Consumer Prevention

1. Delete all marketing emails

This includes emails from senders you know.

The truth of the matter is, no email you receive from a company into your personal inbox is important, it really isn’t.

If it is important, they will contact you via one of the many many other methods they have at their disposal.

2. Delete all emails with “No-reply”

The only exception to this is your email exchange, Google, Yahoo etc. they are the only service you  should allow to send you something without being able to reply back.

If it was an important message from anyone else, they shouldn’t be using this.

I mean if it was that important, why would you stop a reply?

It is the 21st century, if you can’t handle email responses, don’t send emails in the first place.

3. Only click links from people you trust

PEOPLE YOU TRUST!!!!

That is a lie, it is people you know directly.

So if your pal sends you a link to YouTube, go nuts, yes their account could have been hacked but we want to use the internet for things we enjoy and to freely communicate with people we know.

If someone sends an email from my business email, you have no way of knowing whether the link is legitimate. That is true for any company, making URLs and Email addresses look legit is pretty damned easy, those are the phishing emails that catch people out.

For that very reason, I just purchased the domain

https://thrace.enterprises

As it would be very easy for someone to use this domain and pretend to be me

4. Go to the website directly

If you really want the offer, go to the website.

Type the domain section only, which will take you to their home page, if you cannot see the offer clear as day on the home page, just assume it isn’t a real offer and go back to watching cute furry animals on the Internet (there is a really crass and crude joke I have decided not to put in there).

What is the domain part?

The domain part of the URL is the text prior to the last dot “.”

So if your saw this link from me

https://accounts.thrace-enterprises.com/home/it-and-security-for-consumers/practice-what-you-preach/sending-out-links/

The bit your would type into the browser is

thrace-enterprises.com

So let’s try that

accounts.amazon.com

amazon.accounts.com

If we follow that rule, what we see is, only one of the URLs above takes us to Amazon. Therefore, the other one must be fake, as it goes to “accounts.com”

The same applies to emails, if you want to know who the sender is it is the last “.” that tells you

tom@thrace-enterprises.com

tom@thrace-enterprise.axy.com

One of these goes to thrace-enterprises.com, the other goes to axy.com, one is real, one is fake.

5. Never Click Short URLs

Right, so hover over a link to see where it goes is somewhat dodgy advice, you can trick certain browsers and versions with certain methods.

Short URLs unfortunately need to be ignored, which is basically pretty much every written link in Social Media.

LinkedIN image URLs do show where they go and you can hover over them to see the actual domain, so in theory, these should be OK, at least you know the address you should land on.

We cover this in more detail on the “Practice What You Preach” Section, but the reality is, if the full URL is too short, just ignore it.

So that again is the bit before the last “.” as it could go anywhere

7. Delete all emails where you have not initiated the contact

This advice here does actually include emails from your bank about your monthly statement being ready to view. It is just a notification, once you have been notified, you have no reason to go into that email, it doesn’t tell you anything of value.

Go to the banks website directly and you will see the same notifications.

8. Other advice

We can list out stuff about Grammar, Spelling, Do you recognise the company, but the reality is, if you follow the points above, this is all irrelevant. Having bad spelling may indicate a phishing email, but good spelling doesn’t mean it is a legitimate email.

8. Automate your Inbox

You can set up rules to automate the majority of this in your inbox, it is pretty easy.

Even if you simply move them to a folder which is “Must Check Emails Are Legitimate” to prompt you that these have a high risk of being phishing emails (or do as I do and automate the binning of any email that contains the below).

Contains Words

  • Special Offer
  • Limited Time only
  • Sign up bonus
  • Unsubscribe
  • Opt-Out
  • Opt Out
  • Expires
  • remove your email
  • remove email

This will clear the majority of marketing stuff you get through. That way, you should be more vigilant to Spam and Phishing that lands in your inbox because they become a more rare occurrence.

These ones are important, as genuine emails from a company do not need to contain these terms and they don’t. So Amazon order confirmation, your Insurance Policy Schedules, stuff like that, they don’t contain these terms anyway.

  • Unsubscribe
  • Opt-Out
  • Opt Out
  • remove your email

Generally speaking, marketing emails from them do.

So I guess it depends on your view in Life

My view is “I don’t suffer from FOMO”, I didn’t even know what FOMO meant until someone said it to me today, 17/12/2018, I’m 31 years old and that is how low my FOMO is. So this stuff gets trashed.

Your view might be “I don’t want to miss out”, that’s fine, each to their own, in that case though, set up rules to move stuff like this to a different folder “Must Check Properly”

The rest of this page is looking at setting up some email forwarding rules, the next page is how you can act appropriately as a business (link at the bottom of this page)

I’m going for the Gmail services and Outlook on this page i.e. Least User Friendly

Gmail Filtering Rules

If you want to see the type of things that will be removed, you can just do a search.

  1. Log into your inbox
  2. Copy this text into the search

Unsubscribe||”Opt-out”||”Opt Out”||”Remove Your Email”||”Special Offer”||”Act Now”||Expires||”Limited Time Only”||”Sign Up Bonus”||”Remove Email”||”Remove Details”

Click search, this will show you the types of emails that will be removed and the senders.

Now we can add exceptions, so “Exclude all emails that contain these terms unless sent from X Y or Z” if we want, but to be honest, no important emails should be lost by adding these rules.

The word “Expires” is debatable, but you could leave this term out.

Now lets have a look quickly at what this means

Unsubscribe||”Opt out”

|| = This is an OR condition allowed in Gmail, it is the cleanest one for readability, you can type the word OR if you prefer

Unsubscribe OR “Opt out”

“” = This means exact match or phrase when we put it around multiple words.

Where do you want the emails to go?

If you want them to go to a different email inbox before we start, click “Create New Label” on the bottom left of the page and make one, I have called my one “Must Check Properly”

  1. Click the Cog in the top right of the screen and click settings
  2. Click Filters and Blocked Addresses
  3. Click Create New Filter

Filters and Blocked Addresses

In the include words section, enter

Unsubscribe||”Opt-out”||”Opt Out”||”Remove Your Email”||”Special Offer”||”Act Now”||Expires||”Limited Time Only”||”Sign Up Bonus”||”Remove Email”||”Remove Details”||”update your preferences”

You can always add more later.

I can use the “Doesn’t have” to allow certain senders, for example, If I really don’t want to miss out on an email from someone, in the “Doesn’t have” box, enter their email address or their website address, these will be included as standard on their emails.

Filter rules

Click Create Filter on the above screen

Now whatever we do, we use “Skip the Inbox (Archive it)” option

This removes if from our inbox visibility.

Then if you want it to go to a different folder, use the “Apply the Label Option”

If you want to delete it, then use the “Delete it” option

Move by label

You can also use this option “Also apply filter to matching conversations.” to tidy up your inbox at the same time, BUT, I wouldn’t recommend this if you are using the “Delete it”, “Spam” or “Forward” options.

Click Create Filter

For my inbox I am going to use the Also apply filter to matching conversations rule and roughly 75% of my inbox moved, my unread was at about 1400 which dropped to 144. I checked through them all, it turns out I wasn’t marketing emails anyway.

Little bit concerning, as that would suggest that I missed 144 emails that I actually wanted to see but they were hidden in marketing stuff I didn’t want.

Now let’s have a look at the Outlook rules before we look at the benefits of what we have done.

Outlook Method

Again, create an outlook folder if you want to check without sending directly to the recycle Bin

  1. Click “File” in Outlook
  2. Click Rules and Alerts
  3. Click New Rule
  4. Select “Apply rule on messages I receive”
  5. Click Next

Rules and alerts

Message header is something we can use, it is pretty useful, but to keep it simple we are going to use “with specific words in the subject or body” so tick that option and then click “Specific Words” (highlighted in Yellow on the screen below)

Specific Words

This then opens another screen, enter each word or phrase individually and then click add

Update your preferences

As you add each phrase, outlook automatically sets the “Or” condition and wraps with speech marks, when you have added them all click OK

Or condition

Then you should see the “with” line update with the words and phrases you have added

Click Next, outlook will ask you for an action

Again, we can use “Move it to a specified Folder” or “Delete it”

We can Hard Delete in Outlook if you are feeling really brave using “Permanently Delete it”

If we select a delete option, then we only have to click next, but if we want to move it to folder we select that option and click the word specified (highlighted in Yellow), which opens a new box for us to pick our folder, select the folder you want then click “Ok”

Spcified folder

When we click next, we can then add exceptions. Including “Specific words in the senders address” or from specific accounts.

Click next and on the following page  “Turn on this rule” should be ticked

Give it a name

Now, if your inbox is out of control, do as I do

“Run this rule now on messages already in the inbox” can be used BUT DON’T run this option if you are using “Permanently Delete it” or “Delete it”, that could be disastrous.

Run on inbox

Now click Finish

You may now see a loading bar if you clicked “Run this rules now”

Loading Bar

I can periodically check the folder for “Must Check Properly” knowing there is a high chance they are spam, phishing or something I didn’t initiate.

Benefits of what we have just done

  1. Tidied our inbox – this took a couple of minutes
  2. Prevented our inbox from getting messy

Those are the real life benefits that we will see every day, but now let us consider the Cyber Crime Benefits

  1. Decent Phishing Emails would likely get picked up by our rules.
  2. We can realistically check everything that comes into our inbox to see if it is phishing.

Anything that comes through into my inboxes that looks like Marketing or is generally from any company, my bank, my credit card, whatever it may be, I can realistically spend some time checking to see if they are legitimate prior to risking using links or doing anything with the email.

That is quite a big benefit to consumers, it is also a realistic way for consumers to operate. Instead being advised to check every email is legitimate, we automated the removal of a load of stuff we don’t want anyway, so we only need to check what remains.

Right, last bit on the Next Page, what can companies do to help prevent cyber crime, specifically in this case, help prevent Phishing.

Previous PageNext Page

Back to How I Would Commit Cyber Crime