Spoofs, spam, spim,
and phishing are terms every e-mail or IM user should know. Attackers may “phish”
for personal information by asking for passwords or account numbers through
a spoofed (counterfeit) e-mail/IM message or Web site that appears to come
from a trusted source. Spam (junk e-mail) and spim (junk IM messages) not
only clutter inboxes with annoying sales pitches but are frequently part
of illegal scams to steal money as well as identities. Take the
SonicWALL Phishing and Spam IQ Quiz or the McAfee Phish or Fake quiz & test your Phish IQ.
Never provide passwords, PINs, or other sensitive information via
e-mail or IM.
Be suspicious of “urgent” requests to click links, or
provide account information.
Most users get infected by clicking unexpected or suspicious links
in e-mail, IM messages or on questionable Web sites. Think before you
click!
E-mail attacks are common, so:
Never open unexpected attachments.
Never respond to spam, even to unsubscribe. Filter it within your Outlook Web Access (OWA) account or enable e-mail spam quarantining.
Never open chain e-mail claiming to contain virus fixes, patches
or warnings.
Avoid clicking on links embedded in emails. If you receive an email from your financial institution regarding account information or logins navigate to their site using your browser. Anyone with access to the stolen database can easily see that your email address is connected to a particular bank to make things look more credible.
Watch out for “deals”. People shop on the Internet for bargains and receive emails almost daily for some type of money saving deal. Watch out for suspect money saving offers that take you to malicious websites or cloned sites.
Keep up with your malware scans. You may never see it coming but clicking on a link or opening a file from a spammer may infect your computer with malware that will steal from you at a later date.
Be smart with your personal information. Don’t simply trust a company that emails you asking for important information (remember they will play on your sense of urgency).
If you think that an email request is legitimate, call the company and update the information over the phone.
Take your time when opening emails. Don’t be in a rush and don’t go through the motions when reading your mail messages. You may be busy, you may be trying to empty your inbox but you need to remember that attackers know all to well that when we get into a routine, we get careless and that is when they will try to strike.
E-mail
continues to be one of the most important methods of communication
-- and attack.
I never respond to spam, even to "unsubscribe". (What
is spam?)
I understand that the Sender listed in the "from:"
part of an email can be "spoofed" or faked. (What
is e-mail spoofing?)
I never provide, and understand that
legitimate companies, do not request, my passwords, PINs, or other
sensitive information via email. Any such requests are phishing attempts
used for identity theft. (What
is phishing?)
I understand that Information Technology will never
requests passwords, or other sensitive information via email, or send
virus fixes or patches as email attachments to campus.
