370 likes | 598 Views
Unclogging My Email: Spam, Phishing Attacks, Netiquette. Dr. Charles D. Knutson Brigham Young University www.charlesknutson.net. Positives and negatives. Email is amazingly useful and efficient Abuses of the technology Inappropriate content Technically destructive Criminal behavior
E N D
Unclogging My Email:Spam, Phishing Attacks, Netiquette • Dr. Charles D. Knutson • Brigham Young University • www.charlesknutson.net
Positives and negatives • Email is amazingly useful and efficient • Abuses of the technology • Inappropriate content • Technically destructive • Criminal behavior • Annoying and cumbersome • Bandwidth limiting
Brief email tutorial • Individuals license domains • byu.edu, lds.org, etc. • Owner may manage subdomains • cs.byu.edu • Owner may support and manage email users • knutson@cs.byu.edu
Brief email tutorial • Messages routed across Internet • Domain owner routes individual emails to particular accounts • Sending • SMTP - Simple Mail Transfer Protocol • Receiving • POP - Post Office Protocol • IMAP - Internet Message Access Protocol
Brief email tutorial • Email programs • Microsoft Outlook • Mac Mail • Web-based services (Webmail) • Microsoft Hotmail • Yahoo! Mail • Google Gmail • America Online
Email concerns • Malicious • Spam • Phishing attacks • Email worms • Annoying • Hoaxes • Education generally needed • Forwarding • Netiquette • Email at work
Spam • Generically -- Sending copies of the same message to large numbers of recipients who didn't ask for it • Email, instant messaging, blogs, fax transmissions, cell phone messages • Here we're concerned specifically with email spam • Most common form of spam
Spam • Almost no cost to send an email to millions of addresses • Very profitable • Which means -- people are buying stuff from these emails! • Requires very low hit rate to be profitable • It will only stop when people stop clicking!
Spam - Volume • 100 billion spam emails sent each day • 90% of all incoming corporate email • Dr. K receives around 2,000/month • 50-100 each day • Most captured by spam filter • Another handful manually deleted each day
Spam - Cost • Fraud • Dependent on content, obviously • Lost productivity • Lost bandwidth • Support to alleviate the burden • Hardware, software, personnel • $20 billion per year in U.S. alone just to combat spam
Spam - Content • Significant areas: • Pornography • Sexual products • Fraudulent activities • Indiscriminately sent to everyone • Children can be exposed
Spam - Some statistics • 80% of youth said they receive inappropriate email on a daily basis. • Such email makes them: • Annoyed – 51% • Uncomfortable – 34% • Offended – 23% • Curious – 13% • 38% do not tell their parents about receiving inappropriate email
Spam - Solutions • Never buy anything advertised by a spam email!! • Any company with whom you don't already have a relationship • Do not use unsubscribe feature • Confirms your email is accurate • Spam filters • Not perfect, but very helpful
Spam filters • Attempt to automatically detect and remove spam email • Very hard problem! • False positives - Non-spam tossed into the junk folder • When searching, include junk folder • Missed positives - Spam that makes it through the filter into your inbox
Spam filters • Solutions: • Many email programs have built-in • Programs can be installed • Server-based solutions • Internet service provider (ISP) • Generally a training phase • Software learns from you as you identify spam email
Phishing attacks • Fraudulent attempt to gain access to usernames, passwords, credit card information, etc. • Key source of identity theft • 1.2 million computer users in US suffered losses in 2004 • $929 million in personal losses • UK losses doubled from '04 to '05
Phishing attacks • Authentic-looking fraudulent emails lead user to authentic-looking fraudulent websites • User types in name and password, or credit card information
Phishing - Protection • Don't click on the link in an email • Type it yourself, or click from favorites • Many email filters detect spam • But don't rely exclusively! • Double check the web address of the link to be sure • Most are pretty flagrant
Email worms • Attachment in the email • Trick you into clicking on it • Installs itself • Checks your address book • Sends a copy to everyone • May or may not be damaging
Hoaxes • Benign email worms that are spread entirely by… • Gullible users!! • Almost every email that asks you to forward it to everyone in your address book • ... is a hoax • This is not an exaggeration!
Hoaxes - Samples • Warning about cash back charges being placed on WalMart customers' credit cards • Warning that the Obama health care reform bill mandates that seniors be given euthanasia counseling • Internet-circulated coupon offers free lunch from Wendy's • Electronic petition seeks to overturn Congressional vote granting Social Security benefits to illegal aliens
Hoaxes - Samples • The planet Mars will make a remarkably close approach to Earth in August 2009 • Warning that cell phone numbers are about to be given to telemarketers • Warning about baby carrots made from deformed full-sized carrots which have been permeated with chlorine • A new Pepsi soda can design omits the words "under God" from the Pledge of Allegiance
Hoaxes - Cost • If all Internet users received a single hoax, spent 1 minute, and discarded • ~$40 million • If forwarded, spread is exponential • 10 people per spread = 1,000,000 on the 6th hop • Spammers harvest email addresses from hoax emails
Hoaxes - What to do • Assume the email is a hoax • Attempt to independently validate • If you can personally validate that the information is true... • Send it to select individuals with whom you have a relationship • And who don't mind receiving things • If you can't... DON'T FORWARD IT!
Hoaxes - Validating • Google • Search for specific phrases • See where that leads you • Check hoax tracking sites • www.snopes.com • Symantec • McAfee • Many others… • … but these are absolutely credible
Forwarding • What about forwarding other stuff? • Any email that actively encourages you to send it to everyone is very bad form • Email forms a community or social network • Must respect the rules of that social network
Netiquette • Network etiquette • Rules of proper social behavior in the new digital society • Remember that users are human • Never say in an email or online something you wouldn't say in person • Don't forward junk/hoax emails
Netiquette • Limit all forwarding to people you personally know, and who you know want to receive it from you • The noise can be overwhelming! • Lurk before you leap • Understand the social rules of any new community before diving in and embarrassing yourself
Netiquette • Be careful about "Reply to All" • Accidentally spam a large group trying to respond to one user • ALL CAPS IS SHOUTING!!!!!!!!!!! • One exclamation point is enough! • Use subject lines appropriately • Helps users sort, find, prioritize
Netiquette • BCC for multiple senders • Otherwise you expose a large number of email addresses to people who don't know each other • Include relevant portions of email that you're responding to • Intersperse your comments
Netiquette • Remember that emotion is not fully conveyed via email • Emoticons can help :) ;) :( :D <grin> <g> <smile> <rant> ... </rant> (HTML humor) • Non-emotion can be helpful! • Work through issues that would be too emotional face-to-face
Flaming • Flame: • Hostile or rude email or communication • That would never happen in person • Flame bait: • Trolling for a fight in cyberspace • Flame war: • Challenge accepted, combat engaged • Generally very bad form
Questions? • Internet Safety Podcast • www.internetsafetypodcast.com • Internet Safety Wiki • wiki.internetsafetypodcast.com Dr. Charles Knutson knutson@cs.byu.edu