Security Tips For May

Posted by Jackie Stephenson on May 12,  2015


Email spam, also known as unsolicited bulk email, junk mail, or unsolicited commercial email is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients. In today’s environment, there is an industry of email address harvesting dedicated to collecting email addresses and selling compiled databases.

Some of these address-harvesting approaches rely on users not reading the fine print of agreements, resulting in their agreeing to send messages indiscriminately to their contacts. This is a common approach in social networking spam. Common forms of spam include commercial advertising, usually for dubious products, such as get-rich-quick schemes, quasi-legal services, political messages, chain letters and fake spam used to spread viruses. One of the most dangerous types of spam is called Phishing.

No Phishing Allowed

The word ‘phishing’ is a neologism created as a homophone of fishing due to the similarity of using fake bait in an attempt to catch a victim. Generally speaking, ‘phishing’ emails are exploratory attacks in which criminals attempt to obtain victims’ sensitive data, such as personally identifiable information, usernames, passwords, network access credentials, credit card details and, in some cases, even money. These attacks open the door for further infiltration into the network.

Phishing typically involves both social engineering and technical trickery to deceive victims into opening attached files, clicking on embedded links, and revealing sensitive information. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting “phish” to bite. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

 Phishing emails may contain links to websites that are infected with malware. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Social media sites such as Facebook, Twitter, Myspace, etc., are prime locations for these types of attacks. Malware can be stealthy and used to spy on computer users for an extended period without their knowledge. It also may be designed to cause harm, often as sabotage, or to extort payment. Malware is often disguised as, or embedded in, non-malicious files.

Types of Malware include:

  • Spyware - Programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues. Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be packaged together with user-installed software, such as peer-to-peer applications.
  • Ransomware – Programs will affect an infected computer in some way, and demands payment to reverse the damage. For example, programs such as CryptoLocker encrypt files securely, and only decrypt them on payment of a substantial sum of money.
  • Click Fraud – Programs used to generate money, making it appear that the computer user has clicked an advertising link on a site, generating a payment from the advertiser.
  • Sabotage - Malware is usually used for criminal purposes, but can be used for sabotage, often without direct benefit to the perpetrators. There have been politically-motivated attacks that have spread over and shut down large computer networks, including massive deletion of files and corruption of records described as "computer killing". Such attacks were made on Sony Pictures Entertainment in November of 2014.  

Preventive measures to help reduce spam and malware:

  • Systematically: Email spam filters. Spam filters work by setting rules to filter specific words or symbols found in titles of emails. Our goal is to let all of the legitimate business emails through, while identifying and eventually automatically sending all of the Spam emails to the “Junk Mail” folder for you to review. We have spam filters set up through Office 365 for our email. This is an ongoing function and the blocking of specific sites can change. If you know of sites that you feel need to be blocked, please submit an ITS work order. http://workorder.cstcc.lan/.
  • People: You are ChSCC’s number one preventive measure against spam and especially, spam with malware. What can you do?
    • Never give out or enter your address in any internet polls - even if you’re offered a new MAC tablet for giving your opinion. DELETE IT.
    • Never subscribe to any mailing lists -even if your best friend says they got a free year of Amazon Prime. DELETE IT.
    • If you receive spam, never reply to it - even if you are promised $10,000 by a displaced prince from Hawaii just for helping him get his long overdue inheritance.  DELETE IT. 
    • If you see a link to click or an address for you to unsubscribe, don’t click on the link – even if you don’t remember subscribing in the first place. DELETE IT.
    • If the email just seems suspicious, is from someone you don’t know or you don’t recognize the sender – even if it looks like a cute e-card with kitties on it – don’t open it. DELETE IT.
    • Never respond to any email that states there is something wrong with your IT account, especially your email account, - even if you are informed that your account is just about full and you need to respond so you can continue to receive email. DELETE IT.
    • ALWAYS continue the vigilance that a lot of you have demonstrated in notifying us about suspicious emails, even before we see it.
    • Contact the ITS Help Desk if you have a question concerning a suspicious email – don’t fall for it.