Transcript What is Bad Email?

What is Bad Email?
Spam, Phishing, Scam, Hoax and
Malware distributed via Email
Spam:
Spam is unsolicited or undesired electronic
junk mail. Characteristics of spam are:
•
•
•
Mass mailing to large number of recipients
Usually a commercial advertisement
Annoying but usually harmless unless coupled with a
fraud based phishing scam
Advertising and great deals
Do I know this person?
S
P
A
M
Warning from Google-nice job
Google
Sent to a large number of users at once
These emails often end up
in our spam folder because
of our spam filters in place
Is this a trusted website?
E
X
A
M
P
L
E
S
S
P
A
M
&
P
H
I
S
H
I
N
G
americanexpress.com is the
legitimate address not aexp.com
Sent to a large number of users at
one time
Generic greeting
Asking you to click on a
link that goes to a
fraudulent website. Hover
over the link to see where
it really goes
E
X
A
M
P
L
E
Phishing Email:
A phishing email is a fraudulent message carefully
crafted to trick you into giving up your password or
other sensitive information. Financial gain and
criminal activity are the key motivations for email
phishing. Characteristics of phishing emails are:
•
•
•
•
•
Invoke a sense of urgency
Asking you to click on a link embedded in the email that has no
affiliation with the organization it is masquerading as
Asking for passwords or other sensitive information such as a
social security number
Generic greetings and signatures
Odd spelling or grammar
P
H
I
S
H
I
N
G
E
X
A
M
P
L
E
Scam Email:
Email fraud or scams can come in many different
forms such as job scams and lottery scams. They are
cons and share the same characteristics:
• Requests for money
• Requests to cash a check, wire money, or set up a
bank account
• Promises of money for little or no effort
• Odd grammar and misspellings
Email address looks real
but does not actually exist
J
O
B
S
C
A
M
Asking you to respond to a non-SLU
email address
Odd
grammar
Too good to be true
Not a SLU person and
no contact information
E
X
A
M
P
L
E
J
O
B
S
C
A
M
E
X
A
M
P
L
E
Asking you to send personally
identifiable information such as
SSN, drivers license or other ID
Hoax Email:
A hoax email is also known as a spoof email. The
sender alters part of the email such as the senders
name or address so it appears to come from a
legitimate source. Characteristics of hoax emails are:
•
•
•
•
•
Spread urban myths or outlandish stories
Sell a bogus product or market an online service
Spoofed email address to appear legitimate
Odd spelling or grammar
Promise or request of money
H
O
A
X
&
S
C
A
M
This could be a spoofed
email address or
compromised account of
a SLU student so it looks
legitimate
Invoke of sense of urgency
or need
Sent to a member of
the students contact
list
Poor punctuation
and odd grammar
throughout body of
message
Actual signature of SLU
student
E
X
A
M
P
L
E
Malware distributed via Email:
Malware, or malicious software, is software used to disrupt
computer operation, gain access to private computer
systems or gather sensitive information. Attachments in
emails and internet advertising are two ways malware is
distributed. Some types of malware include:
•
•
•
Viruses, ransomware, worms, Trojan horse, rootkits, keyloggers,
dialers, spyware and adware
A common Trojan horse masquerades itself as anti-virus software.
The Trojan presents itself as something harmful or useful in order to
get victims to install it on their computer
Could be a keystroke logger that can capture all your passwords!
M
A
L
W
A
R
E
Often sent from someone you
trust without their knowledge
Enticing subject line
Generic looking
attachment or link
that will download
malware to your
computer without
your knowledge
E
X
A
M
P
L
E
What do I do with Bad Email?
•
Spam or phishing from an unknown sender can be marked as spam within your email program. This
alerts Google to begin blocking the sender address. Other bad email such as hoaxes, can just be deleted
unless…..
•
Bad email from a known sender such as someone in your SLU contact list might indicate they have a
compromised account. Forward the email to helpdesk @slu.edu so it can be investigated.
•
Phishing email that is concerning, can be forwarded to the helpdesk so they can be investigated. Once
forwarded, choose the report phishing option within Google. This alerts Google of the fraudulent
activity.
•
Other bad email that is concerning, such as those that might contain a malware attachment or job
scams, can be forwarded to the helpdesk.
•
If you have responded to any of these emails with personal information, or clicked on links that may
have downloaded malware, please contact the ITS Service Desk at 977-4000 or helpdesk @slu.edu.
•
The helpdesk will involve Information Security when necessary ([email protected])
Summary:
The easiest way for cybercriminals to gain access to our resources is
through unaware end users. Because this activity will continue to
increase, it is imperative that we critically evaluate emails we receive. We
cannot stop cybercriminals from sending bad email, however, by
becoming aware of what we should be looking for, we can limit our
response to them which in turn will protect our resources as well as our
personal information.
More info:
For more examples on phishing emails, visit:
http://netforbeginners.about.com/od/scamsandidentitytheft/ig/Phishing-Scams-andEmail-Cons/
Take the anti-phish IQ Test hosted by Dell SonicWall visit:
http://www.sonicwall.com/furl/phishing/