Email is everywhere. Despite the rapid uptake of social media and text messaging, email remains the cornerstone of digital communications for individual users and companies alike. According to data from the Radicati Group, more than 260 billion emails are sent every day. This has not gone unnoticed by hackers, who are always looking for ways to spread malware. Now even email needs virus protection.
The sheer number of accounts and messages sent make these electronic messages the ideal way to compromise user devices. The result? Users are now (understandably) concerned about their email account safety.
But do any “standard” virus protection tools exist? How effective are they? What else can users do to reduce their total risk?
Let’s find out.
Editor’s note: Professional Email from GoDaddy comes with state-of-the-art virus protection that scans every incoming attachment, automatically blocking emails with infected attachments. Office 365 email accounts have built-in malware and spam filtering that helps protect inbound and outbound messages from malicious software.
Common email threats
First, it’s worth breaking down some of the most common threats to email accounts.
Phishing
Malicious actors send emails that look legitimate but contain infected files or links to compromised websites. This remains the top email attack vector because it works; if hackers can spoof familiar companies or contact email addresses, they can convince users to open files or follow links. Once you’ve clicked, the damage is done.
Account takeover
Attackers run automated scripts to find millions of email addresses and then try password after password after password to break in. If they’re successful, they gain access to everything in your email account — and if you use the same password for multiple sites, they might be able to compromise financial or eCommerce accounts as well.
Armed with email details, hackers can have passwords reset and establish credibility as “you.” From there, they might be able to fool government agencies and credit companies into issuing fake documents or credit cards.
On the lookout for virus symptoms
So what do these threats look like in practice? How do you spot the symptoms of an email virus or the telltale signs of a phishing attack?
If malware has infected your device, you’ll typically encounter problems such as:
- Performance issues: These include slow page load times, random crashes or apps freezing.
- Intermittent internet: Your connection could be unstable or you might experience regular disconnects.
- Self-starting applications: If you notice applications or services starting without your permission, your device could be infected.
- Extra advertisements: If you start seeing excessive, intrusive ads that occur even when you’re not actively browsing, compromise is the likely cause.
- Password changes: Email password suddenly not working? Being asked (again and again) to verify your identity or confirm access request? This is a bad sign.
Once you suspect you’ve been hit by malware, take action to minimize the damage. Because our devices are interconnected, it doesn’t take long for the infection to spread.
The benefits of built-In virus protection
The good news? Most email providers offer built-in virus protection. Even free email providers use basic virus scanners to examine both incoming and outgoing emails and attachments. These scanners are designed to detect common patterns that indicate potentially malicious code and then notify users of their potential risk.
Most free email account scanners don’t forbid users from downloading or opening attachments, but instead warn them about possible issues.
In addition, these tools could produce “false positives,” because they’re unable to fully scan a file — such as a compressed ZIP file — and label it as suspicious.
Also worth remembering? These virus scanners are not anti-malware tools. They don’t have the ability to contain or respond to malware threats, they can only alert you to risky files or, in specific cases, reject emails altogether.
In some cases, this built-in virus protection is more problematic than preventative. For example if you’re trying to send out legitimate messages, but the system keeps flagging them as malicious, or if the scanner itself causes files to become corrupted.
While turning off basic email scanning for free message services isn’t recommended, users should be aware of its limited scope and efficacy.
Beyond the basics
If automatic virus protection isn’t enough to safeguard email accounts, how can you stay safe when receiving and opening files and attachments?
First, remember that attachments must be opened and links must be clicked for attackers to compromise your device. So step one is to never, ever click on a link in an email from someone you don’t know and trust.
The best defence? Recognize the signs of phishing or account compromise attacks. Some of the most common include:
DO THIS RIGHT NOW
Phishing attack scammers like to create a sense of urgency to compel user response. Be wary of emails that demand you “act fast” or “do this now” to prevent account lockout or other dire consequences.
Gimme gimme gimme!
Attackers want your personal information. But no bank, shipping company or eCommerce provider is going to demand this data via email. Delete.
Link issues
Before you click on any email links, hover that cursor overtop and see the destination URL. If it’s supposedly sending you to PayPal, Apple or some other reputable company, you should see a recognizable domain name. If you don’t, it’s not legitimate.
Not sure? You can use a link scanner like Norton Safe Web or ScanURL to check the legitimacy of any unfamiliar URLs.
Something seems … off
If you’ve got a gut feeling about something that lands in your inbox, trust it. Examine the email — is the information current? Is everything spelled correctly? Does the company logo look right? Hackers often copy-and-paste brand and website data so if you’re suspicious, you’re probably on the right track.
Beware seasonal scams
Current events often inspire phishing attacks. As noted by Threatpost, for example, the summer of 2018 came with a spike in World Cup and vacation-related scams because they’re top-of-mind for many users.
If malicious — or even suspicious — emails land in your inbox, deleting them is the best way to avoid infection.
Keep your system up-to-date
Also a good idea? Stay up-to-date on security. This means:
- Regularly changing your password — and using something other than “password” or “starwars” (get tips on crafting strong passwords here).
- Ensuring your operating systems and apps are up-to-date (here’s how to check updates for iOS and Android.)
- Installing a reputable, real-time malware scanner on your device.
While email scams are the method of choice, inherent code or app vulnerabilities could also give hackers the opening they need. Regular app and system updating, paired with active scanning lowers this risk.
The takeaway on virus protection
While your email account probably has built-in virus protection, it’s not enough to keep your email account safe. Learn the symptoms of malware, recognize the signs of attack and make sure your device is defended by effective malware scanning tools. Remember, the best offense is a good defense.