Tech Thursday: Train Your Users to Avoid Spam

Tech Thursday: Train Your Users to Avoid Spam

Of the millions of emails that flow through the Internet each day, more than half of them are spam -- unwanted email messages that clutter our inboxes and bog down our workflows. Many of these messages include malicious code and attachments, or point users to sites that attempt to steal their credentials. So it’s important to train your users to identify these threats and delete them before they cause harm.

Understanding Types of Spam

There are several different types of email that your users could consider unwanted. But some are worse than others from a security standpoint.

First, there is bulk email. This category includes newsletters and sales promos that your users did opt into at some point, but were either forgotten about or are more annoying than helpful. Most of this type is from legitimate companies, and the unsubscribe link actually works. This type of spam is the least risky category.

Second, there is unsolicited bulk email, or what would classically be considered “spam”. This includes 3rd party marketing either purchased or stolen from other places, and can be illicit or inappropriate in nature. While there may be some risk if a user clicks on the links in the email, generally it’s more annoying than anything.

Third, there are malicious emails.These emails may look to be from a legitimate source; think the fake UPS/FedEx package tracking emails that spread malware. These will either contain a malicious attachment in the form of a ZIP file or macro-embedded Office doc, or will contain a link to a site that will attempt to compromise the browser or download a payload. These emails are extremely risky, and users should be able to identify and delete these immediately.

Finally, there are phishing emails. These messages attempt to get users to enter login credentials for their email, bank accounts, or other services, and then collect these for exploitation by criminals. These emails are extremely risky, and are becoming more sophisticated. But often poor formatting and odd wording in the email are a giveaway that it’s not legit.

A sub-category of the phishing email is a spearphishing attack. This is where the sender already knows something about the intended target, and is specifically trying to fool him into giving up some other secret information, such as a bank account number. Users who suspect spearphishing should report these immediately so that others can be warned of the potential threat.

Training Your Users

With the above information, you can teach your users the difference between serious security risks and simple annoyances. This can help them to know when to just delete it, and when they should alert you about a potential threat.

Consider sending test emails to your users. Some services allow you to send “spammy” emails to your users, and then track which users interact with them, allowing you to provide further training to those ones.

Of course, the best way to prevent security issues with emails is to prevent malicious messages from reaching your users in the first place. In our next few articles, we will discuss various spam filtering solutions, and how you can customize them to protect your users successfully.


E-N Computers is a full-service IT solution provider, serving the business community in Virginia, Maryland, and Washington, D.C. If you’d like help to provide a secure, reliable email system to your business, contact us today to schedule a consultation.