If you receive a suspicious e-mail message, you might want to have it evaluated, to confirm if it is legitimate, or not, and potentially report it in an appropriate way.
First, some definitions…
Phishing is the act of sending fake, misleading, or fraudulent messages in an attempt to trick recipients into providing personal information including login credentials, sensitive or financial information, or both. Phishing messages can contain links to fraudulent websites that harvest sensitive information. Sometimes messages contain malware that captures login credentials once an attached file is opened.
E-mail SPAM, also known as junk e-mail, is unsolicited messages sent in bulk by e-mail (Unsolicited Bulk E-mail, UBE), frequently advertising a product for purchase. Note: Not every unwanted e-mail message is spam. If you know the sender, personally, the message is *not* spam. If you have/had a business relationship with the sender, the message is *not* spam. A message is spam only if it is both Unsolicited (I didn’t request it explicitly or implicitly) and Bulk (the same message was sent to many people at once).
Where Can I Report a Suspicious Message?
If you’ve received a suspicious message, claiming to be from Widomaker, or another organization, that might be malicious or a phishing message, and you want to confirm if it is legitimate, or not, forward the e-mail as an attachment(*) to our Tech Support Helpdesk.
(*) See instructions, further below, for How to Forward a Message as an Attachment.
If you’ve received a SPAM, or Malspam, message and want to report it to Widomaker’s spam filtering service, you may use one of the following methods:
- Log into Widomaker Webmail and mark the messages as spam (see below).
- If your e-mail (client) software is configured to use IMAP, you can move the spam messages to the “Spam” folder. That will mark it as spam.
- If your e-mail (client) software is configured to use POP3, you must, first, configure it to leave copies of messages on the server for several days (usually between 3 to 15 days is appropriate), then login to Webmail and mark the messages as spam.
How do I mark one or more messages as spam, in Widomaker Webmail?
- Log into Widomaker Webmail.
- Select the messages you would like to mark as Spam.
- Click the Spam button from the message list toolbar. The message is moved to your Spam folder.
Clicking the Spam button results in two actions. The first action is visible. The marked message will be sent from its current folder to the Spam folder where it will reside for 30 days, at the end of which time it will be automatically deleted. The second action is invisible to you. When you click the Spam button, Webmail sends information to the spam filtering engine so that the filtering rules can be updated to catch future spam messages similar to the one marked. In this way filtering can be continuously updated and improved to reflect the current trends of spammers.
Note: Everyone benefits when you mark unsolicited and offensive messages as spam, as opposed to just deleting the offending email.
If you’ve received a spam message and want to report it to a spam fighting organization:
- Report spam messages to the Spamcop.net spam reporting service. This is an effective organization to report spam.
- Report spam messages to the FTC, by forwarding the message, as an attachment, to email@example.com.
If you’ve received a phishing message and want to report it to an anti-phishing organization:
- Instructions to report phishing messages, or links to phishing websites, may be found in our Weblog article on Phishing.
Outlook 2010, 2013, 2016: (1) Select the e-mail to forward, (2) on the Home tab, click the more respond options, (3) click on Forward as Attachment.
Apple Mail (macOS): (1) Select the e-mail to forward, (2) click on Message in the Menu Bar, (3) click Forward as Attachment.
Thunderbird: (1) Select the e-mail to forward, (2) on the menu bar, click on Message > Forward As > (3) Attachment. If your Thunderbird menu bar is not visible, you may also (1) right-click on the e-mail to forward > (2) click on Forward As > (3) Attachment.
Widomaker Webmail: (1) Select the e-mail to forward, (2) click the downward pointing arrow to the right side of the Forward button, on the message menu bar, (3) click Forward as attachment.
Where Can I Find Other Tips for Reducing Spam?
The US-CERT website has a Security Tip article for Reducing Spam.
Where Can I Find Other Tips for avoiding being the victim of a phishing attack?
The US-CERT website has a Security Tip article for Avoiding Social Engineering and Phishing Attacks.
This is a reminder to avoid falling for Tech Support Scams.
Tech Support Scams, typically, involve someone cold calling a potential victim, saying they are with a trusted organization or company, such as Microsoft or Windows, and warning that their computer is malfunctioning or infected with a dangerous virus. Then the caller (scammer) offers to help by having the victim download software, or remotely connecting to the victim’s computer, to fix the problem.
Your passwords are the keys to your computers, devices, and online accounts and services. It’s important to use strong and unique passwords to keep your accounts secure, prevent impersonation, and avoid your accounts and devices from being used to attack others.
Regarding your Widomaker e-mail accounts, it is important that you use a strong and unique password for each of your e-mail addresses. Otherwise, your account is likely to be compromised and used for a variety of illegitimate purposes, including, to impersonate you, or send spam or phishing messages attempting to compromise other accounts, individuals, or companies.
If you use the same password everywhere, a hacker only needs to get your password once in order to break into many of your online accounts. Using the same (or similar) password for multiple accounts or services must be avoided.
In recent years, there have been numerous high profile data breaches that caused passwords to be compromised and made available, for sale, on the Internet. If the compromised password was also used elsewhere, then those additional accounts or services are now compromised. Using a unique password for each account or service, without reusing the same password, can avoid one compromised account password from compromising many other accounts at the same time.
You can find out if one, or more, of your online accounts has previously been compromised in a well-known data breach by using Troy Hunt‘s Have I Been Pwned (HIBP) service. HIBP will let you check if you have an account that has been compromised in a data breach. If your information shows up in any of those well-known data breaches, you should make extra sure you have changed your password on the breached site or service, as well as on any other sites or services where you have used the same (or similar) password. Going forward, use a unique password, that you haven’t used elsewhere, for each account or service.
Because it is difficult, or impossible, to remember strong passwords, especially when you must have a different password for every account or service, you must have a method of safely recording all of your different passwords. There are two frequently suggested methods of password management…
1.) Write them down! Of course, you should keep your written record of your account passwords in a safe place, perhaps in a locked drawer, box, or safe. Use something like this Password Log Book, from Amazon.com, or Barnes and Noble, to record your passwords. Store the Password Log Book in a safe place, where only those you trust could have access to it.
2.) Use a Password Manager! A Password Manager is a computer program or service that encrypts your list of accounts and passwords, with one single Master Password, that unlocks your password list. That way you only need to remember the Master Password, not the tens or hundreds of other unique passwords stored in your Password Manager.
How to use a Password Manager is beyond the scope of this post, but can be an efficient method of managing a long list of accounts and unique passwords. Password Managers also make it easy to generate unique random passwords to use for each of your accounts and services that require one. There are several popular, and well respected, Password Managers that are available. Wikipedia has a list. Troy Hunt, the author of the HIBP service, suggests the 1Password Password Manager.
Picking good passwords, and not reusing them, is one of the most important steps to stay secure, online…
1.) Customers who use Widomaker provided e-mail addresses, ending in widomaker.com (or tni.net), may change their e-mail password by calling our office, or by logging into the Webmail system at https://webmail.widomaker.com/, and going to Settings > Password > Change password.
2.) Once logged in, select ⚙ Settings…
3.) Select Password…
4.) Choose a good quality new password. Watch the video, below, for helpful suggestions…
5.) Enter your Current Password, and New Password, into the provided boxes, then select Save…
Widomaker recommends that you use a unique password for each of your Widomaker e-mail addresses. Do not use a password you have used elsewhere. Do not reuse your Widomaker e-mail password for other accounts. Record your password in a safe place that you will have access to, but not easy for unauthorized people to find.
You might consider using a Password Manager, such as 1Password, or LastPass, to record your password. Alternatively, a paper password log book, such as this one on Amazon.com (also available at Barnes and Noble), may suit your needs, as long as you have a safe and secure place to store it.
* If you are curious if your e-mail address or password has appeared in any of the high profile, known, data breaches, from the past decade or so, visit Troy Hunt’s Have I Been Pwned (HIBP) website. Once you have changed your password, to something new and unique, you may check your old password, to see if it appears in some known data breaches, by visiting the Pwned Passwords page on HIBP.