Email, spam and malware

Email is a common way of computer viruses, worms and other malware getting onto our computers.  We all use email as an essential tool, and it helps to understand how our email address gets into the hands of “spammers”.

AB02 130312 P006 email & bomb

Email addresses, Forwarding and using “bcc”

If a friend sends us a joke email (“have a look at this, it’s funny” – you know the type), sometimes we can see the email address for everyone else that they sent this to.  Suppose just one of those other people has a security problem, and their computer is sending out spam emails to everyone in that person’s address book – without their knowing it.  Here are some steps to reduce problems with “bad” emails.

1    Use “bcc”
If we really must copy several people into your email, “bcc” means Blind Carbon Copy (a historic reference to copying letters), but which means that each person who gets our email cannot see the addresses of any of the others.  We should always use bcc unless you specifically do want each person to see the other’s email address.

2    Forwarding emails
Many people just use “forward” or “reply to”.  It’s easy.  By using “forward” or “reply to”, depending on what system you use, this can copy all the email addresses from that incoming email into our outgoing email.  This can mean that we repeat the security breach by passing around all these good email addresses.  Usually, we only need to email one person at a time.  Never use “reply to all”.

3    When you click on a link or a picture
By clicking on a link or a picture, we may be sending out our email address to some website that we don’t know.  Many pictures contain a link to a website – the picture itself is the link.  Don’t click on a link or a picture unless you’re absolutely sure it’s safe.

4    Be suspicious
Why would we ever get an email from a bank, or from HMRC?  Banks still communicate mostly in writing, and if they do send an email, it is usually just unimportant advertising, and we would not reply to this anyway.  As accountants, we find it frustrating that HMRC are (generally) not contactable by email.  HMRC rarely sends manually-written emails to taxpayers (except confirmations that the online return you just filed has been accepted) but clients have often contacted us about an alleged tax refund in an email supposedly from HMRC.

5    How to avoid spam
Almost any interaction with the internet asks for an email address.  After a while we find our inbox cluttered with a monthly prompt to buy something, or a newsletter which we don’t have time to read.  Don’t use your main email address when buying something.   You can get another email address, with no extra charge, from most providers.  Do this, and treat it as a disposable email address.  Keep  your “real” email address for people you know, and organisations such as banks or government websites.   A year later, when the inbox for that address is full of spam, you simply discontinue the service and get another disposable email address.

If your main email address is already full of spam, it’s time to get a new email address so you can get started.

6    For clever people
Look at the source and headers of an email to see who it really came from.  Right-click on a suspicious link and copy the details into a Notepad file, so you can see if it is what you might expect.

Get an encryption add-on.  Thunderbird is a popular open-source (free) email program, it can keep the emails on your own computer instead of in “the cloud”, and there is a free add-on for Open PGP, which is one of many encryption systems.

Take a look at getting a domain just for email addresses independent of your provider.  They can be bought for as little as £1 per month.  You can then change your provider and keep the same email address.


Let’s try and keep malware away from our businesses.  Good luck!



, ,

Comments are closed.