Never open an unsolicited file or download an unsolicited attachment

A legitimate USPS shipping message

(Jennifer Abel @ ConsumerAffairs) “Never open an unsolicited file or download an unsolicited attachment.”

In the world of online security, that statement is the equivalent of “Look both ways before going out into traffic” — sounds self-evident, yet it needs to be repeated because rarely a day goes bywithout someone ignoring (or forgetting) that advice and coming to a bad end as a result.

Consider the latest scam alert issued by the Better Business Bureau: somebody is sending out emails made to look like “shipping notifications” from the U.S. Postal Service.

Supposedly, they were unable to deliver a package to you, so you should download the attached “confirmation form” and take it to your nearest post office.

Of course, if you click on the link to download the form, you'll actually infect your computer with a nasty virus. The BBB ended its scam alert with five pieces of advice, all of which we've discussed during previous anti-scam pieces:

Don't believe what you see. Scammers make emails appear to come from a reputable source. Just because it looks like an "@usps.com" address does not mean it's safe.

Be wary of unexpected emails that contain links or attachments. As always, do not click on links or open the files in unfamiliar emails.

Beware of pop-ups. Some pop-ups are designed to look like they've originated from your computer. If you see a pop-up that looks like an anti-virus software but warns of a problem that needs to be fixed with an extreme level of urgency, it may be a scam.

Watch for poor grammar and spelling. Scam emails often are riddled with typos.

Immediate action is necessary. Scam emails try to get you to act before you think by creating a sense of urgency. Don't fall for it.  

Be original

Another important rule to remember is this: seek out your own contact information. When you get such an email, even if you clearly recognize typos and other indications of possible scamminess, you might not be able to blithely dismiss it as a fraud.

After all (the nagging worrywart part of your mind might argue), the post office's losing a package or not delivering it to a clearly labeled address happens all the time. As for the no-typos rule — well, it's always possible that someone with poor writing skills nonetheless got stuck with email duty today, right?

So if you can't bring yourself to ignore that potentially scammy warning message, you don't have to. Go ahead and ask the post office if they have a package for you — but do this independently, after having done your own research to find a phone number or email address or some other legitimate USPS contact information.

The seek-your-own-information rule applies to every other threatening email, phone call or other message you might get: this letter, allegedly from the IRS, says you owe extra taxes? Then ignore the “contact information” in that letter, and find the IRS' phone number yourself.

That email, allegedly from Netflix, warns of massive problems with your Netflix account? Ignore the phone number and email address it offers you, and look for the Netflix customer-service information yourself.

And never trust anyone who deliberately tries pushing your panic button or otherwise demands “immediate action” as the BBB warned about — legitimate authorities collecting legitimate debts have no need to do that.