Keeping mail marauders at bay

K.V. KURMANATH Updated - December 12, 2011 at 02:08 PM.

Actions you thought were innocuous could compromise your security on the Web.

COURTESY: WARNER BROS. PICTURES

Mr Peddireddy Chengal Reddy, Secretary-General of Consortium of Indian Farmers' Associations (CIFA) has been busy lobbying with MPs for convening exclusive Parliament session to discuss farm issues. He is also busy gathering support for the Centre's move to allow FDI in retail. But he had had to put all that work aside last week to handle a new, pressing problem on hand - his email account was hacked. “The hacker has sent a mail to all my contacts asking for financial help stating that I'm stranded in Spain and I've lost my wallet. I have been getting calls from all over. He has also copied and deleted some important mails,” he told eWorld .

Safe enough?

The only way to make a computer system 100 per cent secure is to disconnect it from the Internet, shut off the power, encase it in a concrete box and bury it. This was the popular refrain of an IT guru when asked for tips on how to keep a computer safe.

This holds good for your email account too. The best way to keep your mail account safe from hackers is not to have one! But that is not what computers and email accounts are meant for. Most email users take their accounts for granted, leaving several gaps for hackers to sneak in through.

They use the same login ID for different services (like Facebook, Gmail or LinkedIn) to get in touch with friends, office, social networks, banks, retailers, travel firms and the rest.

When you open several fronts on the Web, remember, you could be inviting too much trouble.

You compromise on security when you open an account in an internet café, an expo, a mall or a poorly guarded office. Not only are you making your email account vulnerable to a hacker sitting thousands of miles away, by clicking a malicious link, but you are putting your computer at risk too.Keep in mind that your bank will never ask you to send an email with your login, PIN or any other account credentials. Any email that seems to come from your bank or any other legitimate institution asking you to share personal details on email is most likely a phishing trap.

Security measures

Google has notified all Gmail users about the likelihood of intrusions in their account. It offered the users an option to build a secondary level of security as they log in to their accounts. Users will get a pop-up box where they need to key in a code exclusively generated for that transaction. Even if a hacker discovers your password, he will not be able to access your emails or Inbox unless he types this code. He must have access to your phone too to receive it. This is similar to the new security layer that banks have also started to implement.

After keying in your password and pressing ‘Enter', you will receive a six digit verification code on your mobile phone almost instantaneously. Alternatively, you can get your code through a voice call. But what if you are trying to access your mail where there is no cellular network coverage? What if you've left your phone at home? Google provides you with a set of exclusive codes that you can print and take with you. Each of them works only once.

Spam attacks

Mr Abhijit Limaye, Director (Development) of Symantec, points out that it could be very difficult to distinguish between legitimate and spam mails since attacks are designed to evade detection.

However, some guidelines can help prevent users from falling victim to spam and phishing, he says.

“Any email that is from an unknown sender needs to be treated with caution. Just clicking on a link in an email can silently compromise the system. Never fall for freebies or special offers that come via email. They are most likely to be fraudulent,” he says.

He suggests that users type in the URL in the address bar instead of clicking the link. A link may just be a cover for an attack.

Also, the users should create multiple email IDsfor different purposes - one to communicate with your friends, another for office work and banks and a third for bulk mails and analysts reports.

Yahoo!, another major mail service provider, has launched a service that helps its users to identify whether it is a genuine Yahoo! site or a phishing site.

It warns its users of fake addresses sent by hackers to lure gullible users. It almost sounds official. For example, you may get a link that reads ‘http://www.yahoo.com:login&mode=secure&ib35'. “This a fake one. A real Yahoo! web address has a forward slash ("/") after "yahoo.com". For example, it will read ‘http://www.yahoo.com/' or ‘https://login.yahoo.com/'.

It also cautions its users on attachments in suspicious mails that could launch a key logger software (one which can keep track of and remember whatever you type) in the computers.

Mr Hari Vasudev, Vice-President of Yahoo!, says the company has launched a service to provide the genuine Yahoo! mail page. “Users are allowed to create text or picture sign-ins into the page on a given computer. This sign-in code remains a secret between you and your computer. Users can keep phishing sites at bay by using this extra layer of safety,” he said.

So, before you send your next mail, maybe you should go to your account settings, look for security options and set up barriers to guarantee yourself a safe email experience.

Safe mailing tips

Have multiple ids for multiple purposes

Never open suspicious links, attachments

When in doubt, delete the mail

Check out 'remember password' option

Never fall for freebies

Never store bank passwords, Credit Card

numbers and PINs

Check with senders offline over SOSpleas

Read names carefully, fake names can

land you in trouble

Like seasonal diseases, be wary of

seasonal cyber attacks

Use complex passwords, with a

combination of names, numbers, symbols

Never respond to spam mails, Keep on

emptying spam box

Published on December 11, 2011 12:49