Tip of the Day

Q: I have heard you recommend that people should not send or receive attachments. In business, what's a practical alternative? I send documents to suppliers, co-workers, and customers every day.

A: When it comes to e-mail file attachments, my general advice is to never open them unless you know specifically what it is, even if it is from someone you trust. Today's worms often 'spoof' the return address, so you can't ever trust that the listed sender was actually the real sender.

Blind faith on the Internet is a recipe for disaster!

The recent MyDoom worm outbreak (which has become the fastest spreading ever... for now!) is just another great example of why being suspicious about any file attachment is important. The individual(s) that crafted this attack used a form of social engineering to fool users into thinking that a message was being returned because it could not be delivered. Most victims assumed that the message was something that they had sent and their curiosity got the best of them.

When I say 'unless you know specifically what it is,' I mean, you have to have prior knowledge from an earlier communication or some reasonable expectation that the file is coming.

In business, it is very difficult to refrain from using file attachments as you well know, but how you send them could be very helpful for you and your recipient. For instance, just because the information that you want to send is in a Word document, it doesn't mean that you need to send the actual document. Whenever possible, copy the text from the document and paste into the body of the message or use Adobe.Acrobat to generate a .pdf file.

Calling someone to let them know that a valid file attachment is coming can also help, but it's better to be explicit in the message so that it can be identified clearly at a later date. If the recipient is being sent an attachment for the first time, consider sending two messages to them. The first could explain what you intend to send and that the attachment will be on the next message and the second would have the attachment with some specific reference to the first message so that the recipient would have no question about its validity.

Example: Jennifer, I will be sending you a file attachment named Jones.doc with the numbers for the 'Jones' account in the next message.

Not only would this make it very clear to your recipient that the attachment was intended, it would also show that you have a great deal of concern for them and that you don't send files irresponsibly. If you exchange attachments often with associates, just remember to include specific information in the message body and subject line about the attachment or the specifics of the project.

Since most mass-mailing worms use very generic messages and subject lines, don't make your message look suspicious. For instance, subject lines like 'Hi,' 'Hello,' and 'Here is the file' are commonly found in today's worms, so avoid them. Take some time to 'craft' the message using proper punctuation and spelling - many worms are created in foreign countries and use 'bloken Engrish.' Be specific in the subject line with information that could only be known by the sender and the recipient.

I usually like to try and be short and sweet with my e-mail messages, but when it comes to messages with attachments, the more information you can include, the better!
Source: Ken Colburn of Data Doctors