Tip of the Week: Avoid Phishing and Limit Spam in Your Mac Email

Other than surfing the web, the most likely vector for hackers and malware to gain access to your Mac is through your email. Just like visiting a booby-trapped website, clicking on a malicious link or file in your email can result in your Mac getting infected. You should be suspicious of any email that comes with a link or attachment, even if you think you know the sender and were expecting them to send you something. There are some basic steps you can take to keep yourself safe. The same steps can help limit how much junk email, or spam, that reaches your inbox.

1. Always check the sender's address.

Most email programs, including Mail on the Mac, don't display the sender's full address by default. You can see the sender's actual address by clicking on the small arrow that appears when you move your pointer over the sender's name.

The first line in the pop-up menu will show you the sender's address. While this can be spoofed, most spammers and hackers are too lazy to bother since most recipients never check it. If the sender's address or domain doesn't match who they claim to be, it's a good sign the email is fraudulent or spam. Scammers and spammers sometimes use mis-spelled domains in an attempt to trick recipients, so pay close attention. For example ugs.com instead of ups.com. Even if the address looks correct, be aware that malware can sometimes send email from a victim's account. It's also possible to forge a sender's address, so don't rely solely on it.

2. Avoid clicking on emailed links, and always check them before you click.

It's child's play to disguise the a link in an HTLML email. Similarly to the sender's address, moving your pointer over the link will reveal the actual URL it goes to.

If the URL doesn't match what it claims to be, that's another piece of evidence that the email is fraudulent. Again, watch for mis-spelled domain names. Even if the URL seems legitimate consider going to the website by typing it in, or using a bookmark in your browser if possible.

3. Beware of email with offers that are too good to be true, or that try to scare you.

Aside from African princes who are offering you millions of dollars to move their assets out of the country, be really suspicious of anyone offering you free or easy money. Never send personal info or financial details through email.

Also beware of any email that attempts to scare you into doing something. If you get an email that says one of your accounts has been closed, hacked, or cancelled, never click on the link. If you are concerned and feel you have to check, always go to the website by typing it into your browser or using a bookmark or iOS app.

4. Never open an email attachment unless you have spoken with the sender and know they sent it.

A malicious file attachment is one of the easiest way for hackers to infect your Mac, so any file attached to an email requires extra caution. Even if you are expecting someone to email you a file, and have checked the sender's address, you should always contact them before opening the file to make sure they actually sent it. If you have an anti-virus program, drag the attachment to your desktop and scan it for viruses before opening it. Even legitimate files could contain malware if the sender isn't aware they've been hacked or infected by a virus.

5. Set Mail to not automatically load remote content.

Most spammers and some scammers will include an image from their server in their email. If you open the email and Mail downloads the image to display it, the spammer gets a confirmation that your address is valid and it pretty much guarantees you will get more spam. To turn off remote images, open Mail, click on the Mail menu next to the black apple in the menu bar, and choose Preferences. In the Preferences window, click on the Viewing tab. Then make sure the Load remote content in messages option is unchecked. Click the red button to close the window.
With remote images turned off, you'll get a notice at the top of each email which contains remote images with a Load Remote Content button. If you are certain the email is legitimate, you can click the button and see the email as the sender intended.

You can also turn off remote content in Mail on iOS devices. Tap on Settings, then Mail. Make sure the Load Remote Images slider is off (not green).

Once this option is off, you'll see a banner at the top of any email with remote content. If you are certain the email is legitimate, tap Load All Images to see the email as the sender intended.

6. Don't click on Unsubscribe.

Most spammers will provide an "Unsubscribe" link in their emails. Clicking on it just tells the spammer that you've seen their email, and guarantees you'll get more spam. The only time you should click an unsubscribe link is when you know you've signed up for an email list and are certain the email with the link is legitimate.

7. Teach Mail to recognize "Junk" email.

While some email providers do a good job of filtering out spam, scams, and malware to keep it from reaching your Inbox, others aren't as diligent. Especially if you've had the same address for a long time and it has been widely disseminated, you may get a lot of junk email. You can help Mail recognize spam and scams and keep them out of your Inbox by marking them as "junk." In Mail's toolbar, next to the Delete (Trash) button, there's a Junk button. Select a junk email and click the Junk button. Mail will move the email to a Junk folder. It will also begin to recognize similar emails as Junk.

If Mail accidentally classifies a legitimate email as Junk, or if you make a mistake, you can fix it and re-train Mail by opening the Junk folder and selecting the email which isn't Junk. The Junk button will change to a "Not Junk" button. Clicking it will mark the email as good. Once you begin marking email as Junk, you should periodically check the Junk folder to make sure Mail hasn't mis-classified any email.

8. If you get a lot of spam and scams in your email, consider a third-party filter.

Sometimes Mail's built-in Junk filter just isn't good enough to get the job done if you get lots of spam. If that's the case, consider a third-party spam filter like SpamSieve. SpamSieve uses Bayesian filtering to better separate spam from legitimate email, and can be very effective. It costs $30, but you can download a free trial.

If you are frequently away from your Mac and use your iPhone or iPad to check your mail, you'll find Mail on iOS currently lacks spam filtering. If you get lots of spam, this can be inconvenient. The best way to work around it is to leave your Mail running on your Mac at home. As long as your email account supports the IMAP protocol, Mail's spam filter will move any spam it detects to the Junk folder, and remove it from your Inbox. As it does, it will no longer appear in your iPhone or iPad's Inbox.


Popular posts from this blog

Tip of the Week: How to Keep Your Mac Safe from Hackers and Malware

Apple Updates Mean It's Time to Check Your Backups