SIUC Information Security Scam/Spam Advice

Phishing Scams

"Phishing" email is the type that tries to convince you that you need to respond (either by email or by going to a website.)  This type of email wants information from you.  The information can be any identifying information, credit card information, usernames, or passwords (including SIUC or other webmail passwords.)   This type of email is of great concern, and any help we can receive from the SIUC community to keep people from falling for these types of scams would be appreciated (see below)

There is always some risk involved in opening phishing scam and other spam messages. Some messages have been known to attempt to exploit whoever opens them. In order to attempt to reduce the risk of this possibility, We recommend not viewing the message and using the following technique to report phishing scams.

What can I do about Phishing Scams?

The first thing you want to do when you receive a suspect email (without opening it) is to
change your view of the messages to "simple text mode" or "plain text mode" (each email client will have its own naming convention.)  This way, even if you accidentally "launch" the message, you have restricted the type of attack vectors that can potentially be used against you if the email is designed to exploit a vulnerability or to infect your machine.

Next, you'll want to change your preferences to allow viewing of the full message header information.  MIT has a good page on enabling full headers that covers many email clients:
http://web.mit.edu/stopit/fullheaders.html

Then you want to turn off the "message pane" or "preview pane" (again various email clients use differing nomenclatures.) Once you have done all of those things, you should still be able to "right click" on the message and choose something like "forward" or "forward as attachment" to be able to send it on to whom ever you are reporting it to.  On campus, we recommend reporting phishing scams (banking, credit union, financially or account motivated themes) to:     PIRT@castlecops.com and CC: scam@siu.edu and postmaster@siu.edu.

In many cases phishing or other scam messages arrive as a normal email that simply tries to scare or entice you and then provides a link for you to open with your web browser where the real damage is done, either via ActiveX, javascript, plug-in based attacks or by convincing the user to submit their personal details to the phishing site.

If you receive an email that asks you to "verify" any identifying information, credit card information, usernames, or passwords (including SIUC or other webmail passwords) and that email is not in response to an action you have recently taken (such as signing up for a website where they require you to verify your email address before you can login)       

You should never respond to these types of messages.  Any reputable source would either contact you directly, or simply block your access to your account (forcing you to call in and speak with them, if they were unable to get in touch with you.)  If the email is supposedly from a trusted source (such as your bank or credit card company) contact that source directly, via telephone because it is very improbable that they would use an insecure method (such as email) to contact you about "your account."

Regular "Annoying" Spam