Staying Safe online and on Wattpad

PUP# 6 ~ Emails

Email accounts are the honey pot for advertisers, marketers and criminals alike. Unfortunately, this means if we want our emails and contacts safe we have to be extremely careful about what we click: anything in our inbox could potentially harvest and distribute our most private data.

Some people use an email service app like Outlook to automatically send and receive messages from their desktop while others access their emails through their browsers using an online link or bookmark. The latter, also known as webmail, is safer. Email clients like Outlook have been studied for years by the most devious minds because it is the most popular type of its kind in the world and therefore vulnerabilities are eventually discovered and exploited.

LINK 1 lists alternative email clients

Not many webmail providers offer secure access (SSL) to our email. Yahoo and Hotmail, for instance, provide a secure connection only when we log in, to protect our password, but our actual messages are sent and received insecurely, or butt-naked, over the networks. Yahoo, Hotmail and some other free webmail providers make it worse by inserting the IP address of the computer we're using into all of the messages we send. This is a potential security threat if we use the same IP address every time.

If we want to check if our email service is secure, we merely need to look at the address bar at the top of our browser every time we open an email message. If the URL starts with 'https', where the 's' denotes a secure connection, then we are okay – if it's HTTP then our bare butts are out again. =:-0

Gmail accounts use a secure connection during log-in and all the way until you log out – a plus for the big G for once – although once inside they do their best to track you, (yawn), and disabling JS can cause their email architecture to have problems. Despite its nosy nature, Gmail shows HTTPS all the time we're using it and doesn't reveal our IP address to email recipients like Yahoo or Hotmail do. It's like Google wants to spy on us but can't stand anyone else doing it. They are so crap for the confidentiality of your sensitive email communications because they scan and record their users' content and messages, and have worked with governments that restrict digital (and human) freedoms.

Another thing some companies do is send emails that contain secret trackers called beacons. I couldn't believe the cheek of it when I noticed them a few years ago in my inbox. They were blocked by Ghostery of course, but emails from Ebay, BT and mailchimp all contained a tiny gif (1pixel x1pixel) which hid a tracking script. It's impossible to see with the naked eye, although you can look at the HTML of a webpage by right-clicking it (apple button-click for mac) and selecting view source in the drop-down list and you'll see the beacon listed in the code. Beacons like this also appear hidden among gifs on a web page but the idea they can get into our inboxes is a spectacular security risk that would horrify most users.

Some webmail providers, like the Very Good Email Company in the UK, block all email pictures by default, thereby protecting their users from stealthy scanning beacons.This is another reason to not use email clients like Outlook as they may automatically open a picture for you and unwittingly trigger an attack like a virus or Trojan activation.

LINK 2 Mentions safer webmail services

Phishing

The other big email threats to our safety are phishing scams.

We get many emails from big companies like Apple, Microsoft, Facebook, AT&T, American Express card, Google and many different banks. The only ones that are legitimate will have our real names in the address line. These sites NEVER ask us to confirm bank details or personal details over the internet. Think about it. Why would our bank send us an email to ask who we are? They already know and will only check if we contact them and they want to confirm our identity. This applies to WP, Facebook and all official sites and social networks – they will all use our real names in the address line.