Because Email has become such an invaluable tool makes it a great way to transmit viruses and other malicious software. To protect that tool, Northern continuously scans and filters (blocks) high volumes of spam and malware-infected attachments destined for msun.edu inboxes. But technical mechanisms like scanning and filtering can only go so far: E-mail security depends on you too.
- Public Web pages. If your address appears on a public web page, spammers can automatically harvest it.
- Chat Rooms. Use your e-mail address in these groups and you're a target.
- Dictionary Attack. Some spammers send e-mail to many addresses using combinations of names and numbers (ex: smith100, smith102, etc)
- Online Registration. Disclosing your address when shopping online can unwittingly bring spam. The riskiest sites are those with no privacy policy (a statement that tells you what information the site collects on you and with whom they share it). But even a site that posts a policy can be risky if the policy allows for sharing your address with unnamed 'partners'.
- Be skeptical of attachments and minimize the use of attachments as much as possible. Even if you know the person sending you the message, if you are not expecting an attachment, don't open it. We scan e-mail contents for spam, and file attachments for viruses and other malicious software but we can't catch all dangerous attachments.
- Be skeptical of links to web sites. LOOK at the link. Does it match the URL you know? Some common methods for obfuscating URLs:
• transform the real URL by replacing characters such as an uppercase “I” with a lowercase “L” or the number “1” - so WWW.CITIBANK.COM might become WWW.C1T1BANK.COMAnd EVEN IF the URL looks correct, don't click on it. Type in the URL you know to be correct and navigate from there. Why? Because the underlying URL can be different from what is displayed in the email message. For example if you click on this link - http://www.msun.edu - you won't wind up at Northern's web site.
• add a prefix or suffix to the real domain name, for example www.online-citibank.com or www.citibank-card.com
- Never transmit financial, account or any other private information via email. Sending an email message is like sending a postcard: it is easily read by people other than those for whom it was intended, including by having others forward your message to others.
- Avoid being "phished." Con artists try to trick you into providing personal information through email or onto a web page as though they were a vendor (such as PayPal or Citibank) with which you normally do business. More about phishing.
- Avoiding spam (unsolicited email, a.k.a. junk mail). Northern blocks well-known sources of spam, but much of the spam out there cannot be filtered this way. Some tips to help avoid/reduce spam:
- Never reply to spam - Even if there is an "unsubscribe" option. You are just verifying that they have found a good address.
- Use disposable free email addresses (such as through yahoo.com) when filling out web forms or in chat rooms. You can discard the account when it attracts too much spam.
- When filling out web forms, uncheck any boxes indicating you would like "additional information" or "product information from related vendors"
- Also when filling out forms don't disclose your email address to a site without checking its privacy policy.
- Never sign up with Web sites that promise to remove your name from spam lists. While some of these sites are legitimate businesses, others are actually spam address collectors. Being able to detect which is legitimate and which is not is a difficult task.
- Don't forwarding chain letters, petitions or virus warnings. All of these could be a spammers ploy to collect addresses.
- Don't buy anything promoted in spam. Even if the offer isn't a scam, you are helping to finance spam.
Top of page
Return to IT Security Home 