ITS Home  |  Service Catalog  |  Knowledge Base  |  Support Center  |  Contact ITS Service Desk     

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

A malicious email can look just like it comes from a financial institution, an e-commerce site, a government agency, or any other service or business. It often urges you to act quickly by getting you to click on a link or open an attachment because your account has been compromised or there is an urgent matter to address. The best way to report spam on campus is by marking it as junk or phishing in Outlook.

 What is spam? What is phishing?

Spam is the electronic equivalent of junk mail. The term refers to unsolicited, bulk – and often unwanted – email. 

Phishing attacks use email or malicious websites (clicking on a link) to collect personal and financial information or infect your machine with malware and viruses.

Spear phishing involves highly specialized attacks against specific targets or small groups of targets to collect information or gain access to systems. For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic, and because the recipient is already customer of the business, the email may more easily make it through filters,and the recipient may be more likely to open the email.

 How can I protect myself against spam and phishing?
  • Use an email filter
    Most internet service providers (ISPs) and email providers have spam filters; however, depending on the level you set, you may end up blocking emails you want. It’s a good idea to occasionally check your junk folder to ensure the filters are working properly.
  • Limit your exposure
    You might decide to use two email addresses — one for personal messages and one for shopping, newsletters, chat rooms, coupons and other services. Also, try not to display your email address in public. That includes on blog posts, in chat rooms, on social networking sites, or in online membership directories. Spammers use the web to harvest email addresses.
  • Check privacy policies and uncheck boxes

    • Check the privacy policy before you submit your email address to a website. See if it allows the company to sell your email to others. You might decide not to submit your email address to websites that won't protect it.

    • When submitting your email address to a website, look for pre-checked boxes that sign you up for email updates from the company and its partners. Some websites allow you to opt-out of receiving these mass emails.

  • Own your online presence
    Consider hiding your email address from online profiles and social networking sites or only allowing certain people to view your personal information. 
  • Don’t reveal personal or financial information
    Do not respond to email solicitations for this information. This includes clicking on links sent in email.
  • Pay attention to website URLs
    Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
  • Keep a clean machine
    Keep all software on internet-connected devices – including computers, smartphones and tablets – up to date to reduce risk of infection from malware. Sophos Central Endpoint Protection antivirus software is installed on all university-owned computers and you can install Sophos Home for free on your personal devices.
  • When in doubt, throw it out
    Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or – if appropriate – mark it as junk.
  • Create unique, secure, and strong passwords or passphrases
    Review Cal Poly's password requirements. Having separate passwords or passphrases for every account helps to thwart cybercriminals. Separate your work and personal accounts. Use a password manager like LastPass.
  • Report spam
    Most email clients offer ways to mark an email as spam or report instances of spam. Reporting spam will also help to prevent the messages from being directly delivered to your inbox. Visit Report spam or phishing to learn how to do this on campus via Outlook.
 What about spam & phishing on social networks?

Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites. The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts. 

 Why can't Cal Poly block all spam?

One person’s spam could be another individual’s required message.  We rely on Office 365 to preemptively block spam messages and marking them as Junk helps Office 365 improve their spam filters. The best way to report spam on campus is by marking it as junk or phishing in Outlook.

Resources






  • No labels