Cincinnati Bell Online Security and Email Best Practices
Important Email Security Tips:
- Never respond to an email asking for personal or financial information such as your email address, password, Social Security Number, etc. (Cincinnati Bell, PayPal, and your bank are examples of companies that would never ask for personal information in an email.)
- Don't open an email or attachment from someone you do not know or trust.
- Never click on a link or executable file within an email from a company or organization that you do not trust.
- Do report 'suspicious' email by forwarding it to firstname.lastname@example.org
- Do keep security software and operating systems currently updated.
Email has become an integral part of most of our lives. For many of us, it may be the most common way we communicate with others. Long gone are the days when email was simple text transactions between two users looking at black and white terminals. Today's users expect crisp fonts, colors, inline images, background patterns, HTML and other browser specific formatting as well as the ability to attach moderately sized files to their messages. The evolution of email technology that allows all of these new features has greatly enhanced the experience of email users, but has brought along with it some very common and serious security concerns. Email has historically been the most common method for attackers to get malicious code to unsuspecting users, and while many new and creative tactics are being employed, this method is still frequently use to propagate malicious code.
Phishing: A fraudulent attempt to elicit personal information by misrepresenting a reputable agency, or any other suspicious email which requests personal or security information from a user.
If you receive a phishing email which is asking for your personal information such as any account information or passwords DO NOT RESPOND TO IT. Please forward it to email@example.com. Cincinnati Bell will never ask for personal information via email and strongly recommends that our users do not relay such information to any company via any insecure methods.
SPAM: Junk email, such as unwanted advertisements, unreadable emails, or things sent to a user in error.
For webmail users receiving a spam email in your inbox please click the "SPAM" button to report it as spam. If you receive an email in your SPAM folder that is not spam or junk click the "Not SPAM" button.
If you are using a third party email client such as Microsoft Outlook or Outlook Express and you receive an email that is spam please forward that particular email to firstname.lastname@example.org.
Despite the exhaustive efforts that Cincinnati Bell employs to limit spam, there will likely be occasions where every user will receive some sort of Spam message or Phishing email (a fraudulent attempt to elicit personal information by misrepresenting a reputable agency). Often users unfamiliar with these threats are not sure how to handle these communications. Please reference the list at the bottom of this document for valid addresses to report such emails. Most importantly, never respond to such an email. No good will ever come of validating your existence or a successful delivery of unsolicited emails.
Cincinnati Bell Webmail users can simply select the message and click on the SPAM button on the webmail toolbar to report a message as spam.
Throughout the evolution of email and all the resulting additional features, it is likely that the most prominent would be the ability to "attach" files to email messages. While these changes certainly make the transport of such files simpler and email more useful, they also introduce some technical and security concerns. Email was not designed with these large attachments in mind and actually handles them quite inefficiently. In addition to the inefficiencies of transmitting files this way, it is a huge security risk for users to allow files of unknown origins onto their PC. As many email applications continue to allow more and more "web functionality" directly within the email program, more options are available to attackers. Users should be very cautious when opening email attachments, even from trusted sources. In best practice, email users should only download or open attachments from a recipient that they know and trust, as well as confirming they know what the attachment is before opening it. Opening any unknown email attachment (even from a trusted sender) can immediately infect your PC with malicious code. Some infected machines will further utilize their host's mail application to spread the infection by emailing individuals in that machines address book.
Cincinnati Bell's feature-rich webmail provides its users additional security from storing possibly infectious code on their PCs. Our email network spam filtration will keep the majority of spam and malicious emails from ever reaching the inbox. Any suspicious email that may reach the mailbox can be deleted on our servers before it ever reaches your PC's hard drive.
Some email messages contain images and web content directly in the body of the email. By default, Cincinnati Bell Webmail will not load these external pages.
This content, if loaded, can validate the existence of an email address to an attacker. A common technique used by spammers is to send out messages blindly to "guessed" email addresses (which are generated from "dictionary" lists or purchased from old spam lists). Once a spammer confirms that an address is valid, it gets moved to an even higher value list in the spam community and will be targeted for even more spam.
Many recent internet attacks have been based on browser or web code exploits. Once attackers find these exploits, they can quickly spread across the internet and will often take users completely by surprise by loading pages inside innocent looking emails. Disallowing the auto loading of external content within email messages provides an additional layer of protection to users.
Many spam or other malicious messages contain links to websites or even executable files. If you get an email from someone you don't know or a company or organization that you did not subscribe to content from, do not click on links within the body of the message. In the best case scenario, these links may load to a site and drive up advertising revenue for a site that could use this income to propagate even more malicious behavior. In an even worse scenario the site this link leads you to may contain code that can compromise your PC.
It is never a good idea to run an executable file sent via email. Most respectable vendors will send software with a proper installer for your operating system that is digitally signed for that company. Any time a user elects to run an executable file, that application has access to the PC and could be executing malicious code or installing other code that may run silently in the background.
Cincinnati Bell strongly enforces responsible business and personal email practices requiring that all electronic mailings be CAN SPAM compliant. The guidelines described in this law are minimum guidelines for individuals who wish to send advertisements or any other customer communications. Businesses or civic organizations wishing to conduct business via email are strongly encouraged to maintain their businesses online reputation by adhering to even higher standards by utilizing effective software that requires their recipients to "double opt-in" to their email lists and providing timely responses to unsubscribe requests. There are many companies that provide these types of services to businesses and organizations at low cost, as well as providing access to software or online tools to manage these activities. Any users found to be in violation of these practices can have their email services and/or DSL service suspended immediately. To protect email service for all of its users and to maintain a reputation as a responsible ISP within the internet community, Cincinnati Bell will enforce all aspects of its Acceptable Use Policy.
Note: Do not attempt to unsubscribe from email communications that you did not sign up for. This can validate that your address is valid and cause you to be targeted for more spam.