Help
Home

Spam & Phishing


SPAM & PHISHING

Spam & Phishing

E-mail is an indispensable communication tool, as it provides a reliable, fast, and free way to communicate with others. Unfortunately, it too has its downsides when you receive mail that is inappropriate, unsolicited, unwanted, or irrelevant. Spammers often flood your inbox with promises of free vacations, free credit repair, dramatic weight loss, advance loans, free adult entertainment, and much more. Some spam has become even more potentially damaging. “Phishing" is a form of spam that fraudulently misrepresents the sender as a trusted authority, e.g., your bank, a social networking service, even the University. The phisher's intent is to acquire sensitive personal information about you, such as your Social Security number, your birth date, or credit card and banking information. Spam and phishing are multi-billion dollar industries aimed at exploiting and defrauding you. You should use the tips and tools described in this section as well as your common sense to keep yourself safe while using e-mail.

 

Why Should I Worry?

Spam

SpamSpam is an aggressive, ethically suspect form of marketing, similar in nature to telemarketing. Through various means, spammers assemble massive lists of email addresses to which they can send solicitations, advertisements, and other messages. If you have published your e-mail address on a website or discussion board, shared it in a chat room, or posted it in on an online membership directory, your address is probably on some spammer's list somewhere. Unlike telemarketers who have to call one number at a time, spammers can send millions of email messages with just one mouse click. Spammers use a variety of techniques to make you think the message is legitimate or from someone you know. Spam messages will sometimes include your name or imply that you asked to be contacted. Not only does spam clog your inbox, but the messages can also contain inappropriate content, even pornographic images. Spammers also use enticing messages to commit fraud and identify theft.

Phishing

Trusted Bank Example E-mailPhishing is spam that contains deceptive, enticing, or even coercive messages aimed at fooling users into sharing private, personal information with the sender so they can commit fraud and identity theft. Phishers generally send e-mail messages posing as valid and trusted entities such as banks, social networking sites, or even universities. The recipient is then instructed to reply either to the email or to follow a link in the message to login to their account. Sophisticated phishing messages can look very legitimate. Phishers have been known to replicate the design of banking, e-commerce and other websites down to the pixel to trick people into divulging their private information. Be wary of entering information on a website — no matter how official it may look — if you reached the site by clicking on a link in an e-mail message.

Here is an example of a phishing email that was recently sent to BYU students and employees by a spammer.

 

 

Dear Byu.edu email account user,
We are currently verifying our subscribers email accounts in order to increase the efficiency of our webmail features.
During this course you are required to provide the verification desk with the following details so that your account could be verified.
Email Username:……………
Password:……………
Country or Territory:……………
Kindly send these details so as to avoid the cancellation of your email account.
Thanks Byu.edu Team

 

This email did NOT come from BYU and its only purpose was to gather NetIDs and passwords for fraudulent purposes.

Websites & Pop-ups

Another tactic might be to use a website to gather sensitive information mentioned above. An email message or a pop-up window might ask you to click on a link. The link may look like it is the correct address, however it may be a disguise for a link to another website which the phisher has created to imitate and mimic the trusted website. Even when using server authentication, detecting a fake website may require great skill.

 

Tools, Tips & Tricks

 

Dos and Don'ts

  • - Avoid replying to email that solicit personal or financial information. Legitimate companies do not request this type of information by email.
  • - Avoid emailing personal or financial information.
  • - Avoid providing personal or financial information to pop-up windows on the Internet unless you absolutely trust the website.
  • - Always check sites for a security certificate
  • -Avoid calling phone numbers that require you to "update your account information" or "access a free refund" - if in doubt call the numbers that your bank has provided.
  • - Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
  • - Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.
  • - Forward phishing emails to spam@uce.gov – and to the company, bank, or organization impersonated in the phishing email. You also may report phishing email to reportphishing@antiphishing.org.
  • - If you've been scammed, visit the Federal Trade Commission's Identity Theft website at ftc.gov/idtheft

 

How can you reduce the amount of spam you receive in your inbox?

  1. - Before you submit your email address to a website, check the company policy agreement to make sure they will not sell your address to third-party companies.
  2. - Use an email filter. The email client you are using may offer a tool to filter out spam, or a way to send spam email to a bulk folder.
  3. Decide if you want to have multiple email addresses. You could use one address for personal messages, and another email address for newsletters, special offers, etc.
  4. - Use a unique email address. A common email address such as johnsmith@gmail.com may receive more spam than a unique email address.

 

What can you do with spam and phishing emails you receive?

  1. - Send a copy of the spam or phishing email to the Federal Trade Commission to spam@uce.gov.
  2. - Send an email to the sender's Internet Service Provider (ISP). Many ISPs will remove the email address of the individual(s) who are sending spam or phishing emails.
  3. - Depending on your email provider, you may be able to mark the email as spam, or place it in a bulk folder.

 

Spam Filtering & Anti-Phishing Software

 

E-mail providers (e.g., Hotmail and Gmail) provide user-configurable spam filtering. You can adjust the stringency of spam filtering up or down to reduce the amount of spam that makes it into your inbox. While you might be tempted to set your spam filter to the most stringent level, doing so might send legitimate messages to your spam folder instead of your inbox. If you choose to strictly filter spam, you should occasionally check your spam or "junk mail" folder for messages that were over-filtered.

If you have a byu.edu e-mail address, you will notice that most spam is filtered before it reaches your inbox. If you use an e-mail client (e.g., Outlook or Thunderbird) you can filter messages as you download them. There are additional options available in these tools filtering junk mail, including flagging particular e-mail senders as spammers, filtering words and phrases, etc. This software also allows you to hide images in e-mail messages until you choose to view them. This feature can be particularly helpful if you're receiving spam with objectionable or pornographic images.

Many community-based tools offer to check websites for malicious or suspicious content. They may provide helpful information to detect phishing such as displaying the site's security standards; detection of fraud emails/websites; displaying a site's hosting location - for example, a local bank hosted in south-east Asia might be fraudulent; and detecting potential phishing links.