MSU-Northern  
 
 Help Desk
MSU-Northern students, faculty and staff - Use the ITS Help Desk as the first point of contact for your technology problems, questions & services!

Information Technology Services Help Desk
Walk-in Support:
   Cowan Hall 117B Telephone Support:
    265-3765
E-Mail Support:
    itstech

Last Updated: 04-Nov-2013
Information Technology Services
Information Technology Services: E-Mail Safety & Spam

Because Email has become such an invaluable tool makes it a great way to transmit viruses and other malicious software. To protect that tool, Northern continuously scans and filters (blocks) high volumes of spam and malware-infected attachments destined for msun.edu inboxes. But technical mechanisms like scanning and filtering can only go so far: E-mail security depends on you too.

How they Find You

  • Public Web pages. If your address appears on a public web page, spammers can automatically harvest it.
  • Chat Rooms. Use your e-mail address in these groups and you're a target.
  • Dictionary Attack. Some spammers send e-mail to many addresses using combinations of names and numbers (ex: smith100, smith102, etc)
  • Online Registration. Disclosing your address when shopping online can unwittingly bring spam. The riskiest sites are those with no privacy policy (a statement that tells you what information the site collects on you and with whom they share it). But even a site that posts a policy can be risky if the policy allows for sharing your address with unnamed 'partners'.

Protecting Yourself

  • Be skeptical of attachments and minimize the use of attachments as much as possible. Even if you know the person sending you the message, if you are not expecting an attachment, don't open it. We scan e-mail contents for spam, and file attachments for viruses and other malicious software but we can't catch all dangerous attachments.
     
  • Be skeptical of links to web sites. LOOK at the link. Does it match the URL you know? Some common methods for obfuscating URLs:
    • transform the real URL by replacing characters such as an uppercase “I” with a lowercase “L” or the number “1” - so WWW.CITIBANK.COM might become WWW.C1T1BANK.COM
    • add a prefix or suffix to the real domain name, for example www.online-citibank.com or www.citibank-card.com
    And EVEN IF the URL looks correct, don't click on it. Type in the URL you know to be correct and navigate from there. Why? Because the underlying URL can be different from what is displayed in the email message. For example if you click on this link - http://www.msun.edu - you won't wind up at Northern's web site.
     
  • Never transmit financial, account or any other private information via email. Sending an email message is like sending a postcard: it is easily read by people other than those for whom it was intended, including by having others forward your message to others.
     
  • Avoid being "phished." Con artists try to trick you into providing personal information through email or onto a web page as though they were a vendor (such as PayPal or Citibank) with which you normally do business. More about phishing.
     
  • Avoiding spam (unsolicited email, a.k.a. junk mail). Northern blocks well-known sources of spam, but much of the spam out there cannot be filtered this way. Some tips to help avoid/reduce spam:
    • Never reply to spam - Even if there is an "unsubscribe" option. You are just verifying that they have found a good address.
    • Use disposable free email addresses (such as through yahoo.com) when filling out web forms or in chat rooms. You can discard the account when it attracts too much spam.
    • When filling out web forms, uncheck any boxes indicating you would like "additional information" or "product information from related vendors"
    • Also when filling out forms don't disclose your email address to a site without checking its privacy policy.
    • Never sign up with Web sites that promise to remove your name from spam lists. While some of these sites are legitimate businesses, others are actually spam address collectors. Being able to detect which is legitimate and which is not is a difficult task.
    • Don't forwarding chain letters, petitions or virus warnings. All of these could be a spammers ploy to collect addresses.
    • Don't buy anything promoted in spam. Even if the offer isn't a scam, you are helping to finance spam.

Top of page

Return to IT Security Home

 
Check this out too...
More information about:
 • not getting hooked by phishing schemes and other types of fraud.
 • read about spam filtering at Northern
Faculty/Staff
What's SPIM?
SPIM is spam via instant messaging. Configure your IM client to only accept messages from people on your buddy list.
"In-session" Phishing
"In-Session" Phishing attacks work like this:

1. You log onto your online banking web site. Leaving this browser window open, you then navigate to other Web sites.
2. A short time later a pop-up box appears, allegedly from the banking website, requesting your to re-type your username and password because the session has expired, or complete a customer satisfaction survey, or participate in a promotion, etc.
3. Since your recently logged onto the banking website, you will likely not suspect this pop-up is fraudulent and thus provide the requested details.

To protect your self from this type of attack:

1. Deploy Web browser security tools.
2. Always log out of banking and other sensitive online applications and accounts, close and re-open your browser before navigating to other websites.
3. Be extremely suspicious of pop ups that appear in a web session if you have not clicked a hyperlink.
What's Spoofing?
"From:" email header fields can be "spoofed". This means that a "From:" address may appear to be from someone you know, from some organization whose name you recognize or from an @msun.edu email account. In reality address is forged (spoofed) and the message do NOT originate from the address that appears in the 'From:' field.

It’s not convenient to do, but because of the possibility of spoofing, it’s advisable to contact anyone who sends you an attachment and make sure they did intentionally send it to you. And even if the email isn't spoofed, if that person’s computer is infected, there’s a good chance that they didn't even realize you received an e-mail message from them.

Report Security Incidents
Report stolen devices (laptops, tablets, etc) and suspected computer break-ins to ITS immediately. The sooner we know about an incident, the sooner we can respond, potentially limiting any damage.
Montana State University-Northern · P.O. Box 7751 · Havre, MT 59501 · 800.662.6132
Copyright © · Disclaimer · AA/EEO Statement · Online Privacy Statement
Since 1929