Information Technology Services ? Security Awareness

Scams, Spam, and Spyware

Click here for PDF Version

The following information is provided to educate faculty and staff of the possible dangers involving scams that lurk on the network and SPAM in e-mail that can also compromise your computer system.

Phishing is e-mail fraud where the perpetrator sends out legitimate-looking e-mails that appear to come from well known and trustworthy Web sites in an attempt to gather personal and financial information from the recipient. Users must not respond with personal information to requests from e-mail. These can appear to originate from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America Online

Examples would be a message from your bank that asks you to update your account information. You click on the link, the legitimate bank site opens, and a page opens up on top asking you for your account info. This info page DOES NOT belong to the legitimate site. If you fill out your personal information and submit it, the info will go to the ?phisher? to be sold or used to steal your identity.

Spam is commonly used to describe junk e-mail on the Internet. Generally, spam is sent to thousands and sometimes millions of people without prior approval, promoting a particular product, service, or a scam to get other people's money. Spam can be used in identity theft. Don?t respond to e-mail from sites you don?t know. E-mail can be set to reduce most SPAM; however legitimate e-mails can also be purged if the options are set too strict. Email can be optioned to automatically send SPAM to the trash folder.

Georgia Southern has a SPAM filter at the Internet connection to check all incoming e-mail. Last year GSU received on average around 75,000 messages a day, with around 30% of the messages being blocked or tagged as spam or viruses. In April of 2006, GSU received around 185,000 messages a day with 66% being blocked or tagged. That's 122,100 messages a day that consists of known spam, suspected spam, or viruses.

Currently an average of 23,000 messages a day are tagged that go to GSU e-mail accounts.

Spyware can be downloaded automatically from many sites. Some spyware is disruptive ? it can log your keystrokes to collect passwords etc, and some are used for ad purposes. Use programs such as Ad-Aware or Spybot Search and Destroy to remove these programs.

How to protect your computer from scams, SPAM, and spyware

Dos

  • Do keep your operating system and applications up-to-date and apply the latest patches when they are available. For workstations that use the Windows operating system Georgia Southern has a local update server. For more information http://ms-eagle2.georgiasouthern.edu/

  • Do be wary of e-mails asking for confidential information, especially of a financial nature. Financial institutions and other responsible companies do not request sensitive information via e-mail. If you receive such a request, report it to the ITS Office of Information Security or ITS-OIS@georgiasouthern.edu .

  • Do watch out for generic-looking information requests. Fraudulent e-mails are often not personalized. Again, confirm the authenticity of suspicious requests.

  • Do protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. For information on what security applications to use and help in setting up a GroupWise rule that will filter spam, please call the Helpdesk at 681-5429, or review training module 13 or 14 on the IT Services Website at http://services.georgiasouthern.edu/its/sfatutorial.php

Don?ts
  • Don't get pressured into providing sensitive information. Phishers may threaten to disable an account or delay services until you update certain information. Contact the merchant directly to confirm the request authenticity.

  • Don?t submit confidential information via forms embedded within e-mail messages. Ensure the site is secure before giving credit card numbers. If you're not certain, ask IT personnel for help.

  • Don?t open e-mail that doesn?t contain a subject. Don?t click on links within emails that ask for your personal information. Never enter your personal information in a pop-up screen.

  • Don't answer spam, not even to use the "unsubscribe" some spam mails offer. By answering, the people behind it know that your email address is a valid one, and you'll get even more spam in the future.