12 things you should know about email, spam and file attachments

Sergio Galindo of GFI Software.
Sergio Galindo of GFI Software.

Spam has been around for longer than we can remember and often we almost forget that it is and remains a real problem. For the IT department, spam remains a major security threat and a constant headache.

More than 3% of all spam contains a malware payload and it doesn't mean that the remaining spam emails are safe either. Today, it may sound strange, but the promises of big lottery wins and the various malicious websites that spam emails guide users to are just as dangerous as an email carrying a malware-infected attachment.

Spam is not going away any time soon, either, and the percentage of total email traffic that spam contributes has rarely dipped below 75 percent.

As the 2013 Microsoft Security Intelligence Report states: "More than 75 percent of the email messages sent over the internet are unwanted. Not only does all this unwanted email tax recipients' inboxes and the resources of email providers, but it also creates an environment in which emailed malware attacks and phishing attempts can proliferate. Email providers, social networks, and other online communities have made blocking spam, phishing, and other email threats a top priority."

This is all the more reason to pay attention to how we use email on a daily basis, at home and at work. It can take just one spam email to ruin your day and that of your IT team. Reducing the risk does not require every employee to have a doctorate in security, but they can follow a few basic (and common sense) steps that will help keep your network safe.

The following tips should be followed and communicated to each user with access to email:

1) Do not open or respond to emails that look suspicious, unusual or from someone you don't know that generally ask you to make an action such as giving information, credit card details, making a payment. If the email claims to be from a genuine company, but originated from a free web-based email service, it's likely spam.

2) Do not open an attachment you weren't expecting, especially if you don't know the sender. Often malicious code masquerades as Word documents or some other file type. Scammers can easily change an .EXE extension of a malicious file to .DOC. If you think that you may have received such a file, it's best to check with your IT team before doing anything with it.

3) Just as you should not open attachments, do not click on a link in an email unless you are 100% sure it is safe to do so. It is easy to interject an infected hyperlink into the body copy of an email. If in doubt, delete (or check with the sender or your helpdesk).

4) Most businesses use a professional-grade spam filter that is configured to meet the company's security needs. Check your spam folders regularly just in case a legitimate email is caught by the filters. Ask your IT department to whitelist important email addresses so they won't be filtered.

5) Don't be fooled by phishing attempts. Someone somewhere will try to get personal information from you. You should never give out personal details over email or fill in a form that pops up when you open up an email. If in doubt, check with IT department.

6) Also on the phishing front, you shouldn't open or interact with messages from businesses you haven't given your address to. Also be wary of messages from companies that already have your address. A popular tool among spammers is to act as if they were from your bank suggesting you need to change your password. In cases such as these, it is best to check the banks' website for details or call their helpdesk to ensure your account is in order. Better safe than sorry. Also, banks and other organisations should not be contacting you via email for security purposes.