Online protection tips

I just got the email message with the above subject line and was annoyed by the poor quality of the advice offered. First, the message itself contains images that are downloaded from a remote server when you read the message. This is a common technique for verifying the validity of email addresses for the purpose of selling them to spammers. If the email is opened, the remote server records the address as valid. Second, there is a current spoof around that imitates secure web pages. If you look at the address at the top of this page, you will see a little red square with a “C” in it to the left of the address. To imitate a secure page, hackers use a lock or key image to suggest that the page is secure, so just looking for such a lock is not the solution. Also, if you are using a link provided by a phishing email, it could easily take you to a secure page of the hacker’s design that will link to the real banking/government site in the background (man-in-the-middle attack). On such a page, you will see an address very similar to the genuine one, a HTTPS: prefix for it and a lock or key in the right spot. It will, however, record any personal information that you supply it, while passing the information to the real site for information from that end. NEVER click on a link in an email that connects to you bank/credit card/government account. You should only use connections that you have previously recorded that link to the genuine web page.
End of rant.