Fraudulent Email

Overview

Spammers and Trojans and Phishing – Oh My!
Fraudulent email is on the prowl and it is important that you remain vigilant. Some of this unwanted mail is merely annoying while others are dangerous. How can you proceed with confidence knowing that you are safe from ambush?
The dynamic nature of the problem makes it impossible for us to provide you with an exhaustive description on how to identify threats. There are however, a number of tell-tale signs that help you identify what type of email you are viewing.

Types of Fraudulent Email

Spam Unsolicited commercial email sent indiscriminately to large numbers of people. These have two general uses: 1. To entice you to purchase items 2. As feelers to legitimize your email address which will be subsequently be sold to other spammers
Phishing An email message which attempts to collect personally identifying information which can be used for identity theft. Examples include social security numbers, account numbers, and passwords.
Virus A malicious program which attempts to launch itself on your computer through some innocuous human interaction action (i.e. clicking a “Cancel” button). These take advantage of security vulnerabilities which is why a properly patched system has far less chance of contracting a virus.
Trojan A type of virus which, rather than exploiting a system vulnerability, attempts to exploit the reader’s gullibility. (i.e. Click Here for your Free Download!) Well written and targeted Trojans can be quite compelling.
Worm Another type of virus which uses your network access to other computers to propagate itself to other computers.

Tips for Identifying Fraudulent Email

• Your evaluation of an email message should never be based on:
-The from address – This is easily spoofed
-Recognized logos or graphics – These can be copied and pasted by anyone
-Threats – Your account will be closed!
-Promises – You’ve been selected as a finalist!

• No legitimate sender will ask you for a password or other confidential information via email.

• Links to unknown websites are common and a sure sign of email fraud.
For instance, mail that claims to be from ECS that asks you to click a link which points to emailadmin@ctgov.pl is phishing. Note: The link may not point to the site it claims. To see where it really goes, hover over it with the mouse cursor without clicking. In most mail programs, the status bar will show the true destination.

Identifying Legitimate Messages

Content: The best indicator is reviewing what the preview panel shows you about the email. Ongoing discussions or private (as opposed to personal) information can quickly convince you that the message originated from a friend.

Digital Signatures: These can guarantee that a message is legitimate but you have to know how to check the certificate.

Common Questions

Will antivirus software help protect against email?
Definitely. You should keep antivirus software installed and up to date on your computer; this will trap almost all viruses and prevent them from infecting your computer. For more information see the UITS page for antivirus.

What do I do if I receive a phishing (or other type) of email?
Delete it. Don’t open the message or any attachments, don’t click links, and don’t unsubscribe, just delete it. Unless you have a particular question, don’t forward it to us either; we already know spam is a problem and are actively working to combat it.

Should I “unsubscribe” from email lists?
If you know that the email list is legitimate and you want off, unsubscribe. If you do not know where the message originated, then delete without unsubscribing. Clicking the unsubscribe link will let the sender know that he has reached an occupied mailbox.

Is it OK to download images that come with email?
By default, your mail program should block all images linked to the message and give you an option to download pictures. If the originator of the message is not known, you should decline. This has the same effect as clicking “unsubscribe”. Graphics are frequently used as beacons to help spammers identify live mailboxes.

After you have decided the message is legitimate, downloading images is not a threat. In the past there have been vulnerabilities in the image rendering software allowing the entrance of viruses but these have been resolved and not seen in quite a long time. Note: some images are embedded instead of linked and will display regardless. This is not a problem as they do not “phone home” when viewed.

Is spam illegal?
Ironically, spam laws are designed to protect, not eliminate, unsolicited commercial email. That is, legitimate companies lobby for and follow laws like CAN SPAM in an effort to keep the riff-raff out of their market segment.

Why “spam”?
It is commonly believed that the term originated from a Monty Python skit – no one knows this for sure. For those interested in evaluating this historical tidbit for yourself, you can watch the skit here.