose a large number of email addresses to people who don't know each other • Include relevant portions of email that you're responding to • Intersperse your comments

  32. Netiquette • Remember that emotion is not fully conveyed via email • Emoticons can help :) ;) :( :D <grin> <g> <smile> <rant> ... </rant> (HTML humor) • Non-emotion can be helpful! • Work through issues that would be too emotional face-to-face

  33. Flaming • Flame: • Hostile or rude email or communication • That would never happen in person • Flame bait: • Trolling for a fight in cyberspace • Flame war: • Challenge accepted, combat engaged • Generally very bad form

  34. Email at work

  35. Questions? • Internet Safety Podcast • www.internetsafetypodcast.com • Internet Safety Wiki • wiki.internetsafetypodcast.com Dr. Charles Knutson knutson@cs.byu.edu

More Related