Security and Virus Good Practice
- Quick Guide: Email Spam and Phishing
- Reducing the risk of virus attack
- Checking your email attachments
Quick Guide: Email Spam and Phishing
Email is a main stay communications method for most people. Criminals know this hence email is targeted by them. The University has seen lots of variations of fake messages from the likes UPS, HM Customs, Airline tickets sales, Fees theme over the few months.
Example phishing email
Subject: UPS Tracking Number NNNNNNNNNN (number varies)
Unfortunately we were not able to deliver postal package you sent on July the 1st in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office
When reading your e-mail remember that bad guys aim is usually to get their trojan software onto your PC, so they will try anything that will entice the recipient to open and run the attachment often a zip file, or entice you to send your personal information to them, for example user ID and password or bank account details.
Anti-virus vendors spend do a great job staying abreast of the latest tricks and trojans produced by the bad guys. However We should not rely on AV alone to protect us. Every member of the University has their part to play in the University's Human Firewall.
Some quick guidelines to follow when reading your emails
- Take a common sense approach at all times.
- Treat messages from an unknown Sender with caution. Check who the Sender of the message really is by checking the messages headers
- Never open, run or save attachments from unknown Senders - this is what normally carries the trojan software.
- Don't click on any link in an e-mail from a user or organisation unfamiliar to you.
- Don't respond to any request via e-mail to pass on any "secure" information about yourself, for example user IDs and passwords.
- Don't run or save attachments to e-mails apparently sent by bona fide organisations where you have not solicited the e-mail. Check to company web site or phone them to confirm the message is legitimate.
Reducing the risk of virus attack
There are some simple steps that can be taken to reduce the risk of an attack on your computer being successful.
- Run virus software and keep it updated
- Configure your system for auto updates (Security Updates)
- Be suspicious of email attachments, if unsure save the attachment to a newly created folder on the disk and manually virus scan the folder (see detailed instructions below)
- Be suspicious of email messages that re-direct you to web pages, if unsure type the web address manually into a new browser window - do not click the link
- Be suspicious of any email from unknown sources, especially if they ask for personal details
- Do not mass forward email warning messages, send a single copy to firstname.lastname@example.org for evaluation
- Backup, Backup, Backup!
- Use a personal firewall (not required on Information Services imaged systems)
Checking your email attachments
Do not open attachments directly, even if the attachment appears to come from someone you know - the senders address can be easily falsified (spoofed).
If you receive an email attachment, DO NOT OPEN IT. The aim is to scan the attachment for viruses before opening it.
- From your email program, right click the attachment and select the 'Save As' option.
- Save the attachment to a folder on your computer
- Using the My Computer program from your desktop, right click the folder containing the saved attachment
- Select the 'Scan for Viruses' option from the resulting shortcut menu.
If a virus is found, delete the file from your hard disk and delete the mail message. As the attachment was never opened, there is no risk of infection.
If no virus is found, delete the file from your hard disk, return to the original email and open the attachment safe in the knowledge the attachment contains no viruses.