InfoSec
[General Users] [Youngsters & Students] [Parents and Teachers] [IT Professionals] [SME]
Spammers collect email addresses and verify that each address is a valid address before they start sending unsolicited or spam messages. To reduce the possibility of receiving spam emails, there are things you can do to protect your email addresses and accounts, on your computer. The following tip will help you and your company combat the amount of spam you receive:
Check the privacy policy of websites or companies before you provide any personal information when filling out web registration forms, online surveys, etc.
Look for options in websites or emails that allow you to unsubscribe from receiving further emails, offers or other marketing information.
Be careful when subscribing to free email account services, especially when filling in the account profile. Check the terms and conditions of the email service.
Use the anti-spam solutions offered by your ISP, or install email filters to reduce the amount of spam email you receive.
Whenever feasible, use separate email addresses for different purposes. For example, use one email address for public newsgroups or chat rooms, and another for personal email messages.
Avoid using an email address that contains simple dictionary words, or common names. Spammers can use brute-force techniques to guess valid email address at a specific domain using words from dictionaries, or combinations of common words.
Install and enable anti-virus software, and keep it up to date using the latest virus signatures. Enable real-time detection to scan for computer viruses, malicious code for active processes, executables and document files that are being processed.
Install and enable personal firewall software.
Apply the latest security patches/hot-fixes from product vendors to your operating system and/or the applications installed in your computer.
Be cautious when opening emails and email attachments, especially when receiving emails from strangers.
Simply delete emails from unknown senders or dubious sources because if you reply or click on any link in the email message from an unknown source, you are confirming to the unknown sender that your email address is a valid one.
Check the "sent" folder or outgoing mailbox of your email programme (or webmail account) to see if there are any outgoing messages that were not sent by you. If there are such messages, your computer may have been hacked and used by spammers to send emails from your account. You should disconnect from the Internet immediately and scan your computer with anti-virus or anti-spyware software (make sure the software's signatures are up-to-date).
Do not disclose your personal information too readily, including your email addresses.
Do not publish your email address on public websites, contact directories, membership directories, or chat rooms.
Do not be caught out by the spammers' favourite tricks, such as the use of subject headings like "Remember me?" that try to trick you into thinking you should know the sender.
Tips
for Companies/Organisations on Handling Spam Emails
Companies can implement a variety of methods to reduce the amount of incoming spam, such as protecting company email addresses, using filtering software and adopting well-defined security measures for employee workstations and email servers.
Establish and enforce clear information security policies, and educate staff not to respond to spam emails. By responding to spam emails, employees are actually confirming their company email address as a valid address to spammers.
Restrict the use of office email addresses for personal messages or participation in newsgroup or chat rooms by employees.
Use a web-based contact form on the company website. Ensure that site visitors use the form to contact the company, instead of via a company email address that may be vulnerable to spam harvesting.
If you need to publish a business email address on your site, consider writing it in a way that makes harvesting by spammers more difficult. For example, write the email address as "info[at]xyz.com.hk" instead of "info@xyz.com.hk", and consider adding a statement stating that the company does not wish to receive unsolicited emails, such as "No spam, please".
Use anti-malware software and solutions at your email gateway and at individual employee workstations to filter spam and virus infected emails.
Install email filter software at the server level if your company has its own email server. Filtering software can screen incoming messages before they are delivered to staff.
If your company uses a web-based email service from an ISP, they may provide you with a number anti-spam settings. To reduce the risk of mistakenly blocking non-spam messages, also consider adding a holding folder to the filtering system, so that messages can be reviewed before deletion.
Adopt good security measures such as server hardening to protect your email server and web server from being hacked and used by third parties to send spam emails.
What
can you do if you receive a spam email?
Ignore and delete spam: this is the simplest and most effective way to handle junk emails. Never reply to a spam message.
Report the case to your Internet Service Provider (ISP) attaching the header of the spam email. Most ISPs have service terms that prohibit subscribers from using ISP services for spamming activities. Depending on the policy of your ISP, a spammer may be warned, have their service suspended or even terminated;
Report any suspected contravention of the Unsolicited Electronic Messages Ordinances (UEMO) to the Office of the Telecommunications Authority (OFTA) if you suspect that there are professional spamming activities going on. If the spam emails contain suspected fraudulent or illegal information pretending to be sent from an identifiable organisation such as a bank, you may also complain to the related organisation.
Consider discarding or shutting down your current email address and creating a new one if your email account becomes clogged with spam messages.
| Back | Top |
Sitemap | Contact Us | Privacy Policy | Important Notices
Copyright 2002. The Government of the Hong Kong Special Administrative Region.