Unwanted email messages can range from mildly annoying to downright dangerous. CUMC uses a security filter to scan all messages and block known spammers, phishers, and malware, preventing many unwanted messages from reaching your inbox. Unfortunately some may slip through as attacks evolve, making it necessary for everyone to be informed and vigilant when using email.
Understanding Unwanted Messages
Targeting a wide audience and tempting or pressuring recipients are standard techniques used by spammers and hackers. Always be wary of the following no matter who the sender seems to be:
Following are common nuisances and threats with best practices on how to deal with each.
- A message you aren't expecting. Most attacks aren't so targeted that they know specifics about what you're communicating with others. However...
- Context that seems specific but is actually vague can be a way appear authentic. Examples include contacting you about your account or password, an invoice, or claiming to be from support, the help desk, etc. Consider how many people have an account of some kind, receive invoices, use technical support etc. as part of their work or education.
- Stressing urgency or an immediate deadline is often a way to get you to click on a phishing link or open an infected attachment. Taking a little extra time to verify that a message, link or attachment is safe before acting will prevent a majority of bad outcomes, from minor hassles to those with serious legal and financial repercussions.
Spam and Junk - these are simply unsolicited messages that are often sent in bulk. Examples are get rich quick schemes, bogus supplements, and offers for unwanted services.
What to do about it:
- Never reply, click on a link in the message, or open any attachment. Junk messages may actually be more serious threats such as phishing or malware, topics covered below.
- Block the sender. Use a blocklist to bar any future emails from the sender. Instructions are based on whether the "To" line is addressed to your @columbia.edu or @cumc.columbia.edu email address.
- Report bad messages. Forward the message with "full headers" showing; this provides some necessary details that can be used to block a sender and improve the spam filter for everyone.
- Safeguard your email address. Don't use your work or main email address to register for shopping websites, to play online games, download software, join a discussion group, etc. - avoid submitting an address altogether or use a "disposable" free account such as yahoo or gmail. If you can, also avoid having your email published on a public-facing website.
Phishing - emails can be used to "phish" for private, personal, or company information. These messages often urge you to click a link to a website that appears legitimate, yet entering information - or even just using the link - can mean bad news. Examples include urgent requests to help someone in a financial bind or fix issues with your account or password. On close read they are actually vague about the perceived issue, may contain spelling or grammatical errors, omit alternate contact information, and stress urgency as a way to get you to click a link or respond.
This example points out suspect areas of a somewhat well-crafted phishing email:
What to do about phishing:
- The sender appears to be valid support, but keep in mind that the address can be "spoofed".
- The message stresses urgency to pressure you into clicking a link without verifying it first.
- Hovering your cursor over a link may reveal a false address, unrelated to your account.
- The signature seems valid but is still rather vague.
Follow the same steps for Spam and Junk with these additional precautions.
- Don't click on a link in the message. If you have an account with the organization, open your web browser and type in their valid website address (ex: www.cumc.columbia.edu/it or www.ebay.com). Once there, use links in the site to manage your account or password.
- If you use a link or provide information, change the account password and contact support. Information entered in a phishing site can open your account to use by others; changing your password right away prevents further use. Contacting account support lets the valid organization know to look for possible issues and advise you if other steps need to be taken.
- If you click a link, use a security program to scan the computer or device. The equipment you used to go to the site may have become infected with a virus or other malware. Symantec Endpoint Protection is free for Columbia users and is installed on most workforce computers. Open the device's security program, make sure it has received current updates ("definitions" or information on new viruses, threats etc.), then run a full scan of the device to look for issues.
Attachments, Viruses and Malware - email attachments are still a very common way to spread viruses, ransomware, and other malicious programs. Ransomware is a more recent type of infection that encrypts data on the computer or even external and network drives connected to it, then demands payment by a deadline to decrypt the files. Examples range from emails with incredibly vague text such as "here's your file", to those that seem trustworthy because you recognize the sender and have received attachments from them before.
What to do about attachments:
- Do not open an attachment unless you are 100% sure it is intended for you and is not infected. Viruses and malware that have infected other email accounts will use them to send messages to others, or the sender's address may be "spoofed" so it appears to be from someone you know. If unsure, contact the sender by phone or send a fresh message to verify.
- Save and scan attachments before opening. Most antivirus and security programs such as Symantec Endpoint Protection can immediately scan a saved file by right-clicking on the file (command-click on a Mac) and selecting "Scan for viruses" from the menu that appears.
- Know how to use your security program and check it regularly. University policy requires that each user ensures the computer they use is protected with a program that performs antivirus/spyware scans and gets at least daily virus definition updates. Take a little time to review your security program and know it is operating properly; open the program to read its help files or instructions, see information on the vendor's website, or ask your support for help.
| TOP |
Last updated 12/04/2015