Home User Education

I agree that making a big deal out of the idea of "just delete, don't even look at it" is probably going to do more harm than good. Viewing email in plain text is definitley the way to go, because you never know.. sometimes virii come from trusted sources as well. It is wise to tell them not to respond to any spam, though, and don't click those unsubscribe links either - sometimes those unsubscribe sites load you up with malware, but at the very least they just sell your email address off to other spammers. If they feel the need to do something about those SPAM messages, it's better to use something like SpamCop to report them.

An alternative to reading email in plain text is to spend a little money and get a mail client like PocoMail or email filter like Firetrust Benign, which will "sanitize" the emails so that any harmful scripts or images that load from the spammers site (lets the spammer know they have a live email address) are removed from the email. So yes, there are options no matter what way the user wants to go, but viewing in plain text is definitely the cheapest and probably the easiest.

 

Heh, strictly for technical reasons. Other times it's accidental. In any case, it's not the end of the world

Indeed. But in reality things aren't as black and white as Erikalbert thinks they are that it's apparant that some mail is spam, and the rest isn't. Even the average person would have situations where they get email from long lost friends ,college buddies trying to re-establish contact, people who run websites , write software , can get emails from other people around the world
asking for support, giving ideas etc

Obviously, if possible there is no reason (there is some actually but let's assume there isnt) to open an email if the subject shows it's likely to be junk, but you never can tell just from the subject lines, there will always be some that look like they might be legimate. Go ahead, open them, the act of opening in txt mode and reading them won't kill you.

I suppose to a person who doesn't understand what he is doing, he thinks such an act is dangerous, but i presume the people here are interested in learning , not being scared of his own shadow.

Even Erikalbert shows some of this. He states that he knows that junk emails is all crap, trying to sell stuff he doesn't want, etc etc. But how would he know this, if he didnt actually read some of them before?

 

In my newbie time I did read my emails of course, but I did some extensive research on the internet to learn the real truth behind these spam-emails.
The last three years I ignore/delete all of them.
Reading the sender and the subject is enough for me to recognize them as junk-email.
The emails without a subject prove only to me that the sender isn't even able to write a decent email.
Why would I waste any time on all these emails ?
I'm glad Thunderbird takes care of them in a few seconds and that's what they deserve.

In another forum, I meet these users, who actually read their spam-emails and each time I have to save them from being scammed.
Sometimes they don't even believe me and I have to prove it with examples of similar emails, published on the internet.
I spend more time on reading posted spam-emails with questions, than on my own spam-emails.
That's what happens when users read their spam-emails.

 

All of my emails forward to gmail, which strips the "crap" and let's you turn ON the html if you want to. It's been awhile since I configured it so I can't remember if that's the default or not. I seem to think it is.

 

You guys are killing me. You mean I'm not going to get half of Princess Mnokobotta's $300,000,000,000.00 USD which has been smuggled to a safe box with a security company in London? Say it ain't so.

 

No. I'm supposed to marry her next month. I've already signed over my house and given her all my banking and credit card information. Should I be worried? Is she going to die? Do you know something I don't?

 

And the experience didn't kill you right? What makes you *so* special that you can read spam without dying a million deaths, but other people can't?

Seriously though, did you really need to do 'extensive research' ? How many hours of research did you have to do really? You make it sound like it's so hard... Takes me zero hours of 'research' to know that appeals for donation for tsaunmi victims is almost certainly fake.

Wow, i agree, only people like Erikalbert should be allowed to read spam, other mere *users* should delete them straight away, because they are so dangerous.. LOL

Shame on you, Houseisland! Didn't you do "extensive research on the internet to learn the real truth behind these spam-emails" ?

 

There is a valid point though isn't there ?

I mean you can start with the focus on censorship or defining how other people should choose to use the .net. It won't mean that someone else in the household won't elect to surf in ways that heighten risks - even if the primary user doesn't.

Alternatively you can quite rightly explain the added risks of some .net activities and explain how with a few basic steps some of these can be mitigated.

I guess it's about which mindset you're going in with.

Either way it's a difficult task to encapsulate and I wish you well.

 

Given that this thread is entitled Home User EDUCATION, I would think this be the prefered option.

I'm against the idea that only a few elites can safety open spam email and read, without getting tricked and everyone else not on this forum are fools, 'ignorant', 'less knowledgable', 'not diligent', or whatever description used by some to describe other people who are supposedly not as skilled as them.

Getting fooled by cons in spam, is more a result of greed, lack of skepticsm then sheer technical ability, or hours spent researching anyway. Of course, there are always real fools, but in such cases, it's a lost case no matter what you advise.

As always the advise that "DELETE AND IGNORE" all email from unknown sources is way too simple and in the long run it's counterproductive anyway.
Such a user would fall for bank phishing mail that spoofs the from header so it appears to come from their bank for example. Or a friend could forward him some email , and because it's from a friend and hence trusted source, he would believe it?

Be skeptical of everything you read on the net! I'm sure by long, most people know this.

I find it funny that the people most likely to underestimate people, are usually themselves just a tiny step above noob and perhaps I might speculate it makes them feel better to think that they are smarter more capable then the masses , so surely what they can do is beyond everyone else.

"Sure I can open and read spam mail without problem, but i'm exceptional..... the masses are not as smart as me, they won't do the research, they will surely fall for such scams hook,line,sinker. I know this guy who...."

I'm sorry to break this to you, i have friends, family, who have never seen the inside of a security forum or aren't computer weenies and they aren't falling for such cons even without any prompting from me.

Some might be lazy about updating antivirus, ignorant about security updates, some might not know about webbugs, or might not realise unsubcribing to spam is not a good idea etc but i have yet to see someone I know dumb enough to fall for the "Send me your money first, then i will send you MORE money later" scam.

I have read about them in the newspapers, but i guess that's why it's newsworthy.

 

I have to agree.. new computer users are already intimidated enough by computers, the internet, and all the bad guys out there.. pressing the idea of "Whatever you do, DON'T OPEN THOSE EMAILS!!" is only going to make things worse. Give them the outlook they need (heh, but not Outlook), teach them how to turn off HTML mail, and teach them how to deal with these things.. it's much better that they go in thinking: "Hey, just take a few basic precautions and you'll be ok. It may seem like a lot at first, but once you're set up, it won't take very much."

 

I haven't done a lot on this project, yet, other than to think about it in very general terms.

What I would eventually like to do is to develop some sort of “open source” curriculum that could be posted somewhere and then be used, enhanced, modified by anyone anywhere.

A good starting point would be an examination of the question of ethics and responsibility. What are the social responsibilities of computer ownership and participation in the Internet? There are consequences of irresponsible computer use both for the home user him or herself and for the Internet community at large. Irresponsible computer use can be defined as action (doing dangerous and/or anti-social things) and inaction (failing to maintain operating systems, security applications, and hardware such as wireless routers – inaction is highly anti-social). Both aspects of irresponsible use need to be discussed, and the consequences of irresponsible use need to be examined and explained.

The next issue is home user fear: fear of the unknown, fear of looking foolish, etc. Fear is an enormous barrier to learning. Fear prompts inaction. This brings us to trickyricky's point about backup. With backup, there a very few problems from which one cannot make a relatively graceful recovery. There is no need for fear. “Don't worry! Be happy!”

Fear segues into the need for a major LARTing of many members of the techie world. If “we” take the attitude towards users that “the problem is between the keyboard and the back of the chair,” we find that we are only looking into a mirror, one that does not reflect us in a very flattering manner. We, sitting between the keyboard and the back of the chair, are become part of the problem rather than part of the solution as we should be. A user, who is treated with contempt and who is humiliated, is a fearful user. Fear prompts inaction, the worst form of which is not asking for help because there is the expectation of pain, humiliation, embarrassment, etc., etc. When a user works up the courage to ask for help, there is that golden and elusive “teachable moment!” Users need to be treated with respect. Tech support needs to be non-judgmental (and dare I say “supportive”) if user competence is to be advanced.

Next would be tutoring in how to be pro-active rather than inactive – a topic which is being discussed in this thread. For many home users, being proactive may end up being establishing an on going relationship with competent technical support. Some may choose to learn the skills necessary to be independently proactive.

Last would be a reiteration of the hazards and consequences of irresponsible actions – a topic also under discussion. There is a need for self control/discipline/censorship.

Nuff for now.

 

I have to say this is one of the most pleasant and courteous forums I have ever participated in. Thank you.

 

Here's some videos that Peter2150 linked to previously, there are some good points that might be good to cover.. plus they're just fun to watch

http://www.microsoft.com/australia/events/teched2005/mediacast.aspx

 

These 20,000 users have read their spam-emails and learned it the hard way.
http://www.webuser.co.uk/news/66365.html
I hope they did get their money back

Need another example or is one enough ?

 

houseisland,
Refer to this link and users will learn about the dangers of spam-emails :
http://www.fraudwatchinternational.com/fraud/index.shtml
If each email-software had a striking banner with this link, maybe there would be lesser victims in the world.

 

Hi Guys,

I may have missed it, sorry. Very good idea is MVP's HOSTS file, & how to update & lock the hosts file! Houseisland how wonderful, good for you, altruistic behavior is nice to see!

 

Far more people read their email without problems, ocasionally opening mail that looks suspicious. Anyway 20,000 fools around the world isn't a lot considering the size of the computer using population.

Far more people get infected with viruses, worms then a mere 20,000, do you then recommend these people turn off their computers and stop surfing, stop receiving any email because of the risk of getting infected?

Besides I wonder how many of the 20k could have be saved if someone told them that such emails were cons and warned them about it and other common tricks, instead of merely yelling on forums such as this to DELETE AND IGNORE without saying why. What happens to such users if email slips through their filters? Or if they accidently open one? Is it game over for them then?

In my book, letting people know why they are doing something is much better than giving orders without explaining.

You know how less knowledge/ignorant/whatyoucallit users are like, you tell them not to do something, they will go ahead and do it, unless they know why .... The more you make out email to be like some kind of forbidden the secret the more curious they are.

 

I have to agree with this full heartedly.

I think it is vital for the technies to believe that users can take responsibility for themselves if they are properly trained. We should not sell them short!

When it comes down to it, you cannot protect the user from himself anyway, a fool will always figure out a way to beat any foolproof system. Much better is to educate users to ensure that there are no fools using your systems

This is not to say however that you should expect miracles, but I find there are certain people who like to underestimate the masses. They keep hoping to find some perfect security software that can protect users from themselves and provide 100% protection without any user responsibility involved.

Exactly, there is no software that can consistently protect you from believing and acting stupidly. The only cure for that is learning more. This holds whether you are using AVs, HIPS, SU or whatever.

Yes. much better Erikalbert...

If each IGNORANT (lol) email user read all this , or at least a shorter summary (I see no need for any user to be an expert on the details of each and every type of scam, once you seen one, you seen them all), they would be much better prepared

From the FTC website

Practically speaking this paragraph alone is sufficient. Be skeptical! You don't need to research every spam mail for hours really.

This is the social aspect, then there is the technical aspect

http://www.grc.com/x/news.exe?cmd=article&group=grc.news.feedback&item=34197

For those who are unware look at point 6.

Other email tips

http://www.spywarewarrior.com/uiuc/howto2.htm

 

This is just one example. These gangsters operate everywhere and there are alot more victims, than just 20,000.
Catching scammers doesn't end the scam problem, just like drugs and these scam-emails are still around,
which means they still make a profit of it.
In this case they were trapped by the police, so there is more info about the victims.
In many cases these organized gangsters disappear, when the law is too close and go to another country. Money isn't a problem for them, they are all millionaires.
So 20,000 is just the top of the iceberg.
This website is created for complaints of victims, but that's not the only one.
http://www.badbusinessbureau.com/

The largest existing spam-database, I ever heard of, contained 250,000,000 email-addresses.
If only 0.005% replies to a scam of $500 to collect a fake lottery winning (= 12,500 replies),
these gangsters collect $6,250,000 for just ONE email and once the victim paid $500, they will ask the victim for a second fee, a third fee, ... until the victim gets suspicious of course. That's how these lottery scams work.

 

I sense a social and cultural divide. My guess is Devil is in the USA. We Americans are generally far more suspicious of attempts to work ourselves up because a relative minority seemingly can't figure out up from down. Common sense can't be taught.

 

Personally I think, all you can do is to help them learn how to protect themselves, but you can't save everybody.

In the long run, teaching people to be skeptical and careful of frauds is all you can do. Don't tell them to do some arbitary thing without telling them why. It just adds to the problem of people fearing technology.The problem is replying and believing email ,not reading them.

Dear Erik, that is how spam works. They are targetted at the dumbest and most naive of us. The incremantal cost of spending each mail is almost zero, that is why they don't need a very high response rate. There have being proposals to change that, to shift the cost of sending emails to the senders.

In any case That is why user education is more important than any simplistic advice like DELETE AND IGNORE. This doesn't address the root problem, that is the naivety of some miniority user.

I don't believe that only elites can read spam email without problems, while the masses are too stupid. There will always be a few rare ones that believe whatever they read, but I submit there will be precious few, particularly when warned of them

As for the rest who simply can't be educated, to think that simply telling them to DELETE and IGNORE is going to protect them is being foolish.

That's my way of fighting against SCAMMERS/spammers : REPORT them and EDUCATE users.

Everybody who doesn't, keeps them alive on the internet.

 

Exactly. People who would come to a user education workshop are motivated. There is hope for these people.

Unless there are licensing requirements, involving testing, for obtaining an IP address (no IP without MCSE ) followed by legislation for punishing negligence, bite my tongue, there is little that can be done to force the population of home users at large to clean up and lock down their systems. Still, an inverse class action suit by a corporate entity against the holders of all the IP addresses involved in a DOS attack, charging them with criminal negligence, might make an interesting court case (LOL)

The only realistic approach is patience and persistence. Work with the ones who are willing to seek help. There was the Sainsbury advertising motto: "Every little helps."