University of Valencia logo Logo Awareness about Information Security in the UV Logo del portal

  • Estudiant treballant amb un ordinador

Use your e-mail safely. In case you receive suspicious e-mail, you must to inform the Information Systems Service.

  • September 13rd, 2018

Decalogue of good practices in the use of electronic mail for the Universitat de València:


1 - Always be careful when opening emails from unknown senders with attachments.

It is very strange that a person who contacts for the first time sends you an attached document for your query. You have to be wary of these situations. It could happen that that attached document hid some type of malware a Trojan and infected our computer.

It is necessary to explain to colleagues the risks involved in opening the attachments received through email.

2 - Always be careful when clicking on links included in emails from unknown senders

Those who send us junk mail, spam, with bad intentions, know that the vast majority of attachments with viruses are detected and eliminated by antivirus applications, so they use a second technique consisting in sending links to malware in the body of the email .

The natural tendency is to click on the links. It is necessary to be cautious in these situations, especially if the mail comes from unknown senders. If we click we could find ourselves in the previous situation and the devices of the Universitat de València, would be compromised.

3 - Always use strong passwords

To guarantee the security of a password, it must have more than 8 characters and include uppercase, lowercase and letters or characters. Otherwise we risk that any person, using any of the existing tools for this purpose, will discover the password and access our emails.

The security policy of the Universitat de València will require that the personnel employed always use strong passwords and change them periodically.

4 - Avoid using email from public connections

When we connect to a public network: the wifi of a cafeteria, the computer of a hotel, etc.. The network traffic that sends or receives our computer can be intercepted by any of the users connected to this network.

Since we can not control who connects to a public network, we must be ourselves that we put obstacles to a possible attack or that anyone finds out about our work plans. Remember that emails, if they are not encrypted, travel in clear and you can read them easily. Among the measures we could carry out: encrypt the mail, connect by VPN with the Universitat de València so that all traffic travel encrypted or as a last option (but certainly the most appropriate) use mobile phone networks, such as 3G or 4G.

5 - Encrypt the email when sending confidential information

The electronic mail, if it is not encrypted, travels "in clear" through the internet, this means that anyone, through not very complex techniques, could read the content of our mails.

For this reason, if we have to send confidential information to the UV or we encrypt our email or we send a compressed and encrypted document. In this way, if it is intercepted, the thieves can not obtain the confidential document. In addition, we will offer a better image regarding the care of information on our part against the recipient of it.

The encryption of the email will be done through standards such as PGP or S / Mime. Both standards also allow you to digitally sign emails. There are multiple applications that allow the sending of encrypted emails through PGP, for example Enigmail, GPG or the extension of Google Chrome Mailvelope.

6 - Do not publish email addresses on the company's website or on their social networks

We've even wondered how cybercriminals get the millions of email addresses for sending junk mail. One of the most common ways is to use applications that track all web pages that can search for email addresses within it. And not only crawl web pages, also social networks are a great source of information for them.

Once obtained these addresses would begin with the sending of junk mail. For companies that wish to have a contact email account or to resolve incidents, it is preferable to publish a web form that, through code, forwards the text entered in the form to an email account.

7 - Never respond to junk mail

Spammers (individuals or companies that send spam - spam) often request answers about the content of their messages, or even ask to send an email to avoid receiving more spam. You should never fall into these traps, because with them we are confirming to the spammer that the email account is active and that someone is reading the mail.

8.- Disable HTML in critical email accounts

Many of the emails are sent in HTML format, which allows you to use colors, bold, links, etc. However, this format also allows us to include a programming language called JavaScript, which is widely used for functionalities offered by electronic mail.

This functionality can also be "misused" and can cause spammers to verify that the email address is valid or redirect the user's web browser to a malicious web page that ends up infecting our computer. It is advisable to deactivate the HTML format in email, at least in critical email accounts or that are available to the public to contact the U. In this way it would not be possible to view attractive emails, but this would be much safer.

10 - Use the hidden copy (BCC or BCC) when sending addresses to multiple recipients.

There may be recipients who do not want their email address made public. Out of respect for them, it is recommended to always use a hidden copy (BCC or BCC) when sending addresses to multiple recipients. When we send an email it is no longer under our control from the moment it leaves our computer. We do not know if it will be forwarded or published by one of the recipients, thus making it accessible not only to our email address but also to all recipients. This is the reason why it is always advisable to use hidden copy so that the addresses of your contacts are not visible and can be subject to spam.

 

This website uses proprietary and third-party cookies for technical purposes, traffic analysis and to facilitate insertion of content in social networks on user request. If you continue to browse, we consider that you are accepting its use. For more information please consult ourcookies policy