Know and understand minimising the potential danger of using email including an awareness of the potential dangers of opening or replying to an email from an unknown person, an awareness of the risks associated with sending personal identifiable data

Published by Patrick Mutisya · 14 days ago

ICT 0417 – Safety and Security: Email Risks

Topic 8: Safety and Security – Email

Learning Objective

Students will know and understand how to minimise the potential danger of using email, including:

  • Awareness of the potential dangers of opening or replying to an email from an unknown person.

  • Awareness of the risks associated with sending personally identifiable data or images via email.

1. Why Email Can Be Risky

Email is a convenient communication tool, but it can be exploited for malicious purposes. The main reasons are:

  • It can carry hidden code (malware, ransomware) in attachments or links.

  • It allows impersonation (phishing) where the sender pretends to be someone trusted.

  • It provides a channel for accidental disclosure of personal or confidential information.

2. Common Email Threats

  1. Phishing – deceptive messages that ask for login details or personal data.

  2. Malware attachments – files that execute harmful code when opened.

  3. Spam – unsolicited messages that may contain scams or unwanted advertising.

  4. Spoofing – forged sender addresses that make the email appear to come from a legitimate source.

3. Safe Email Practices

Follow these steps each time you handle an email:

  1. Check the sender’s address carefully. Look for misspellings or unexpected domains.

  2. Hover over any links to view the actual URL before clicking.

  3. Do not open attachments unless you are sure of the source and purpose.

  4. Use built‑in spam filters and report suspicious messages to your IT administrator.

  5. Keep your email client and anti‑virus software up to date.

4. Risks of Sending Personal Identifiable Data (PID) or Images

Personal Identifiable Data includes names, addresses, phone numbers, ID numbers, and photographs that can be used to identify an individual. Sending PID via email can lead to:

  • Identity theft if the email is intercepted or accessed by unauthorised persons.

  • Unintended distribution if the email is forwarded without consent.

  • Legal consequences under data protection regulations.

To protect PID:

  1. Encrypt the email or use a secure file‑sharing service.

  2. Ask the recipient to confirm receipt and delete the message after use.

  3. Avoid including unnecessary personal details in the body or subject line.

  4. Never send images of official documents (e.g., passports) unless absolutely required and encrypted.

5. Email Safety Checklist for Students

ActionCheck
Verify sender’s email address
Hover over links to view full URL
Open attachments only from trusted sources
Use encryption for PID or sensitive images
Confirm receipt and request deletion after use
Report suspicious email to teacher/IT staff

6. Summary of Threats and Mitigation

ThreatPotential ImpactMitigation Strategy
PhishingLoss of login credentials, financial fraudVerify sender, avoid clicking unknown links, use two‑factor authentication
Malware attachmentSystem infection, data lossScan attachments with anti‑virus, open only trusted files, keep software updated
SpamClutter, exposure to scamsUse spam filters, delete unsolicited messages, never reply
SpoofingDeception, unauthorized data disclosureCheck email headers, confirm via alternate communication channel
Sending PID/imagesIdentity theft, privacy breachEncrypt, limit information, use secure transfer methods

Suggested diagram: Flowchart of safe email handling process (from receipt to reply or deletion).