Faced with an ever-increasing, bulging, email inbox and a bit of spare time over the holidays you may do the right thing and try and clean up the inbox, junk, and clutter. But cybercriminals are way ahead of you. Please note that this advisory is most relevant to Windows and its built-in mail client or Outlook/Exchange.
The first scam comes when you select the unsubscribe button; Internet Explorer opens (not the later more secure Edge), and you are taken to a fake website that asks you to confirm your email address.
It is seemingly innocuous but it has also confirmed your email address is alive and captured leaked metadata from your browser like your IP address, location, operating system and more.
The success of this scam depends on how old your Windows is, whether it, and IE have been patched, if you have anti-virus/malware/spam software installed and a few more things. But wait there is more, and that comes from actually “opting out”.
The next trick is that unsubscribing simply confirms your email address is alive – cybercriminals get paid more for “clean” spamming lists, and you have just made them some cash. Most “spam” actually has overly obvious “opt-out” buttons because they want you to tell them you are alive.
The best thing you can do with spam is a) don’t open it and b) mark it as junk, so it goes to a junk folder. But wait there is more.
As your junk folder grows so too does the amount of storage it uses. Spammers are aware of this, so it is in their interests to mercilessly spam you until you are forced to empty your junk and clutter folders.
It is good email hygiene to look at both of the above boxes regularly. I get about 1000 junk/clutter emails a week, so it takes a little time. After you have sorted by subject, moved any wrongly sin-binned emails back to your inbox (and right clicked to unblock them) it is time to delete.
The best way is to press Control-A (select all), and the press SHIFT and Delete keys. The Shift key is important as it permanently deletes the email instead of moving the emails to Deleted items which still chews up storage space. But wait there is more.
Most spammers have set up receipt tracking. When you press Shift-Delete, you will invariably get a dialogue box asking to send a receipt confirmation. Look for the “No to All” button and press that.
Other good Inbox habits
Most spam includes a tracking mechanism like a single pixel transparent gif file that phones home if opened – all that does is confirm your address, what type of PC you have and gives valuable metadata to the cybercriminal including that you have opened it so they may also make money from displaying advertising.
If you must open a suspect email, first move it to junk where images and links are disabled or converted to text. If its not junk you can move it back to the inbox and all disabled items are restored.
Avoid any email from an unknown sender if it has a “paperclip” denoting an attachment – a sure sign that it has a java or macro initiated malware attachment.
Out of Office (OoO) is also a great way to tell spammers that your address is alive. While this is a necessary tool avoid its use, especially during the holiday season as it can tell people that you are away and your home may be empty.
Finally, some sage words this Christmas
If your Windows device does something strange, has random pop-ups, stops responding, is slow, or asks to install some software you have not specifically downloaded – don’t panic. Instead, pull the “plug” – switch it off. That will usually stop the spread of malware in its tracks.
If you think you have malware, or if you just want to clean up your device, there are two highly effective things you can do.
First, download the free Wise Disk Cleaner from this link. A small word of caution, decline to install any “free offers” that may pop up during installation.
Run Diskcleaner in its most aggressive mode – tick all the boxes on the “Common Cleaner” page. It’s a very safe program that I have used for many years, and it will usually find gigabytes of stuff.
Next download the free version of Malwarebytes from this link. It will place a file called mb3-setup.exe in the downloads folder, and all you need to do is find it and open it. Again decline to install any added value software.
It takes some time to run but it will root out any last malware and clean it.
Merry Christmas, happy holidays, and have a wonderful 2017.