© 2009 charles d. knutson unclogging my email: spam, phishing attacks, netiquette dr. charles d....
TRANSCRIPT
© 2009 Charles D. Knutson
Unclogging My Email:Spam, Phishing Attacks,
Netiquette
Dr. Charles D. Knutson
Brigham Young University
www.charlesknutson.net
© 2009 Charles D. Knutson
Positives and negatives
Email is amazingly useful and efficient
Abuses of the technologyInappropriate contentTechnically destructiveCriminal behaviorAnnoying and cumbersomeBandwidth limiting
2
© 2009 Charles D. Knutson
Brief email tutorial
Individuals license domainsbyu.edu, lds.org, etc.
Owner may manage subdomainscs.byu.edu
Owner may support and manage email [email protected]
3
© 2009 Charles D. Knutson
Brief email tutorial
Messages routed across InternetDomain owner routes individual
emails to particular accountsSending
SMTP - Simple Mail Transfer ProtocolReceiving
POP - Post Office ProtocolIMAP - Internet Message Access Protocol
4
© 2009 Charles D. Knutson
Brief email tutorial
Email programsMicrosoft OutlookMac Mail
Web-based services (Webmail)Microsoft HotmailYahoo! MailGoogle GmailAmerica Online
5
© 2009 Charles D. Knutson
Email concerns
Malicious Spam Phishing attacks Email worms
Annoying Hoaxes
Education generally needed Forwarding Netiquette Email at work
6
© 2009 Charles D. Knutson
Spam
Generically -- Sending copies of the same message to large numbers of recipients who didn't ask for itEmail, instant messaging, blogs, fax
transmissions, cell phone messagesHere we're concerned specifically
with email spamMost common form of spam
7
© 2009 Charles D. Knutson
Spam
Almost no cost to send an email to millions of addresses
Very profitableWhich means -- people are buying stuff
from these emails!Requires very low hit rate to be
profitable It will only stop when people stop
clicking!
8
© 2009 Charles D. Knutson
Spam - Volume
100 billion spam emails sent each day90% of all incoming corporate email
Dr. K receives around 2,000/month50-100 each dayMost captured by spam filterAnother handful manually deleted each
day
9
© 2009 Charles D. Knutson
Spam - Cost
FraudDependent on content, obviously
Lost productivityLost bandwidthSupport to alleviate the burden
Hardware, software, personnel$20 billion per year in U.S. alone
just to combat spam
10
© 2009 Charles D. Knutson
Spam - Content
Significant areas:PornographySexual productsFraudulent activities
Indiscriminately sent to everyoneChildren can be exposed
11
© 2009 Charles D. Knutson
Spam - Some statistics
80% of youth said they receive inappropriate email on a daily basis.
Such email makes them:Annoyed – 51%Uncomfortable – 34%Offended – 23%Curious – 13%
38% do not tell their parents about receiving inappropriate email
12
© 2009 Charles D. Knutson
Spam - Solutions
Never buy anything advertised by a spam email!!Any company with whom you don't
already have a relationshipDo not use unsubscribe feature
Confirms your email is accurateSpam filters
Not perfect, but very helpful
13
© 2009 Charles D. Knutson
Spam filters
Attempt to automatically detect and remove spam email
Very hard problem!False positives - Non-spam tossed into
the junk folderWhen searching, include junk folder
Missed positives - Spam that makes it through the filter into your inbox
14
© 2009 Charles D. Knutson
Spam filters
Solutions:Many email programs have built-inPrograms can be installedServer-based solutionsInternet service provider (ISP)Generally a training phase
Software learns from you as you identify spam email
15
© 2009 Charles D. Knutson
Phishing attacks
Fraudulent attempt to gain access to usernames, passwords, credit card information, etc.
Key source of identity theft1.2 million computer users in US
suffered losses in 2004$929 million in personal losses
UK losses doubled from '04 to '05
16
© 2009 Charles D. Knutson
Phishing attacks
Authentic-looking fraudulent emails lead user to authentic-looking fraudulent websitesUser types in name and password, or
credit card information
17
© 2009 Charles D. Knutson
Phishing - Protection
Don't click on the link in an emailType it yourself, or click from favorites
Many email filters detect spamBut don't rely exclusively!
Double check the web address of the link to be sureMost are pretty flagrant
18
© 2009 Charles D. Knutson
Phishing attacks
19
© 2009 Charles D. Knutson
Email worms
Attachment in the emailTrick you into clicking on itInstalls itselfChecks your address bookSends a copy to everyoneMay or may not be damaging
20
© 2009 Charles D. Knutson
Hoaxes
Benign email worms that are spread entirely by…Gullible users!!
Almost every email that asks you to forward it to everyone in your address book... is a hoaxThis is not an exaggeration!
21
© 2009 Charles D. Knutson
Hoaxes - Samples Warning about cash back charges being
placed on WalMart customers' credit cards
Warning that the Obama health care reform bill mandates that seniors be given euthanasia counseling
Internet-circulated coupon offers free lunch from Wendy's
Electronic petition seeks to overturn Congressional vote granting Social Security benefits to illegal aliens
22
© 2009 Charles D. Knutson
Hoaxes - Samples The planet Mars will make a remarkably
close approach to Earth in August 2009 Warning that cell phone numbers are
about to be given to telemarketers Warning about baby carrots made from
deformed full-sized carrots which have been permeated with chlorine
A new Pepsi soda can design omits the words "under God" from the Pledge of Allegiance
23
© 2009 Charles D. Knutson
Hoaxes - Cost
If all Internet users received a single hoax, spent 1 minute, and discarded~$40 million
If forwarded, spread is exponential10 people per spread = 1,000,000 on
the 6th hopSpammers harvest email addresses
from hoax emails
24
© 2009 Charles D. Knutson
Hoaxes - What to do
Assume the email is a hoaxAttempt to independently validate If you can personally validate that
the information is true...Send it to select individuals with whom
you have a relationshipAnd who don't mind receiving things
If you can't... DON'T FORWARD IT!
25
© 2009 Charles D. Knutson
Hoaxes - Validating
GoogleSearch for specific phrasesSee where that leads you
Check hoax tracking siteswww.snopes.comSymantecMcAfeeMany others…
… but these are absolutely credible
26
© 2009 Charles D. Knutson
Forwarding
What about forwarding other stuff?Any email that actively encourages
you to send it to everyone is very bad form
Email forms a community or social network
Must respect the rules of that social network
27
© 2009 Charles D. Knutson
Netiquette
Network etiquetteRules of proper social behavior in
the new digital societyRemember that users are human
Never say in an email or online something you wouldn't say in person
Don't forward junk/hoax emails
28
© 2009 Charles D. Knutson
Netiquette
Limit all forwarding to people you personally know, and who you know want to receive it from youThe noise can be overwhelming!
Lurk before you leapUnderstand the social rules of any new
community before diving in and embarrassing yourself
29
© 2009 Charles D. Knutson
Netiquette
Be careful about "Reply to All"Accidentally spam a large group trying
to respond to one userALL CAPS IS SHOUTING!!!!!!!!!!!One exclamation point is enough!Use subject lines appropriately
Helps users sort, find, prioritize
30
© 2009 Charles D. Knutson
Netiquette
BCC for multiple sendersOtherwise you expose a large number
of email addresses to people who don't know each other
Include relevant portions of email that you're responding toIntersperse your comments
31
© 2009 Charles D. Knutson
Netiquette
Remember that emotion is not fully conveyed via emailEmoticons can help
:) ;) :( :D
<grin> <g> <smile>
<rant> ... </rant> (HTML humor)
Non-emotion can be helpful!Work through issues that would be too
emotional face-to-face
32
© 2009 Charles D. Knutson
Flaming
Flame: Hostile or rude email or communicationThat would never happen in person
Flame bait:Trolling for a fight in cyberspace
Flame war:Challenge accepted, combat engaged
Generally very bad form
33
© 2009 Charles D. Knutson
Email at work
34
© 2009 Charles D. Knutson
Questions?
Internet Safety Podcastwww.internetsafetypodcast.com
Internet Safety Wikiwiki.internetsafetypodcast.com
Dr. Charles Knutson
35