February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
June 2007
May 2007
April 2007
March 2007
January 2007
October 2006
September 2006
July 2006
April 2006
February 2006
November 2005
May 2005
March 2005
November 2004
September 2004
August 2004
May 2004
April 2004
February 2004
January 2004
December 2003
November 2003
August 2003
Top 10 Summer Projects for Info Systems
EX Implementation Blog Launched
South Campus Power Failure Puts User Services in High Gear
Internet Bandwidth Increase for 2008
Budget Planning 2008-09 and Technology
IS Office Changes - December 2007
REMINDER: Banks Won't Send You Security E-Mail Messages!
Z drive changes for Fac-Staff
Jenzabar EX Implementation Kickoff Events
Communications from Information Systems management to the EMU Campus Community
February 14, 2006
Phishing: All Bank "Account Suspension Notifications" are Bogus!
This title is a bold one, but one we believe to be true -- and we want all EMU email users to be aware of it. Phishing will steal your identity! Period. An example of a phishing message recently received can be seen here. We wish our spam filtering could catch all of the nasty stuff, but it can't because it must "learn" to identify each new threat that the spammers and phishers broadcast to email users.
If you are not familiar with the term "phishing" at www.dictionary.com you will find it defined to be "A method of identity theft carried out through the creation of a website that seems to represent a legitimate company."
Ultimately you are your own best defense against phishing. We offer the following to assist you in becoming a security savvy email user:
1. No bank will EVER send you an email notice telling you that your account needs to be "re-verified" or is about to be "suspended". Just DELETE it.
2. If you get an email message from someone you were not expecting or don't know, it is best to view it with lots of suspicion. You don't have to "open it" just because you got it. When in doubt, "just DELETE it".
3. If you get a message from someone you do know but its content does not seem relevant to the person sending it then view it also with lots of suspicion. Just because it says it is from someone you know does NOT mean they sent it. The FROM address on an email is very easy to fake. It is ok to "just DELETE it".
The Information Systems Helpdesk receives several inquiries each week from EMU users asking about odd email messages they get and why this "is allowed to happen". We have a number of "defenses" in place to deal with bogus and/or dangerous email messages. Over half of the nearly 30,000 email messages received from the Internet by our servers each week-day are not legitmate email messages. The following mechanisms are used to deal with these email messages:
1. SPAM SERVER BLACKLIST: Info Systems purchases a list that is continually updated with known spam email servers and we reject any messages coming from these servers.
2. VIRUSES: Sophos Anti-Virus, in addition to running on individual PCs used on campus, is also running on our email servers. Any attachments found to contain attachments with viruses are "dropped" (no notices are given to anyone about them).
3. DANGEROUS ATTACHMENTS: Mimedefang is an open source program that we use to evaluate all attachments. If the attachment is one on the "dangerous types list" (based on the file name extension) it will be stripped from the message and a warning message will be included in the message to the user with the name of the file and instructions to contact the sender and if the file is needed have it sent with a "safe" extension.
4. SPAM FILTER: Pure Message is a program from Sophos that runs on our mail servers. Each email message is evaluated by Pure Message which looks for spam patterns in both the visible text of the message as well as the invisible header information. A spam index is calculated and depending on the value of the index the "[PMX:#" to "[PMX:#####" text will be added to the message subject which can then be used by Webmail or another email client to filter the message to a junk folder.
After going through all of these checks plus a few more exotic ones deep inside the email servers, over half of the messages we receive are either dropped, rejected (i.e. a rejection message returned to the sending server) or are marked as possible spam with the "[PMX:#" designation.
If you have questions about your email, please don't hesitate to contact the Information Systems Helpdesk (x4357, 540-432-4357 or helpdesk@emu.edu)
NOTE: The sample message referred to at the beginning of this article was received 2/14/06. The pattern of this message will likely be included in one of the Pure Message updates that will be received within 24 hours of the message being received and any future messages conforming to this pattern will be marked as spam.
Posted by ruttj at February 14, 2006 02:08 PM
