Differences

This shows you the differences between two versions of the page.

--- handling_suspicious_email_messages_and_spam [2016/05/05 09:40] – [Is this message trying to get me to do something dangerous?] Grammar correction abrashear
+++ handling_suspicious_email_messages_and_spam [2021/12/01 14:35] (current) – [Handling Suspicious Email Messages and Spam] Remove apostrophe abrashear
@@ Line 1: / Line 1: @@
 ====== Handling Suspicious Email Messages and Spam ======
-The two best ways to reduce the amount of unwanted email in your inbox is to report spam messages and unsubscribe from mailing lists you are not interested in.
+The two best ways to reduce the amount of unwanted email in your inbox is to report spam messages and unsubscribe from mailing lists you are not interested in. Gmail will try to automatically unsubscribe you from messages you mark as spam.
-The open nature of the global email system is a double-edged sword―by nature it allows any person or company to communicate with anyone else. The drawback is that sender's do not always have good intentions. When reading email, you should always question the sender's intentions. Consider the following when reading email (particularly unsolicited email):
+The open nature of the global email system is a double-edged sword. By nature it allows any person or company to communicate with anyone else. The drawback is that senders do not always have good intentions. Even if the message appears to be from someone you trust, you should always question the sender's intentions.
 ===== Is this email actually from who it says it is? =====
-  * Check the From address on the email. Messages from your bank should probably come from //[email protected]//, and not //[email protected]// or //[email protected]//.
+Malicious messages can come from anyone. It's very common for an attacker to hijack an account, and then use that account to send harmful messages to all of the contacts. Even if a message is from someone you know, be on alert if it seems unusual.
-  * Consider the body of the message. If you have communicated with this person before, is their grammar unusual? Is the formatting of the message odd? Is their spelling particularly poor?
+  * **Check the //From// address on the email.** Messages from your bank should probably come from //[email protected]//, and not //[email protected]// or //[email protected]//.
+  * **Consider the body of the message.** If you have communicated with this person before, is their grammar unusual? Is the formatting of the message odd? Is their spelling particularly poor? Are they asking you to do something unusual?
 ===== Is this message trying to get me to do something dangerous? =====
+Emails which attempt to persuade you to do something dangerous often use language which adds urgency so that you are more likely to suspend your suspicion and perform the action anyways. Vague messages which implore you to open some link or attachment are frequently malicious. Examples of dangerous actions are:
+  * **Providing usernames or passwords** — A common attack is to provide a link which looks like the login page to your email provider or other service. The attacker saves any password you submit, and uses it to hijack your account.
+  * **Granting Application Access** — Some attacks may link directly to an account page which asks for permission to access your account. If you are not expecting to see an account access screen, the safest thing to do is close your browser window/tab.
+  * **Transferring/receiving money** — There are many scams which encourage you to receive a sum of money and forward it to someone else. Through various methods, you'll end up losing all of the money to the scammer.
+  * **Visiting malicious links** — Malicious links may look like links to trusted websites, or be random webpages on the internet. If you aren't sure if a link is safe, err on the side of caution and do not open it.
+  * **Opening attachments** — Attackers may send attachments which can exploit vulnerabilities in software to harm your computer or hijack your accounts. Word documents, PDFs, and other Office documents are common vectors of exploitation.
-  * Examples would be: providing usernames or passwords, transferring money, visiting malicious links, or opening attachments.
+Naturally, if you never trusted any message or opened //any// attachment, email would not be very useful. Use your best judgement and if you feel a message is unsafe, you may want to report it as a phishing or spam. Reporting spam and phishing emails is good practice, because you will help Gmail reduce the amount of unwanted messages you receive. If a message is probably safe, but you do not want to receive any more message like it you may be able to unsubscribe from marketing messages from that sender.
-  * Emails which attempt to persuade you to do something dangerous often use language which adds urgency so that you are more likely to suspend your suspicion and perform the action anyways. Vague messages which implore you to open some link or attachment are frequently malicious.
-Naturally, if you never trusted any message or opened //any// attachment, email would not be very useful. Use your best judgement and if you feel a message is unsafe, you may want to report it as a phishing or spam email using the steps at the bottom of the message. Reporting spam and phishing emails is good practice, because you will help Gmail reduce the amount of unwanted messages you receive. If a message is probably safe, but you do not want to receive any more message like it you may be able to unsubscribe from marketing messages from that sender by viewing the instructions below.
+If ever you are not sure if a message is malicious or not, [[forward_a_message_with_headers_in_gmail|send the message with headers]] to <[email protected]>.
-If ever you are not sure if a message is malicious or not, I am glad to have a look and help you determine how to handle them. In these cases, you will want to send the message with headers to <[email protected]> using the instructions below. I am especially interested in messages that appear to come from lasallehs.net that are marked as spam or are not marked as spam but seem like they should be.
-====== How to send a message with headers in Gmail ======
-Every email has [[https://simple.wikipedia.org/wiki/Email_headers|headers]]. The headers contain information about the path the message took through the Internet from its source to its destination. Email headers are normally hidden, but they contain information that is very valuable when it comes to troubleshooting problems or trying to determine an email's source.
-  - Open the Gmail message.
-  - Click the down arrow next to Reply, at the top right of the message pane.
-  - Select Show Original. The full headers will appear in a new window.
-  - Copy the entire message, including the headers.
-  - Compose a new email with an appropriate subject.
-  - Paste the entire message into the body of the new email.
-====== How to report a phishing email in Gmail ======
-A [[https://simple.wikipedia.org/wiki/Phishing|phishing]] email is a malicious message that attempts to convince a user to divulge sensitive information. By reporting phishing messages to Gmail you help them improve their filtering so that fewer people receive malicious messages. When you report a message as phishing, it will be removed from your inbox and placed in your spam folder.\\
-  - Open the Gmail message.
-  - Click the down arrow next to Reply, at the top right of the message pane.
-  - Click *Report Phishing* to send a copy of the message to the Gmail Team.
 ====== How to report a message as spam in Gmail ======
-A [[https://simple.wikipedia.org/wiki/Spamming|spam email]] is generally an unsolicited marketing message. Spam messages may or may not be malicious. It is dangerous to open any links or attachments in spam messages unless you are quite sure the message is a false positive. When you report a message as spam, the message will be submitted to the Gmail team for analysis and the message will be moved to your spam folder. By reporting spam, you help Google improve their spam filtering technology for everyone that uses the service //and// you can reduce the amount of junk mail in your inbox.
+A [[https://simple.wikipedia.org/wiki/Spamming|spam email]] is generally an unsolicited marketing message. Spam may or may not be malicious. It is dangerous to open any links or attachments in spam messages unless you are quite sure the message is safe. When you report a message as spam, the message will be submitted to the Gmail team for analysis and the message will be moved to your spam folder. By reporting spam, you help Google improve their spam filtering technology for everyone //and// you can reduce the amount of junk mail in your inbox.
   - Select the message you'd like to report.
   - Click the **spam** button {{::gmail_spam_button.png?nolink|}} in the toolbar above your message list.
-  - (If you have the message open, you can also report it as spam by using the same button.)
+    - (If you have the message open, you can also report it as spam by using the same button.)
 ===== Unsubscribing from marketing messages =====
-Often marketing messages will give you the option of unsubscribing from their list. If the "spam" message is from a company you've previously dealt with, you may want to remove yourself from their mailing list by unsubscribing. According to the [[https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003|CAN-SPAM Act]], email marketers are required to provide you with an option to unsubscribe from their messages. You should apply this method **only** to messages in your inbox. Messages in your spam folder are more likely to contain malicious links.
+Often marketing messages will give you the option of unsubscribing from their list. If the "spam" message is from a company you've previously dealt with, you may want to remove yourself from their mailing list by unsubscribing. According to the [[https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003|CAN-SPAM Act]], email marketers are required to provide you with an option to unsubscribe from their messages. You should apply this method **only** to messages in your inbox from companies you recognize. Messages in your spam folder are more likely to contain malicious links.
-Read the message and search for an "unsubscribe" or "update subscription" link. Usually at the bottom of the mail.
+It is always safest to mark messages as spam. Especially if:
-Visiting that link will allow you to opt out of future mailings from that company.
+  * You have never dealt with the company directly.
+  * You cannot find a way to unsubscribe.
+  * You unsubscribe from a company's mailings and continue to receive them.
-  * If you cannot find a way to unsubscribe, report the message as spam.
+Read the message and search for an //unsubscribe// or //update subscription// link—usually at the bottom of the mail. Visiting that link will allow you to opt out of future mailings from that company.
-  * If you unsubscribe from a company's mailings and continue to receive them, mark the messages as spam.
+====== How to report a phishing email in Gmail ======
+A [[https://simple.wikipedia.org/wiki/Phishing|phishing]] email is a malicious message that attempts to convince a user to divulge sensitive information. By reporting phishing messages to Gmail you help them improve their filtering so that fewer people receive malicious messages. When you report a message as phishing, it will be removed from your inbox and placed in your spam folder.\\
+  - Open the Gmail message.
+  - Click the down arrow next to Reply, at the top right of the message pane.
+  - Click **Report Phishing** to send a copy of the message to the Gmail Team.