Understanding Spam, Phishing, Spyware,
and tips for Safe Computing
Introduction

What is Spam and what are we doing about it

Phishing – how to prevent being hooked

Spam-Filtering / Virus protection system overview

Spyware – keep moles out of your computer

Common practices for Safe Computing
What is Spam?

Spam is flooding the Internet
with many copies of the
same message, in an attempt
to force the message on
people who would not
otherwise choose to receive
it. Most spam is commercial
advertising, often for dubious
products, get-rich-quick
schemes, or quasi-legal or
illegal services. Also referred
to as JUNK mail.
What can you do?






Practice internet behavior that lowers your risk. Watch out
for spam scams and ignore them.
If you can tell by the subject or sender that a message is likely
to be spam, delete without opening it.
Never reply to spam or click on a link in spam. Never buy
anything from a spam e-mail; spam continues to exist because
it still “works”.
It is very easy to “impersonate” e-mail on the Internet; don’t
assume that the “from” address is always correct.
Think before you click.
Take advantage of SPAM filtering in GroupWise for dealing
with unwanted messages not stopped by filtering.
Metropolitan State University is a participant in the State of
Minnesota spam mail filtering system.
What is Phishing?


Phishing is a scam where
Internet fraudsters send
spam or pop-up messages to
lure personal and financial
information from
unsuspecting victims.
What does a phishing scam
look like? Phishing e-mail
messages take a number of
forms. They might appear
to come from your bank or
financial institution, a
company you regularly do
business with or from your
social networking site.
To avoid getting hooked


Look closely at the claims in
the email, and carefully
review ALL links and Web
addresses, often words are
misspelled and can contain
bad grammar.
If you are shopping online,
don't provide your personal
or financial information
through a company's website
until you have checked for
indicators that the site is
secure.
What is IronMail?



OET operates a combined Anti-Spam / Anti-Virus solution
called Secure Mail (IronMail) that protects all state mail
(messages sent to @state.mn.us addresses), mail sent to state
agencies that use other domains (including metrostate.edu),
and mail for many other customers.
IronMail uses several techniques to identify spam, including
source e-mail server “reputation” and e-mail content
inspection.
In no case will the service divert or quarantine 100% of
problem messages: some will get through. For example, there
are many cases where a human can't determine whether a
message should be diverted or quarantined, so how can we
expect a program to get it right? However, the service's goal is
to divert or quarantine the bulk of problem messages and not
divert or quarantine legitimate messages.
This is a plot of the anti-spam service effectivness for the past five months. The
blue indicates the number of messages considered spam and not delivered. The
yellow indicates the number of delivered messages.
What is spyware?




Spyware is unwanted software installed on a computer to
track your Internet usage, display advertisements, or
capture personal data.
Spyware is often installed by responding to spam or
phishing attacks, or downloading “free” software.
Symptoms of spyware may include recurring “pop-up”
windows, “re-direction” to unwanted web sites, or
unexplained system slowdowns.
If you suspect there may be spyware on your workstation
contact the IT Desk.
Avoiding spyware





Beware of links sent through instant messaging or social
networking websites – especially from people you do not
know.
Keep browser configurations set to high-security settings.
Do not download software for university-owned
computers without approval from I/T.
For personally-owned computers, only download
software from reputable websites.
Websites offering “dubious” services are likely to do
“dubious” things.
Common practices for Safe Computing









Install and update anti-virus software and keep your OS and
applications up to date
Use strong passwords – at least 8 characters in length, using a
combination of letters, numbers, and punctuation
No reputable organization will ever ask you for a password, credit
card number, or SSN in an e-mail!
I/T will never ask you for your password or PIN via e-mail or phone
Don’t have your browser set to remember Internet passwords
Lock your computer when you are away from your desk
Don’t open unexpected attachments
Be cautious about using plug-in storage devices. (“Do you know
where that thumb drive has been?”)
E-mail is not a safe mechanism for transmitting sensitive information