HMC
Home > About HMC > Administrative Offices > Computing and Information Services > CIS Reference Library > Personal Computing > Computer Safety > Spam and Phishing
Spam and Phishing

Table of Contents

Introduction

Although computer viruses and spyware are certainly hazardous to your computer and pose a risk to the security of your personal information, many people do not realize that "mal-ware" of this sort usually requires the user's assistance at some point in order to be installed. If fact, much of the fraud and "data mining" that goes on in connection with the internet occurs in direct transactions with users, without the assistance of either viruses or spyware.

Spam, Spam, Spam. . .

For those who are lucky enough not to know what it is, Spam is the internet version of junk-mail. Though it is almost impossible to avoid completely, the following is a list of precautions to help you identify it and avoid getting more than your fair share of it:

  • Most spam is readily identifiable. It usually comes from someone that you don.t know, and may contain extremely vague or nonsensical subject lines. For example if you get an email from "Carrie Downs" or "Zeiyneiyb", and you don't know anyone by those names, then they are most likely spam. Likewise, the subject matter may be something like "Re: your order" or "Fwd: You've got to see this!" (Spammers often like to use Re: because it sometimes fools anti-spam software into thinking you are getting a response to an email you sent.) Don't worry if you feel that these guidelines are vague: If you use email for any significant period of time you will become adept at identifying most spam immediately.
  • Keep a "spam" account. Signing up for services online often requires an email address. Though one would like to believe that this information is kept confidential, it is not wise to assume that this is true. Many companies pay money for lists of valid email addresses, so you can expect that once your email is on even one list, it will soon find it's way to many more. It is extremely easy to get a free email account online, which you can use for signing up for things and such. You will have to go in and clean it out about once a week (it will fill up fast) but at least it saves you from having to sort through 20+ messages a day on the accounts that you actually use. Any account that you wish to keep free of spam should never be given out to any company or individual that you do not trust implicitly.
  • Never reply to junk email, even if there is a link or a procedure to follow to "remove you from their mailing list." This only alerts the sender to the fact that your email is both active and used by you. Though you may not get any more email from that particular site, it's almost a given that your email will be flagged and sold to other spammers.

Beware the "Phish"!

"Phishing" is one of the most frequently encountered internet pitfalls, and can be one of the most damaging. Rather than trying to design a software package to infect your system to obtain personal information (such as credit card numbers, IP addresses, etc.) Phishing is an attempt to get you to supply your personal information directly. Phishing usually involves email (SPAM!) requesting personal data or directing the recipient to click on a web-link. Although this may appear to be easily recognizable and avoidable, these messages can be extremely convincing. Keep the following in mind whenever you use email:

  • Many phishing emails appear to be from sources that are familiar to the user. There are any number of ways for your email address to be linked with another user or company, so just because an email claims to be from someone you know does not necessarily mean that you can trust it.

  • Always be suspicious of any links or "action objects" such as buttons that are provided in an email. Whenever you visit a website, you provide information such as your IP address and email address to the website you visit. This verifies the validity of your email for future "junk" email suppliers, and may open up your system to security risks. It is true that most IP addresses are dynamic in nature. DSL and Cable connections, however, only change their IP address when their "Modem" is restarted, if they change at all. In any case, once your IP address is known, it opens your computer to hacking to a greater extent.

  • Although recent software is "safe" concerning display of pictures and such in email, Windows software has (in the past) enabled your system to run viruses that were bundled into graphic objects such as jpeg or gif files or even masquaraded as a multimedia or flash animation. It is advisable that you do not open email unless you are fairly confident that it is coming from a reputable source. Many email programs have preference settings automatically "previewing" an email message when you select the header. It is generally safest to disable this option, so that the user must actually open an email in order to view it.

    If the option is present in your mailer, you should disable the ability to display html and images from within the body of the message.

  • Always (ALWAYS) be suspicious of any email you receive that requests your personal data in any way. There is NO reason why a company that you have an account with should ever need you to verify your account number or require your assistance to update their records. If you have an account in good standing, no company is going to cancel that account when you don't "confirm" your information by some date. If there is any doubt in your mind, contact the company directly rather than clicking on a link from the email. Needless to say, don't trust contact information given from the email. You should open a new web-browser and go to the company's web-site to obtain contact information instead .

  • To test your skills and see some very good examples of phishing, visit The Phishing Quiz. You will quickly see why it's important to be careful while responding to email. (Don't despair if you do poorly on the quiz; some of these emails are very deceptive. )