Email security tip

Home Forums Litoeles H'rabim! Email security tip

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • December 8, 2011 8:53 am at 8:53 am #601049
    HaLeiVi
    Participant

    There are many spoof emails out there immitating large corporations at which the target will most likely have an account. The From of the address tells you absolutely nothing about where it actually originated. Anyone can send an email with anyone else’s name in the From field.

    The only real way to tell is the links in the email. BUT, the link you are shown is not necessarily the actual underlying link. You also have to watch out for a similar but different URL.

    Now, here is something important to understand. Many sites have subdomains. A subdomain is subdomain.maindomain.com. The trick is to understand that the part that comes before the .com is the main site. What comes before that is just categories on the main site. For example: checkout.paypal.com, if that exists, is a page or folder on paypal’s site. However, paypal.hkjvg.com is most likely a hacker trying to fool you. The site is hkjvg and paypal.hkjvg is a page he set up to get you to enter all your paypal information for him to binge.

    If an email is suspicious, you are better off not even openning it because when you do, it will verify you as a real address. It does this by having a picture in the email with a unique file name just for you. When your email program picks up the picture your address is verified, hereby making you a steady and valuable customer. Online email will often not show or pickup tese pictures.

    December 8, 2011 2:16 pm at 2:16 pm #834022
    real-brisker
    Member

    HaLeiVi – Thanks.

    December 8, 2011 3:24 pm at 3:24 pm #834023
    2scents
    Participant

    Thanks.

    I keep getting these emails, mostly from large companies that I deal with, never opened any of them, for some reason they didnt look right. thanks for explaining it.

    December 8, 2011 4:54 pm at 4:54 pm #834024
    chocandpatience
    Member

    HaLeivi: can you explain your last para some more – didn’t get it.

    December 8, 2011 5:09 pm at 5:09 pm #834025
    aries2756
    Participant

    Here is another little tidbit I just found out. If you take pictures on your cellphone and then email them they can be traced to the location where the photo was taken if your phone has gps capabilities. It is important to go into your setting on the phone and disable the gps for the camera before taking pictures so there is no location information attached to the photo encryption.

    December 9, 2011 2:53 am at 2:53 am #834026
    HaLeiVi
    Participant

    Choc, perhaps some background information will help understand. Some web pages are ready-made files sent to your browser upon request and some are created anew for each visit. The latter is called a dynamic web page.

    The pages on this site are obviously dynamic, since a change on a user is reflected even in old, closed threads, and your pre-moderated posts are seen only to you. That means that the server writes out the page every time you visit.

    Many times the page gets additional information from you, and based on that it gives you different content. When you submit any form your browser requests a page and sends along the information you just filled out. Sometimes that information is added to the URL as ?firstname=Moishe&lastname=Kapoya.

    Not only can web pages be dynamic but pictures can be, too. Many times the picture’s source is a page that creates the picture based on the “?…”

    So if I want to verify which emails that I sent to are real I add a picture reference in the email that has extra information, other than just the filename. That information will be a code that is unique for your email. In that case the server, upon getting tht picture request, registers your email and proceeds to send (unsuspecting) you the picture.

    December 9, 2011 3:07 am at 3:07 am #834027
    Jothar
    Member

    For those who use internet email, or whose default browser is firefox or chrome, I recommend the web of trust extension, which is faster to block phishing websites than Mcafee SiteAdvisor or opendns anti-phishing protection.

    December 9, 2011 11:44 am at 11:44 am #834028
    chocandpatience
    Member

    haleivi: thanks, got it now

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.