You are probably here beacuse you clicked a link in an email that I sent you. I was going to link to a quick guide to email safety but all I could find were specific guides aimed at children or the elderly. In the end I decided to throw a rough guide together.
+
+
+
Phishing
+
+ Phishing is a technique used to try and get personal information from you. It could be styled to look like it is from a service that you use or a person that you know. Be on the lookout for:
+
+
+ - Spelling or grammatical errors
+ - You will usually see spelling or grammatical errors, some people hypothesise that this is to weed out people that are savvy to the scam before they proceed
+ - Urgent calls to action
+ - Scam artists will use urgent language to invoke an emotive response, this can prevent you evaluating whether the email is genuine before you act.
+ - Unusual sender addresses
+ - Scam artists will usually send emails from an unusual looking address such as 'security-banking.xyz' or 'banking.something.xyz'. Elements of the address may even include the name of a trusted business or person.
+
+
+
+ Even after checking for all of the above, it could be the case that the scam artist is sending an email from a real, trusted address. This is possible by hacking or spoofing. It is important that your email account is kept secure with a strong password - this helps to prevent your email address being used by scam artists.
-
Phishing
-
- Phishing is a technique used to try and get personal information from you. It could be styled to look like it is from a service that you use or a person that you know. Be on the lookout for:
-
-
- - Spelling or grammatical errors
- - You will usually see spelling or grammatical errors, some people hypothesise that this is to weed out people that are savvy to the scam before they proceed
- - Urgent calls to action
- - Scam artists will use urgent language to invoke an emotive response, this can prevent you evaluating whether the email is genuine before you act.
- - Unusual sender addresses
- - Scam artists will usually send emails from an unusual looking address such as 'security-banking.xyz' or 'banking.something.xyz'. Elements of the address may even include the name of a trusted business or person.
-
-
-
- Even after checking for all of the above, it could be the case that the scam artist is sending an email from a real, trusted address. This is possible by hacking or spoofing. It is important that your email account is kept secure with a strong password - this helps to prevent your email address being used by scam artists.
-
-
-
Tampering
-
+
Tampering
+
Generally, email is an insecure means of communication. It is possible for an email to be viewed or tampered with whilst it is being transmitted.
-
-
+
+
Because of this, it is important that you review links and attachments before opening them. Web browsers are improving on the security front and often alert you if you try to open a link to a scam website or that tries to download a file but you should still hover over the link which can reveal the actual destination. Attachments should be scanned for viruses or threats before you open them.
-
+
-
Signing & Encryption
-
+
Signing & Encryption
+
There are technologies to digitally sign and/or encrypt email messages, both PGP and S/MIME are available.
-
-
+
+
As secure instant messaging becomes more widespread email signing and encryption is becoming less common with people leaning towards services such as WhatsApp, Signal and Telegram for secure communication.
-
-
+
+
S/MIME is more widely supported but does mean that you have to buy a certificate, cheaper certificates do not provide proof of the person sending the email, however your email client can use the certificate to check whether the email has been tampered with. More expensive certificates are available that you can use to prove your identity - these are the type of certificated used to digitally sign documents such as PDF files.
-
-
- PGP is not as widely supported and is more complicated for the end user, however there is no cost as you generate certificates yourself. It is then up to the sender to validate your identity, you can read more about PGP on my PGP page.
-
-
+
+
+ PGP is not as widely supported and is more complicated for the end user, however there is no cost as you generate certificates yourself. It is then up to the sender to validate your identity, you can get my public keys here.
+
+
Both S/MIME and PGP also support encryption which involves sharing your certificates public key with others, an email can only be encrypted with that public key. It is also possible to encrypt an email with a password. I won't go on further as email encryption is a bit out of scope here.
-
-