Last week several STEP members reported receiving suspicious and unsolicited emails from an individual purporting to work in international taxation. What made the spam email particularly unusual was the attention to detail the sender had paid to make it look like legitimate correspondence and the citation of STEP to add credibility to its content. It seems timely to look at junk and spam email and what you should when encountering emails that don’t feel above-board.

Dealing with spam and junk email

 We’ve all have to deal with unwanted emails, both at home and at work, but as hacking and malware approaches become increasingly sophisticated it’s more important than ever that we understand the risks. Most employers and big email providers (such as Google and Microsoft) are continuously striving to protect us from unsolicited emails, but there are — and always will be — some that slip through the net. So how should we be dealing with spam and junk email that does get through? Firstly, I would recommend that any computer connecting to the internet has antivirus and malware protection installed and, most importantly, it should be up to date. I regularly come across users who bought antivirus software several years ago and didn’t pay to renew it, meaning it’s ineffective as it’s not receiving the latest definitions of what to scan for.

Having ensured your antivirus and malware protection software is up to date, there is a general set of guidelines you can follow to stay safe when reviewing your email, which will vary depending on the type of email you are looking at:

Spam email:

 Spam is totally unsolicited mail and it can take various forms from a scam email trying to convince you to transfer money to a seemingly worthy cause, right through to a seemingly random image or string of nonsensical letters. The first, and most simple, step in approaching this type of email is, if you don’t recognise the sender of the email and it’s not something you’re expecting then delete it without opening it. If you are unsure as to whether the email is legitimate (the email received by STEP members last week is a good example of the lengths spammers go to look authentic) then you will need to open it in order to review it further. The second step to ensure you stay safe is not to click any links in the email unless you are confident that they are trustworthy. If the email in question is from a bank or anywhere that requires you to log in using sensitive information, don’t follow the link in the email; use a browser to go directly to the site to log in instead. This approach guarantees that you are on the site you expect to be on when you are submitting personal details.

There are always expectations to these rules and if you are ever in any doubt I would always recommend deleting the message. If it is important and someone is waiting for a response from you, you’re always better off proceeding with caution, protecting yourself and getting back to them later.

Junk email:

Junk will generally be email we receive from an opt-in service such as an online retailer’s marketing email. This kind of mail is annoying but is harmless and should be deleted, ignored or unsubscribed. If you plan to unsubscribe I recommend you don’t click the unsubscribe link in the email. Rather go to the site yourself in a browser and unsubscribe from there. If you do click on an unsubscribe link on spam email masquerading as junk, you may actually be redirected to a site designed to capture your details. If you receive an email that looks like junk but you have no recollection of subscribing for it then you should treat it as spam.

If you encounter any suspicious emails alleging links to STEP please let me know.

James Harris is STEP’s Information Technology Manager. He has previously written about the Heartbleed bug and measures STEP Members can take to protect themselves online.