Dashboard > Documentation > Documentation on the Wiki > Email How to spot Viruses, Spam, Phishing
Documentation Log In   View a printable version of the current page.
Email How to spot Viruses, Spam, Phishing

Added by Jennifer James , last edited by Seth Rogers on Mar 07, 2006  (view change)
Labels: 
(None)

Viruses

The Office for Information Technology blocks email viruses on 3 levels.

  1. The anti-virus software running on our mail server checks each email for potential infection. When it detects a virus, it deletes the entire email without responding to the sender, as the senders address is often spoofed. The detection has to be an exact match. If the scanner thinks the email looks like a virus, but doesn't match it to a known virus, it will go through.
  2. The mail server blocks dangerous email attachments by "type" - .exe, .bat, .scr, .com - these are attachments that can run a virus or application on your computer, unlike a text document (.txt) which can be read but is totally benign. Word documents - .doc - are generally safe but they can be infected with Macro viruses. The infamous Melissa virus, which brought down Microsoft's mail server, was a Macro virus.
  3. Your OIT provided computer will have anti-virus software on it to block viruses that attempt to run on your system.

Sounds foolproof, right? Unfortunately, no. Network viruses (worms) can actually travel right over your internet connection and infect computers which do not have all critical updates and patches. Also, there will always be another clever virus writer who uses social engineering, rather than programming, to spread infection. Say you receive an email that appears to come from a friend. It reads: Hi Jim, (and your name is Jim) Due to the restrictions placed on attachments by the Computer Center, I'm sending this document as a .rar file. Just double click it and it will open in Word.

Would you be fooled? The above scenario is trivial to implement.

Spam

The Office for Information Technology has an Ironport server running Brightmail which checks our email for spam. Again, there are several layers of protection available to you.

  1. Our mail server checks incoming mail by identifying the server it is coming from. If the remote server is a know spammer then that connection is dropped immediately and the email is never delivered to your inbox. This method stops over 70% of the incoming spam.
  2. The anti-spam software checks incoming mail for known subject lines or common spam types. When this spam is identified it places it in your quarantine file and sends you a summary email for you to examine. You can access any email that has been quarantined by going to your account page at: http://www.williams.edu/go/myaccount The anti-spam software errs on the side of caution - the stated false positive rate is only 1 in 1,000,000, which is why some still gets through.
  3. Some email clients, notably OSX Mail and Outlook 2003, have their own spam or junk mail filtering. Normally we recommend leaving this off, as the potential for false-positives outweighs the benefits of reducing your already minimized spam.

If you do receive an obvious email spam and there is an option to "click here to remove yourself from this list", please do not do so. The link is most likely one that will only verify to the spammer that your email account is receptive to spam mail, and actively being read.

Phishing (Account and Identity Theft)

The Office for Information Technology has no direct way to block phishing attempts. When our spam filter recognizes a known phishing email, it will quarantine it, but there will be some that get through.

The term 'Phishing' (pronounced 'fishing') is exactly that, fishing for information - usually personal information such as account usernames and passwords, or credit card, bank account and social security numbers.

Phishing emails usually ask you to follow a web link which looks real (like accounts.ebay.com), but which actually redirects you to a fake site which also looks real. Something like ebay.verify.com.au sounds reasonable, but really has nothing to do with ebay. Whoever owns the site verify.com in Australia is then getting your information.

Once scammers have 'phished' out your information, they could use it in a number of ways. Your credit card could be used for unauthorized purchases, or your bank account could be accessed, or they may simply gather the information for identity theft. Just the information on your drivers license is enough (if you have the old-style SS# license).

When you receive a phishing attempt from a location where you actually have an account - there was a BankNorth email recently, and PayPal and eBay are often spoofed - rather than clicking on any links in the email, go to the bank or business web site manually, by typing it in to your web browser or using your own bookmark. They will often have information about any known phishing attempts directly on their home page.

Microsoft has put up a web page with comparisons of legitimate emails vs. phishing attempts that is enlightening: http://www.mailfrontier.com/forms/msft_iq_test.html
Powered by Atlassian Confluence 2.7.1, the Enterprise Wiki. Bug/feature request - Atlassian news - Contact administrators