Numerous computer viruses use e-mail to help themselves spread from machine to machine. Scammers also use e-mail to trick unsuspecting users into divulging sensitive information. Here are a few simple steps that can help keep your computer and your information safe from the threats introduced by malicious e-mail. Do not trust the sender information in an e-mail message Viruses and scammers often craft messages that appear to come from someone you know. Just because a messages claims to be from “joe.randa@example.med.unc.edu,” for example, it doesn’t necessarily mean that “Joe Randa” sent that message. It is trivial to “spoof” the sender information on an e-mail message, and thus viruses and scammers often use this tactic. Viruses have also been known to send messages using e-mail addresses collected from address books on infected computers. If you receive an e-mail message and you find yourself questioning whether or not it is real, call the sender and verify he/she sent the message, just to make sure. Do not open unsolicited e-mail attachments While the School of Medicine has some protections in place to keep e-mail messages with malicious attachments from reaching your inbox, there are a few ways they could still potentially slip though. Do not open attachments on unsolicited e-mail messages. The e-mail message may be convincing, advertising itself as a greeting card from someone you know, or as advertising information in a PDF, but treat it with suspicion until you can verify the message’s authenticity. Above all else, never open an e-mail attachment whose file name ends with .exe. Do not click on web links in e-mail messages Links to websites in e-mail messages may look like they will take you to one place, but may actually take you to another. Sometimes the websites where you end up will attempt to infect your computer with malicious software, or they will ask you to enter personal information in a very convincing way. One very simple way to ensure that you actually visit the site that you intended to visit is to select the text of the link from the e-mail message, copy it, and paste it into your web browser. This way, if you receive a welldisguised malicious message that is advertising a known and otherwise “trusted” website, by selecting the text, copying the link, and pasting it into your web browser you can be reasonably assured that you will end up in the right place.