Know source before opening email: 1/18

return to The Catalyst home page

Know source before opening emails

by Richard Gadsden
Office of the CIO

As a general rule, unexpected email messages from unfamiliar sources should not even be opened. With these messages, the question of whether to click on embedded links or attachments should not come up. You should simply delete the messages from your inbox without opening them.

On the other hand, your MUSC job duties may require you to open some email messages from unfamiliar sources. If so, you still should not open every message from every unfamiliar source. If you can tell, just by looking at the sender's address and subject, that a message is just garden variety spam or potentially something more malicious, then you should delete it without opening it. It is not worth your time, and it is not worth putting yourself and the security of your computer at risk. If you are not sure whether to open a specific message from an unfamiliar source, consult your supervisor.

If there is an unexpected email message from an unfamiliar source that your job duties require you to open and read, then you need to examine it with a critical eye. Be skeptical. If the email turns out to be a commercial solicitation from an organization or business that you do not have an established relationship with, just delete it and forget it. If they are willing to stoop to spamming potential customers, how can you trust anything they say, much less, any embedded links or attachments in their message?

Now let's assume you've received a message from an unfamiliar source and you've opened it because your job duties require you to. You've read enough of the message to conclude that it is not spam, and it really does require your continued attention. Now, you are at the point where you need to evaluate the risk of clicking on any embedded links or opening any attachments.

With embedded links, depending on what software you are using to read your email, you can generally maneuver your mouse over the link so see the URL before clicking on it. If the URL is not a familiar website that you trust, don't click on the link without contacting the sender to verify that it is authentic.

With attachments, you need to exercise reasonable care. Malicious code can be embedded in many types, including PDF, Microsoft Office and image files. Opening any attachment carries some risk of exposing your computer to being compromised by malware.

You are MUSC's most important line of defense against this threat. As a general rule, unexpected attachments – even from familiar sources – should not be opened blindly. The risks can be mitigated somewhat by keeping all the software on your computer updated with security patches. But this does not eliminate the risk. You still need to exercise good judgment.

Friday, Jan. 18, 2013

The Catalyst Online is published weekly by the MUSC Office of Public Relations for the faculty, employees and students of the Medical University of South Carolina. The Catalyst Online editor, Kim Draughn, can be reached at 792-4107 or by email, catalyst@musc.edu. Editorial copy can be submitted to The Catalyst Online and to The Catalyst in print by fax, 792-6723, or by email to catalyst@musc.edu. To place an ad in The Catalyst hardcopy, call Island Publications at 849-1778, ext. 201.