Receiving Email--Safe Practices

August 31, 2015   |  By Chris Phillips

CITS maintains an email defense system at the perimeter of the campus network that is able to check incoming mail to see if it is from a reputable source, contains malware, or is highly likely to be spam. Other filters quarantine certain kinds of files that have the potential to be dangerous to open.  Only 12% of e-mails sent to the UMB campus actually pass these filters!   There are clearly more “bad” emails than ones we actually wish to read. 

There is another layer of defense and that begins at each user’s device for accessing e-mail (desktop or portable computer, tablet, or smart phone). Everyone should maintain current anti-virus software on all their personal computing devices. UMB has procedures and anti-virus software that is configured to automatically scan all email, and to scan all attachments before opening. But even with that protection, you cannot be sure that the software will catch everything. Malicious software now spreads so fast on the Internet that it can get to your computer before your anti-virus software can be updated to recognize it.

Unsolicited email isn't just annoying; it can be dangerous. Be on the lookout for "phishing" email that asks for sensitive information about you or your campus organization--or that points you to a website that asks for information. In general, be cautious about any email that asks you to do something -- such as open an attachment or click on a link to visit an unfamiliar site. Unless you are confident about the email source, just say no. That attached file could contain a virus or other malicious software, including data-harvesting spyware. Even if an attachment appears to come from someone you know, it may be unsafe. If an email appears suspicious in any way, contact the originator to confirm that he/she really sent it. If not, it may be a sign that the sender's computer is infected with malicious software, which is a situation they need to address.

Here is a useful checklist of safe computing practices:

  • Change your password often.
  • Use strong passwords.
  • Don’t open an attachment unless you know who it is from and are expecting it.
  • Use anti-virus software on your local machine.
  • If you receive an attachment from someone you don’t know, don’t open it. Delete it immediately.
  • Learn how to recognize phishing.  Some clues are:
    – Messages that contain threats to shut your account down
    – Requests for personal information such as passwords or Social Security numbers
    – Use of words like “Urgent” to create a false sense of urgency
    – Forged email addresses
    – Poor writing or bad grammar
  • Hover your mouse over links before you click on them to see if the URL looks legitimate.
  • Instead of clicking on links, open a new browser and manually type in the address.
  • Don’t give your email address to sites you don’t trust.
  • Don’t post your email address to public websites or forums.
  • Don’t click the “Unsubscribe” link in a spam email. It would only let the spammer know your address is legitimate, and you’re likely to receive more spam.
  • Don’t send personal information in an email message.
  • Understand that reputable businesses will never ask for personal information via email.
  • Don’t reply to spam. Be aware that if you reply to a spam email, your reply most likely will not go back to the original spammer because the FROM header in the spam message will most likely be forged.
  • Don’t share passwords.
  • Be sure to log out.

Campus network filters and current anti-virus software on your personal computing device can go a long way toward keeping malicious email from harming your files or compromising your identity. By following best practices you can eliminate most of the remaining dangers of accepting mail through the Internet.