Using the MBSA Using Windows Update Keeping Applications Current

Understanding Computer Viruses Norton Antivirus Program How Does Virus Scanning Work? Spyware and Unwanted Software

Dangerous AttachmentsSpam Phishing(Spoofing)

How to Know if a Site is Secure What Are Cookies?Deleting the Browser Cache Clearing Recent Documents List

Different Types of IU Accounts Local Administrator Account

Creating Good PasswordsManaging Passwords

 

General IT PoliciesIT Policy Office Role IT Security Office Role

Physical Security Logging On and Off Locking a Workstation Disabling File & Print Sharing

Dangerous Attachments | Spam | Phishing (Spoofing)

Using Email Safely

Anytime you send or receive communications on the Internet or browse a Web site, there are opportunities for individuals to intercept your communications to obtain your email address. If you post to a Usenet newsgroup, list your email address on a Web site, or fill out insecure forms on the Web, your address can be collected by spammers, individuals who use email addresses for commercial advertising to try to gain profit for themselves and to get rich quick.

Listed below are the most important tasks that are covered in this section:

• Never open attachments unless they have been first scanned with an antivirus software program.
• Don’t reply to emails requesting personal information.
• Don’t buy anything from spam email.
• Do not reply or click on links in emails or pop-up messages asking for personal information. Always go directly to the company's Web site.

Dangerous Attachments

Electronic mail can be a major source of security concern. E-mail attachments are an important medium through which viruses, worms, and Trojan Horses spread from one computer to another. Every email attachment is a potential threat to your computer’s security. Choose your email client software carefully.

Regardless of its origin, be cautious and don't open any attachment unless you know the sender. Also, never run or open any attachment from your email program unless it has been scanned with an up-to-date antivirus program. If you're not certain that your antivirus program is working automatically, save the attachment to your hard drive and scan it manually before you open it.

Return to Top

Protecting Against Spam

Junk mail, known as spam, is becoming a very lucrative business for those who use the Internet for commercial advertising. Since email is reasonably inexpensive, senders can blast it out by the millions at a rate much faster and cheaper than using other means such as that delivered by the postal service. Spammers can use automated programs to find email addresses on the Inter­net very quickly. Unchecked, spam will not only overwhelm legitimate mes­sages but may include viruses that can be dangerous to your computer. Always run antivirus software and keep it up to date.

There are several ways to prevent spam email from reaching you:

• Block junk email. Many email programs have built-in filters that can help you separate spam from your wanted email. You may also try to enlist the help of your Internet Service Provider (ISP). The current version of Microsoft Outlook offers more sophisticated filtering capabilities than earlier versions.
• Hide your address from spammers by setting up a separate email address dedicated solely to Web transactions. Also, watch out for checked boxes when buying things online, as this may indicate that you are giving the company permission to sell or give your email address to other parties.
• Review privacy policies when signing up for Web-based services. This policy should outline the terms and circumstances regarding whether the site will share your information.
• Avoid listing your email address in large Internet directories.
• Don’t set up email accounts to generate automatic responses while you are away from the workplace. This will only verify your email address to those spammers who send you spam while you are away.
• If you have an email address listed on a Web page, consider opening or using a free account. If the Web site is University- related, consider using a departmental account and put that address on the Web page.

Despite your best efforts, you will probably still be subject to a certain amount of spam. Some tips for dealing with spam are:

• Don’t reply to any emails asking for information. If the spam seems to be coming from a disreputable source, do not follow the unsubscribe directions. This only verifies your true email address.
• Don’t buy anything from a spam email.
• Treat an email from a charity asking for money as spam. If you believe in the charity, contact them directly.
• If you can’t confirm that the sender is valid, delete the message immediately without opening any attachments.
• Don’t forward chain email messages, such as messages that state "Send this on to all of your friends."

In most cases, it is usually best to decline from providing your email address to any company or organization. UITS at IU offers an antispam service that quarantines suspicious email. This service scans all incoming email for potential spam. For more information about the IU spam quarantine service, see:

http://kb.iu.edu/data/spam.html

For information about other spam filtering options, see:

http://kb.iu.edu/data/alfb.html

You can purchase disposable email addresses from address services such as http://www.spamex.com or http:// www.mailshell.com. For a fee, these services allow you to create a new disposable email address whenever you need to supply one. If spam starts coming to one of the disposable addresses, you can simply turn off the address. You may also be able to determine who supplied your address to spammers.

Return to Top

Protecting Against Phishing (Spoofing)

Phishing is a method that uses spam or pop-up messages to steal identities. Typically it involves an official looking email spoofing its origin to look like it is from a credit card company or bank, or even from Indiana University. It may inform you that a security breach or system failure occurred and states that you need to go to their Web site to verify certain information related to your account. The Web site will look virtually identical to the actual institution’s Web site, but it is counterfeit intended to lead persons into divulging information required for identity theft. To view some samples of current phishing Web sites, go to:

http://www.antiphishing.org/phishing_archive.html

E-mail attempts to obtain personal financial information for fraudulent purposes is growing dramatically. Some tips to avoid getting hooked by a phishing scam are:

• Do not reply or click on any links in an email or pop-up message asking for personal information. If you believe the contact may be legitimate, contact the organization or company using a legitimate phone number, or open a new Internet Browser session and type in the company’s main Web address, and search for information about the request.
• Never provide your account password over the phone or in response to an unsolicited Internet request.
• Don’t email personal or financial information. If you initiate a transaction through a Web site, be sure that the site is secure.
• Review account statements regularly to ensure all charges are correct.
• Report suspicious activity to the Federal Trade Commission (FTC) through the Internet at http://www.ftc.gov/bcp/edu/microsites/idtheft/ or by calling (877) IDTHEFT.

If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you have been scammed, file your complaint at http://www.ftc.gov. Also, if you fall victim to an attack, alert your financial institution immediately. Place fraud alerts on your credit cards. Monitor your credit files and account statements closely.

For further information regarding email fraud and phishing and what to do about it, go to the IU Knowledge Base at:

http://kb.indiana.edu/data/afvn.html

Return to Top