overview
issues
email
webmail
SMS
MMS
IM
chat
fora
news
traffic
content
evidence
disclaimers
managing
related:
Spam
Networks
|
managing
messages
This page highlights some questions about management of
email and other messaging systems.
It covers
introduction
The internet starts at your keyboard and screen, rather
than in a box maintained by your ISP or IT manager. If
you are going online you have some responsibilities -
one reason why people have called for digital lifeskills
training - and (as importantly) some scope for acting
in a way that preserves your independence.
Use of messaging systems is as much a state of mind as
use of particular communication tools. The following paragraphs
highlight some issues and responses. They are not comprehensive
but may assist thinking about the management of online
interactions.
US
pundit John Patrick comments
that
Anti-virus
and anti-spam are not enough. Anti-spyware is not enough.
Hardware and software firewalls are not enough. All
of these are essential but the other ingredient is common
sense. Look at your email carefully. Even if the "from"
address is one you recognize, look also at the context.
Ask yourself if the email content is something you were
expecting, that you understand, or at least makes sense.
Look especially hard at attachments and hyperlinks before
taking action. If it isn't something you were expecting,
my advice is don't click and don't open.
who you let through the door
Malware - viruses and spyware - does not arrive out of
the aether. One way that it gets onto your machine (and
possibly shared with others) is because you have invited
it in.
If there is any reason to doubt the authenticity of an
email, IM or chat message, do not click on any link or
button in the message. It is often safer to type the domain
name into your browser,
rather than relying on a link that purports to point to
that address. Remember that domains
can be hijacked or merely reregistered by a third party
after the original registrant fails to renew that registration
Do not accept file transfers from unknown sources. Bear
in mind that a contact may be acting in good faith but
unaware that a machine has been infected and is therely
likely to gift you with a virus. In the online environment,
where many machines are poorly protected, computer viruses
can be like herpes - the unwelcome "gift that keeps
on giving".
the truth may not be out there
On the net, to adapt Gilbert & Sullivan, things may
not be what they seem - sour milk masquerades as cream.
It is important to recognise that forging email addresses
or other message identifiers is technically a trivial
task that can be readily untertaken by many people with
little IT experience or automated by viruses and individual
spammers.
One US academic commented that
almost
nothing about an email message can be trusted, since
in practice all the details indicating its source are
easily forged. Many personal computers are infected
with viruses. Many email addresses have been scraped
by spammers and are being reused for vending cheapo
software, nasty pictures and dodgy chemicals. So, there's
just nothing about a message that you can trust. Even
if your computer was kept in a darkened room away from
the net or instantly barbecued there may still be messages
roaming the net for years to come allegedly from you
Defeatism
is extreme - it is arguably more practical to make some
assessment of risk and act accordingly - but the comment
is a useful reminder of the need for vigilance. The message
from a trusted contact may in fact have originated from
someone else, with the contract's address having been
taken from the 'to' and 'from' address book on a third
party's machine. Personal email, chat messages or newsgroup
postings may not be from the purported author.
'Joe jobs' - fake messages from politicians, other public
indidividuals and organisations - are increasingly common.
As noted elsewhere on this site, one of the nastier effects
of spam is the collateral damage inflicted on some putative
senders - the unfortunates (alas, including us) whose
addresses have been misused and who therefore receive
complaints or are blacklisted.
identity management
Much interaction in chat rooms, via instant message systems
or dating services is tacitly about game playing and shape
shifting -
- eliciting
information about the identity of casual (and long term)
- disclosing
(intentionally or otherwise) information about yourself
Not
every purported 12 year old girl in a chatroom is a tubby
paedophile (or sociology graduate or police officer) but
it is clear that not everyone is who they claim to be.
Some people assume identities; you are unlikely to meet
the real Tom Cruise, Karl Rove or Fred Nile under those
names in a virtual space. Others simply massage attributes:
adding a few thousand dollars and a degree here, deleting
a few wrinkles, a previous partner and some avoirdupois
there.
One response is to seek out cues. Another response is
to be cautious about disclosing information online. It
is too late to retrieve information once you question
a contact's bona fides or identity ... and innocuous information
may help someone to build up an unwanted picture of you.
A range of online scams involve the victim supplying information
to a scammer who purports to be another entity, for example
a bank or other financial institution. Such scams for
example feature a request - correctly spelt or otherwise
- that supposedly originates from the recipient's bank
and asks the person to verify account details (or update
their security) by entering account numbers and security
codes. A distressing number of people politely and stupidly
respond, ignoring the fact that the institution knows
the recipient's account number and code and that most
institutions emphasise that they do not seek such data
through email.
A corollary is to think carefully about providing someone
else's contact details to third parties. Good etiquette
involves caution.
subscribing and unsubscribing
When you are signing up for online services such as shopping
sites or email newsletters, read the small print. You
may find you are giving permission for the company concerned
to send you unsolicited messages and/or for them to provide
your details to selected third parties.
ownership
As noted in preceding pages of this profile (and in the
discussion of intellectual property), words or images
in an email, SMS message, blog or other communication
can come back to bite you. They can be archived in perpetuity,
copied, forwarded and produced in legal procedings. Think
before you send/upload!
In principle most jurisdictions recognise electronic messages
as intellectual property. The cost of enforcing IP rights
may, however, be considerable and greatly outweigh any
damages received for misuse. Enforcement will generally
not address humiliation or other pain suffered through
incautious drafting and dissemination.
software and protection
It
has become a truism that much spam would cease if people
avoided inferior software products (notably the dominant
email offering from the US), properly configured their
machines and used up-to-date virus protection.
Look
for the padlock icon on the bottom of your browser window.
That icon is meant to indicate the site is using security
features to protect confidential information. If a site
is asking for personal information and is not using this
security method, it is suspect. However, the padlock in
itself, is no assurance a site is legitimate. Phishers
are increasingly learning how to use their own secure
sessions.
reporting
If people were clairvoyant there would be no need to inform
law enforcement agencies about possible scams or query
organisations about the legitimacy of supposed messages
from their offices. In practice it is worth alerting government,
business and not-for-profit entities that someone is sending
messages that purport to come from them.
If you are unsure, do not hesitate to telephone or even
visit the organisation to ask if an email is legitimate.
Some organisations helpfully publish alerts on their sites;
alerts also often feature on consumer protection sites.
Remember that few organisations will ask you to email
them your account details or similar data. If you are
a customer they have that information already: they do
not need to ask.
Responses by industry organisations and affected business
vary considerably; some banks for example have been criticised
for tardy, blase or even hostile reactions when informed
of scams. However it is worth alerting any organisation
that is being spoofed.
It is also worth alerting the relevant internet crime
agency or organisation in your jurisdiction, including
the -
Other
bodies are highlighted in the Consumers
guide and Security & InfoCrime
guide elsewhere on this site
::
|
|
