Has your inbox seen an uptick in spam messages in the last twelve months? Cisco’s annual security report (available for download) revealed that spam has increased over 250% from January 2014 through November 2014.
Spam is more than just an inconvenience; spam can carry viruses and malware, spam can encourage you to share private account information, and spam can significantly hinder productivity.
How Should I Deal With Spam In My Inbox?
First, use available tools to “mark” the applicable messages as spam. If you use a hosted spam filter solution from ITS, you can “junk” these messages by logging into your spam filter account. You can also forward spam messages to firstname.lastname@example.org. Telling the spam filter about new spam trends helps train the filter and block more spam in the future.
Gmail (both @gmail.com and @yourdomain.com) users will use the “report spam” button to train the Google spam filters.
Hosted Exchange users through ITS will soon have access to added security through McAfee Email Protection. This integrates with Hosted Exchange to provide individualized control over your inbox and spam preferences.
After you have marked the message as spam, delete the message (or leave it in your spam folder to be deleted automatically on its own). Many spam messages have an “unsubscribe” option at the bottom of the message, or ask that you reply to their message with “unsubscribe” in the body or subject. If the email is truly spam, both of these options are harmful – this relays to spam senders that your email address is real, and opens you up to more spam opportunities.
Newsletters and legitimate storefronts often have an unsubscribe option at the bottom of their emails; these are safe to click. Some companies utilize a service called SafeUnsubscribe to handle their subscription lists.
What Types of Files Are Safe To Open?
Some spam messages include files or packages that contain viruses or malware. The general rule is: if you aren’t expecting a file from the sender, do not open the file. Some often-used file extensions for sending viruses are: .zip, .exe, .bat, .msi and .jar. Crafty senders can also include files like this: familyphoto.jpg.exe. The last extension in the filename is the one that matters; this is definitely not a family photo!
Some Spam Is Tricky!
The trickiest types of spam are the emails that encourage you to visit a website and provide account information. These may look like notices from your cell phone company, your bank, a shipping provider, or a government entity.
In this example, we received a payment confirmation from the NYC Department of Finance. As we had not visited NYC recently, nor was this our credit card number, this phishing attempt was easy to distinguish. It’s likely that the .zip file carried an unpleasant virus to install on our computer, and visiting the website to learn more about our payment could have resulted in a “drive-by download.” Drive-by downloads install viruses or malware on your machine when you visit a specific website. This particular website could have also been a phishing attempt, to get us to enter our credit card information.
Our next phishing example is more believable: it appears that someone has used our PayPal information to make a purchase. The “To:” field in the email appears to be from PayPal; this is called a spoof. Hovering over the links in the email without clicking reveals that they do not lead to a PayPal website. Fine print at the bottom of the email also reveals some British English word spellings, which is atypical of PayPal correspondence in the US.
Yikes! I’m Sending Spam!
Are you sending spam? Immediately, change your email password. (Remember, this will also require that you enter the new password in your phone or other devices if they receive email)
You should also follow this with a reflection: were you using a strong password? Did it have uppercase and lowercase letters? Numbers and/or special characters? Did you ever visit a website that required you to sign-in, and you used your email address for your username and the same password on the website as you do for email access?
Making good choices regarding spam and password security keeps your inbox, computer and network safe!