5 simple steps to protect your email from online threats.

Email has been used since the early days of the internet, being the preferred means of communication for companies and professionals due to its practicality and different types of approaches. There was a time when people believed that email would disappear with the arrival of WhatsApp , Telegram, Facebook , and other communication sites and applications; however, it remains strong and increasingly present in the lives of professionals. Therefore, it is important to protect your email from virtual threats.

In 2019, active email accounts reached 5.6 billion, according to statistics from Statista , a German company specializing in market and consumer data. Meanwhile, research from Pew Research showed that 92% of adults in the online world use email.

But why is email so important? Through email we receive and send information, important contacts, and communicate universally, hence the importance of protecting your email.

Today, with the rapid evolution and efficiency of hackers and the various types of malicious actions circulating on the internet, it is becoming increasingly difficult to stay away from virtual threats. Therefore, I've compiled a list of 5 simple steps to help you protect your email from virtual threats.

Step 1: Check the attachments to protect your email.

Extra caution is needed when sending or receiving email attachments, as they can carry much more than just files, which can be harmful to your account and even lead to information theft, since they are associated with viruses and are the most common method used by cybercriminals.

Below are some tips about attachments that may be useful for security:

• Avoid opening emails with attachments from strangers as much as possible; always be suspicious of the content.
• If you accidentally open a suspicious attachment, close the program (preferably through the Windows Task Manager);
• Regardless of your operating system, keeping everything updated can be crucial to blocking a virus hidden within an email attachment.
• When securely sending an email attachment, make sure the file size isn't too large.

Step 2: Avoid opening spam messages.

Spam is the term used to refer to electronic messages that are sent to you without your consent and that are usually sent to a large number of people. This type of generally unwanted email contains, in most cases, advertisements; however, in other instances, these messages contain more aggressive content (viruses and threatening content) and can even obtain your personal information, such as bank details, for example. If you think you are being targeted by spam, check the characteristics of these emails below:

• Although it is one of the oldest tactics used by spammers , spam emails claiming to be sent "only once" are still found. This is a characteristic of spam emails.
• One of the most frequent, and worst, excuses used by spammers is to claim that if the user is not interested in the unsolicited email, they can simply "unsubscribe".
• The email header appears incomplete, lacking the sender or recipient. Both may appear as nicknames or generic names, such as: friend@, support@, etc. The omission of the recipient is one of the most common cases, as spammers place huge lists of emails in the field reserved for Blind Carbon Copies ( Bcc:), since these fields are not shown to the user receiving the message.
• The email subject line is a trap for users and a powerful tool for spammers . Most anti-spam filters are prepared to block emails with various subjects considered suspicious. However, spammers adapt and try to deceive the filters by placing misleading content in the subject , such as: vi@gra (instead of viagra), etc.

Step 3: Know which suspicious links should always be ignored.

You shouldn't click on suspicious links, especially those linked to insecure websites. This is the biggest and easiest way for threats to access your network or device. We know that links are a practical and widely used way to connect one piece of content to another on the internet, internally or externally, but to ensure a good user experience, some precautions can be taken:

• If the user is unsure of the URL's origin, it may be necessary to verify with the contact whether they actually sent the information and if they are aware that the link is trustworthy;
• If the person is unfamiliar with the platform being used and doesn't trust the information provided, it's best to ignore it. This is especially true for emails that end up in the spam folder.
• You need to be careful when clicking on shortened links, because many cybercriminals today use tools like goo.gl to shorten links and make them unrecognizable.

Step 4: Have strong and secure passwords.

Strong and secure passwords are important, and everyone knows that. However, according to research by the digital security company Kaspersky , most people believe they only need to protect their online banking accounts (51%), email accounts (39%), and online store accounts (37%). However, creating strong and secure passwords  is very important, especially for keeping your accounts safe. Therefore, I've listed some tips for creating passwords that truly protect you in the virtual world:

• Prefer long passwords, with uppercase and lowercase letters, numbers, and punctuation marks;
• To remember or generate passwords, use a password management program or application such as LastPass , Keeper , or Kaspersky Password Manage ;
• Do not choose the names of family members, such as children, spouses, or even pets, as code names. By lightly investigating someone's life, these names are easily discovered and can become a weapon.

Step 5: Be alert to existing scams.

The most well-known type of fraud is phishing , which involves deceiving users to steal information from documents and bank accounts in order to use it for personal gain. This type of fraud often occurs through fake emails and forms available on the web. Furthermore, never think that you or your company are too small to be a target for an attack.

Criminals know that small businesses generally have less protection against fraud compared to large businesses. This is one of the reasons why you should be even more concerned about security, as everyone can be a target of cybercrime .

Besides phishing, which is considered an epidemic that has left many people worried, ransomware is one of the most dangerous malware types, as it hijacks the victim's device data and demands a ransom payment for its release, usually using a virtual currency, making it almost impossible to trace the criminal. This type of "virus" works by encrypting the operating system data so that the user no longer has access to it.

How can you identify a fake email?

It is becoming increasingly complicated and difficult for a user without specific knowledge to distinguish whether a message is linked to fraud or not, as attacks are evolving and becoming much more realistic. Because of this, cyber scams and crimes are so frequent and successful.

A good example is the numerous fake emails that come with links to well-known brands of real companies. However, you can be aware of a few things to protect yourself:

• Social Engineering – whether through rumors, phishing, or the simple spread of malicious software, the use of social engineering techniques to persuade the reader is very common. Typically, the message appeals to authority, attributing the warning to some research organization, and the texts are incoherent or deal with attention-grabbing topics;
• They request the execution of a program – it is common for these software programs to be hosted on free services, which occurs very easily given the wide availability of this type of service. These are malicious applications whose main objective is to collect information from the victim and allow remote access to the user's computer;
• Email addresses of dubious origin – the messages are designed to appear as if they originated from the entity in question. This gives a false impression of credibility to the scam, especially for lay and unsuspecting users;
• Fake pages – direct the user to a fake website of the institution or a page exclusively for re-registration. These pages are often hosted on temporary domains, or on free providers that may resemble the name of an institution;
• Sensitive data – it is common for sensitive data, such as personal and financial passwords, to be requested. To increase the number of responses, criminals try to create a sense of urgency so that people respond immediately, without thinking. Normally, banks do not send emails requesting data such as passwords.

Conclusion

In closing this article, I have tried to provide some basic yet valuable tips for protection against cyberattacks originating from emails. It is important that managers, IT professionals, and other company employees understand the importance of maintaining the necessary precautions with this tool, which, as we saw earlier in the text, is still widely used in companies worldwide.

I hope you enjoyed the article and that I was able to help in some way.

To the next!