- Never open email from users unknown to you or email that has a suspicious subject or a blank subject.
- Never open an email attachment if you are not expecting an email attachment. Verify that the email is legitimate before opening the email. Many viruses and worms come in the form of a joke or look at my photos or something that seems too good to be true. Remember: Never open an email attachment unless you know what it is--even if it comes from someone you know and trust. Do not open or run any program with a double extension. Example: jokes.jpg.com memo.doc.exe mypictures.gif. NETSPYHUNTER-1.2.EXE
- Never download files from unknown or suspicious sources.
- NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then "double delete" them by emptying your Trash. Delete spam, chain, and other junk email without forwarding it to anyone.
Recently many users received fraudulent email asking them to verify their email account. At first glance the email appears to come from the Information Technology help desk or support team. Phishing is fraudulent email that attempts to get sensitive or private information from a user such as email account and password, bank account numbers and password or pin numbers, credit card account information. Phishing email usually has misspelled words or poor grammar. Please note that all legitimate information sent from the Information Technology Division will adhere to the following:
- All campus wide email announcements are only sent from user firstname.lastname@example.org or ITD_Advisory@csu.edu,
- We will never ask you to send your email password or other sensitive information via email,
- There will always be a legitimate CSU staff as the contact person and a CSU phone number to call for more information or assistance,
- Only CSU legitimate email addresses will be use such as
email@example.com . We will never direct you toward an AOL or MSN or YAHOO (any non-CSU) email address. Only email addresses that have @csu.edu will be used.
Help us stop the spread of abusive email by forwarding abusive email that you receive to firstname.lastname@example.org. Please see the CSU Information Technology Division website for more information regarding email and other computer security tips: http://www.csu.edu/is/informationsecurity/emailtips.htm
Example of Phishing:
-------- Original Message --------
Subject: FINAL VERIFICATION OF YOUR EDU EMAIL ACCOUNT
Date: Tue, 27 May 2008 14:58:06 -0500
From: EDU TEAM email@example.com
VERIFY YOUR EDU EMAIL ACCOUNT NOW
Dear Edu Email Account Owner,
This message is from Edu messaging center to all Edu email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all Edu email account to create morespace for new accounts. To prevent your account from closing you will have to update it below so that we will know that it's a present used account. We have been sending this notice to all our Edu email account owners and this is the last notice/verification exercise.
CONFIRM YOUR EMAIL IDENTITY BELOW
Email Username :.................
EMAIL Password : ................
Date of Birth : .................
Country or Territory : ..........
Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.
Thank you for using edu! Warning Code:VX2G99AAJ Thanks, EDU BETA
August 19, 2010