IT News

Recognizing Malicious Email (Spam, Phishing, Spoofing)

What is phishing?

Phishing is a type of online identity theft.  It uses email and fraudulent websites that are designed to steal your personal data or information such as credit card numbers, passwords, usernames, or other information.

Phishing is typically carried out by email spoofing.  Phishing emails often contain deceptive links which take you to a fake web site whose look and feel is almost identical to the legitimate site.  Once on the fake web site, it urges you to enter and submit your personal information.

Cyber thieves send millions of deceptive email messages with links to fraudulent web sites that appear to come from trustworthy entities such as your bank or IT administrator.  Criminals can use this information for many different types of fraud, such as to steal money from your account, to open new accounts in your name, or to obtain official documents using your identity.

What is the Division of IT doing about malicious email?

Because it can be hard to distinguish a phishing email message from a legitimate email message, the WCU Division of IT has several layers of email filtering in place to automatically evaluate each incoming message to see if it is suspicious or contains suspicious links.   If one of our filters determines that a message contains suspicious content, the message is flagged as [SPAM] or [Possible Phishing Attempt].

Messages which are determined to be known spam or phishing attempts are not delivered to your WCU Inbox, but are placed in the Spam Quarantine.  A notification is sent to your Inbox with the option to recover the message to your Inbox.  Messages are automatically deleted from Spam Quarantine after 15 days.Currently, over 99% of all messages received by WCU email filters are identified to be spoofed, spam, viruses, scams, or phishing messages. These are filtered before they even get to your Inbox. The detection of malicious messages is still not an exact science, and so occasionally, legitimate messages can get marked as [SPAM] or [Possible Phishing Attempt].

The WCU DoIT makes every effort to only filter malicious messages.  When the reputation of a message cannot be determined with 100% certainty, it is allowed through to your Inbox. This is because WCU prefers to allow a message that it cannot classify with certainty as malicious rather than delete a legitimate message.

 

How to recognize scams

 

New scams seem to appear every day. You can learn to recognize a scam by familiarizing yourself with some of the telltale signs:

  • Alarmist messages and threats of account closures.
  • Promises of money for little or no effort.
  • Deals that sound too good to be true.
  • Requests to donate to a charitable organization after a disaster that has been in the news.
  • Bad grammar and misspellings.

 

What does a phishing email message look like?

Here is an example of a recent phishing scam sent to some WCU email accounts:

What should I do if I receive an email phishing scam?

 

If you think you have received a phishing scam, delete the email message.  Do not click any links in the message. [W1]

How do I report a possible phishing scam?

 

Please forward these messages to reportspam@email.wcu.edu  (also listed in the Global Address List as Report Abuse).

 

Support

 

If you have questions about malicious email, please contact the IT Help Desk.  The IT Help Desk can be reached by phone locally at 227-7487 or toll free at 866-928-7487, via e-mail at ithelp@wcu.edu, or via the Online Help Desk at http://ithelp.wcu.edu/.

 

As a reminder, IT Help Desk personnel will never ask you to confirm account information, such as username and password, through e-mail.

 

Official email communication from the WCU IT Help Desk will always be from email address ithelp@wcu.edu  and will always contain the following signature:

 

IT Help Desk

http://doit.wcu.edu

Check the status of your requests at any time at http://help.wcu.edu/ !

Western Carolina University

828.227.7487 local

866.928.7487 toll free

8am – 5pm EST M-F

 

*IT Help Desk personnel will never ask you to confirm account information, such as username and password, through e-mail.