Spam email and Phishing

Phishing is a form of online identity theft in which fraudsters trick users into submitting personal information to illegitimate websites.

Spam is the electronic equivalent of the ‘junk mail’ that arrives on your doormat or in your mailbox. However, spam is more than just annoying. It can be dangerous – especially if it’s part of a phishing scam.

Info on current and previous issues can be found here:
Ursinus Phishing and Spam Issues

How to protect yourself against spam email and phishing 

  • Set up multiple email addresses
    It’s a good idea to have multiple email addresses:
     
  • Ursinus Email address
     
    • This should only be used for Ursinus related communications and activities.
      This may reduce the number of spam and advertisement emails received within your Ursinus email.
  • Private email address
     
    • This should only be used for personal correspondence. Because spammers build lists of possible email addresses – by using combinations of obvious names, words and numbers – you should try to make this address difficult for a spammer to guess.
    • Your private address should not simply be your first and last name – and you should protect the address by doing the following:

      Never publish your private email address on publicly accessible online resources.
      If your private address is discovered by spammers – you should change it. Although this may be inconvenient, changing your email address will help you to avoid spam.
       
  • Public email address
     
    • Use this address when you need to register on public forums and in chat rooms, or to subscribe to mailing lists and other Internet services. The following tips will also help you to reduce the volume of spam you receive via your public email address:
    • Treat your public address as a temporary address. The chances are high that spammers will rapidly get hold of your public address – especially if it is frequently being used on the Internet.
    • Don’t be afraid to change your public email address often.
    • Consider using a number of public addresses. That way you’ll have a better chance of tracing which services may be selling your address to spammers.

 

  • Other important suggestions:
  • Never respond to any spam
  • Most spammers verify receipt and log responses. The more you respond, the more spam you’re likely to receive.
  • Think before you click ‘unsubscribe’.  Spammers send fake unsubscribe letters, in an attempt to collect active email addresses. If you click ‘unsubscribe’ in one of these letters, it may simply increase the amount of spam you receive. Do not click on ‘unsubscribe’ links in emails that come from unknown sources.
  • Keep your browser updated
  • Make sure that you use the latest version of your web browser and that all of the latest Internet security patches have been applied.

 

 

Best Ways to Avoid Phishing Scams

Whether it’s getting access to passwords, credit cards, or other sensitive information, hackers are using email, social media, phone calls, and any form of communication they can perform to steal valuable data. Businesses, of course, are a particularly worthwhile target.

There are various phishing techniques that attacker uses:

  • Embedding a link in an email that redirects your employee to an unsecured website that requests sensitive information.
  • Installing a virus through a malicious email attachment or ad which will allow the intruder to exploit loopholes and obtain sensitive information.
  • Spoofing the sender address in an email to appear as a reputable source and request sensitive information.  Email spoofing is the forgery of an email header/address/content so that the message appears to have originated from someone or somewhere other than the actual source. 
  • Attempting to obtain company information over the phone by impersonating a known company vendor or IT department.

Due to improper readiness and awareness about the phishing attacks, many fall prey to phishing attacks.

There are several factors to consider to avoid falling victim to phishing attacks:

Never respond to emails that request personal financial information:

Ursinus College, Banks and e-commerce companies generally send personalize emails to their customers, while phishers do not. Phishers often include some sensational messages, (e.g., “Urgent – your account details may have been stolen”) to get an immediate reaction from the recipient. Due to security reasons, reputable organizations avoid asking personal information from their customers in an email. Even if the email seems legitimate, don’t respond. Contact the company by phone or by visiting their website. Pick up the phone and speak to a real person, or type the URL in yourself by hand rather than clicking a link in a suspicious email.  Or call Ursinus Tech Support for assistance.

Avoid clicking on provided links in suspicious emails:

Most of the phishing emails contain some URLs that redirect you to the page where entries for financial or personal information are required, or they may ask you to enter your Ursinus username and password. That page is delicately built to replicate some other trusted website to gain users trust. So, you should never make confidential entries through the links provided in the emails. Make sure to type the URL yourself to avoid any phishing scam.

Never give or enter your username and/or password to anyone.  Ursinus or any legitimate organizations would never request that information.

User training:

A big component of protecting against phishing is knowledge. It is best to be informed and make sure you understand the risks when opening email attachments or clicking on links from unfamiliar sources, for these can lead to malware or virus infection. 

Be cautious about opening attachments and downloading files:

Web browsers provide settings to prevent access to malicious web pages, and when you try to access a malicious site, an alert message will appear. Don’t ignore such warnings and avoid surfing that website or accessing that file. Be aware of malicious files, a phishing attack can be sent to you as an attached file. Make sure that you are expecting any file or the sender of the source is trusted party. Never download files from suspicious emails or websites.

What’s the easiest way to check if you are being Spammed, Phished, Scammed, or Tricked?

Do not click on any questionable emails or links.

Do not give out any info if you are contacted by phone - just hangup.

and…

Contact Tech Support at 610-409-3789.