Updated: Protect Your Computer from SPAM
15 August 2008
FastFacts
- Who: Students, Faculty, & Staff
- What: Protecting your computer from SPAM
An increasing amount of malicious spam is being delivered to campus users. Clients using UNCG's email system should be extremely cautious of unexpected third party email, even if the source of the email appears to be legitimate.
Examples:
- Subject line: CNN.com Daily Top 10
An email that is being sent by hundreds of compromised web sites has the subject line "CNN.com Daily Top 10" and appears to be a legitimate headline summary from CNN. Following the links in the email takes the user to a website that prompts you to update your Flash player. Users who do so have installed a Trojan Horse application that then installs additional malicious software on the users computer, compromising the system.
- Subject line: MSNBC News Alert
This email message claims to have breaking news alerts from MSNBC. The links that claim to take you to online news stories actually direct you to a malicious web page that will attempt to infect your computer with a Trojan Horse application. For more information, read Fake MSNBC news alerts used in latest malicious spam campaign.
- Subject line: You've received a greeting card
Be careful about opening emailed greeting cards. An e-card may contain links to malicious web pages that will attempt to infect your computer with a Trojan Horse application. You can check for a valid sender address by looking at the From address as it appears between the "greater than" and "less than" signs < > in the message header.
In the example above, "oemphzdvywnlmpamjija@ms52.hinet.net" does not appear to be a legitimate email address. In this case, the message should be deleted.
Note: Greeting card messages are being Quarantined, rather than deleted, so that you may review them in the event that the message is legitimate. Login to the PureMessage web-based interface to view your blocked messages.
Anti-virus (AV) and similar security software will not protect you from emerging threats. It will often take days (or weeks) before AV vendors can update their definitions to catch new threats.
To protect yourself:
- Do not open unexpected email originating from an off-campus address, especially if the subject line suggests it is spam
- Never follow a link provided in an email. What the link says and where the link leads to may be two different places.
- If you visit a Web site that prompts you to install software, don't. When you agree to install a program, you bypass many of the automatic security protections present on your system.
If you have recently received an email such as the ones described above and followed a link contained in the email, it is possible you have compromised your computer without further action on your part. If, upon visiting the site, you agreed to install software then it is almost certain that you have compromised your computer.
When a computer is compromised, clients working with restricted data should follow UNCG's Security Break Notification Protocol. Those not working with restricted data should call 6-TECH and request their computer be reimaged. Both groups of clients should immediately use the Self Service Password Resetting Form to reset their passwords using a computer known to be free from compromise.
If you are unsure of whether your data is considered restricted, refer to the University's Data Classification Policy.
If you have questions or need more information, please contact 6-TECH at (336) 256-TECH (8324) or 6-tech@uncg.edu.