Recently, I've been invited to two new Google Groups for WikiTree projects. I already belonged to other Google Groups for projects, so for me, this wasn't unexpected. However, I have noticed that after joining the groups, that for the first week, the emails begin sent to the groups were full of confusion, frustration and even threats. This led me to think about why folks were responding the way they were and it seems clear to me that there is an opportunity here to help a lot of people out with informative and critical information on email security. My goal is to educate as many people as possible so that instead of being fearful, that you have a basic understanding of email security and know what to do if you get an email you are unsure about.
First, WikiTree is a wiki, just like Wikipedia. It uses basically the same software that Wikipedia does. That software does not come with a forum, nor group email support. Working on any wiki requires collaboration and communication, especially a genealogy wiki! WikiTree has done a great job of providing avenues for communication through the Bulletin Board functionality on every profile, the ability to private email message a profile manager (or all managers) and integrating a seperate forum as a means to allow us to share information, ask questions and make announcements. However, the ability to provide communication to everyone in a particular project is a much harder problem to solve and is not part of the wiki software.
Google Groups is a well designed, easy to use, existing solution for communicating via email to a set group of people. It also allows members of a group to configure how they get communication for each group they belong to. WikiTree leaders have chosen to use Google Groups as the means of communicating with everyone on a project. Projects that already have a Google Group, list the group in the what-to-do-when-you-join sections on the project page. New projects and older projects with new leadership or a revitalization often add a Google Group when it doesn't exist, so you will very likely be invited to join a Google Group for that project at some point. You can see all the publicly visible WikiTree Google Groups here: https://groups.google.com/forum/#!search/WikiTree
In order to invite project members to a new Google Group, invitations are sent out to the same email address that you use on WikiTree. If you receive an invitation from a new Google Group with the name of a WikiTree project you belong to, it's highly likely that the project leader(s) have decided to add this functionality to the project to better support communication within the project. Please remember that we are all human and the level of communication and technological skills vary greatly among us, as well as that we all speak different languages and come from different cultures. The invitation that you receive may be legitimate, but may not be written in such a way as you would expect based on your language, culture, skill set and knowledge. Per our Honor Code, we should always assume the best of intentions when communicating with each other, that includes how we respond to Google Group invitations.
If you have any concerns about whether the invitation you received is legitimate, please do NOT click on the link/button before you confirm the authenticity of the email and invitation. The #1 reason why email continues to be the best avenue to cyber attacks is because so many people are willing to click on a link, button, file, etc., in an email without verifying the source.
As an IT professional, my best advice to everyone is that if you receive any email that you are unsure of the source, DO NOT CLICK or OPEN anything! As a fellow WikiTreer, if you get a WikiTree Google Group invitation and you feel confident enough to click the link to join the group, please do not send negative and threatening emails to hundreds of us, as that is neither productive nor in keeping with our Honor Code. In addition, you should be aware that if the email was a phishing attempt, by clicking on a link, you have already given the sender what they wanted, you have verified that your email address is valid. Worse, if the link or file you opened contained a trojan, virus or ransomware, then clicking the link or opening the file does that damage immediately. Just as you wouldn't respond to the request to send money to get money from the family of a Nigerian prince, so too, you should not click any link or open an file that you are not 100% sure comes from a legitimate source.
If you are ever unsure about the source of an email, the best thing to do is to check with the source. For WikiTree, look for an existing thread in the G2G forum that addresses the new Google Group, or start a thread in the G2G forum (this would help others) asking about it, or you could private message the project leaders or even use the private message functionality to message the person that invited you to confirm that they did, in fact, set up a group or send you a message from an unrecognized source.
Some additional tips. If you are invited to a Google Group, it will be for the same email address you use for WikiTree. So if you use a Google email address for Google Groups in general, which is different than the email address you use for WikiTree, please contact the project leaders privately to ask that your email address be updated. Please don't send your email addresses to the entire group. You are essentially letting hundreds of people know your email addresses. While we all want to assume best intentions and assume that everyone in the group are there for legitimate reasons, it's very common for unscrupulous people to join groups for the very purpose of getting access to information that isn't publicly available, such as valid email addresses. In fact, this can be done all with software without a real person even being involved. It's much more secure to message the project leaders privately than publish your email addresses to a large group of people you do not know.
Here is a great video that is an introduction to email security: https://www.youtube.com/watch?v=xP6wfcJpZ1c. I spent some time searching for some good informative videos, I really like this guy's approach. I'd recommend that anyone that wants to educate themselves so that they are more informed, less afraid and to have methods for identifying and handling email should check out all his videos. I haven't watched them all, but this first one is great!
Please let me know if you have any other concerns I have not addressed or questions around determining the validity of emails. I'm sure other folks in our wonderful community can also help out.
Let's continue to assume the best and help each other out!!
And, just for fun, a great TED talk: https://www.youtube.com/watch?v=_QdPW8JrYzQ