Page 62 - index
P. 62
business and job seekers should also show they respect the privacy of the recipient, especially
someone who might consider hiring them. This is alarming if a predator or stalker or spouse or x-
spouse uses email to track you for their own creepy reason.
While Spear Phishing is Illegal, is Email Tracking Legal?
It is legal to track email. There are rules about spam and there are rules about bugging and
eavesdropping on conversations but not about email. It’s always best to disclose that you’re using
tracking tools to make sure the email gets to the right recipient and so that you won’t have to bother
them to see if they received and opened it.
However, here’s where it gets real creepy. Imagine a stalker was trying to find out where you lived.
If you opened their email, they could start to collect geolocation information on you as well as the
‘fingerprint’ of your computer and/or email client. This is the first part of a smarter attack known as
spear phishing – they might use this to then find the right malware to attack your operating system
or email or web client to install a RAT – a remote access Trojan, which is even more creepy
software to watch you on your webcam and listen to you on your microphone.
If you want to legally and legitimately use email tracking for marketing or other purposes, I
recommend folks put together a very positive and honest privacy policy or privacy statement in the
bottom of these tracking emails so the recipients don’t become victims.
How can you tell it’s a Spear Phishing or Email Tracking Attack?
If it’s an email that doesn’t look like it contains a picture, usually the tracking cookie is an invisible
picture – so by turning off ‘display images’ automatically, is the first hint. If you simply use TEXT
only mode to read your emails instead of HTML, you’ll know right away. If there’s an attachment
you were not expecting or if it seems ‘fishy’ it’s probably a Spear Phishing attack. If you find a tiny
white graphic that’s one pixel in size, it’s usually an Email Tracking attack. However, Spear
Phishing attacks may also use this technology but they haven’t in the past because it tips of the
victim.
Defending Against Both Spear Phishing and Email Tracking Attacks
What is the simplest thing you can do to defend against this kind of attack? Change your email
client settings to only display TEXT instead of HTML emails. When the email arrives, it might not
look as pretty but you can still read it. If the entire email is a picture you know it’s spam or email
tracking. You won’t enjoy missing the pretty colors, HTML hyperlinks, graphics and attachments but
simple TEXT ONLY email is the answer. You simply cannot be victimized if you only read the text
portion of the email message. That means an email client or special plug-in that renders the email
as text only. Good news on major email clients such as Microsoft ® Outlook – all you have to do is
change your security settings and you can make sure all hyperlinks are turned into text, all emails
are read as text only and attachments are rejected.
This may start out making your day difficult, where you would then ask folks to send you
attachments in a different fashion, but then you know it’s really from them. For example, unless and
62 Cyber Warnings E-Magazine – February 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
