HomeUncategorizedHow Do I Know It’s Spam?

How Do I Know It’s Spam?

With the holidays approaching and the increase of spam in our Inbox, I thought it would be a good time to send out a few helpful tips about how to avoid getting caught up in a phishing scam and avoid e-mail viruses.

When you receive an e-mail, there are several easy ways to check its validity:

  1. Hover over the links in the e-mail.  (Don’t click them!  Just move your mouse cursor over them.)
    Does the link go where it says it’s going to go?  See the example at then end of this post.
  2. Check out the E-mail’s Subject.. Does it start with PMX?
    Cornell’s e-mail security system does scan e-mails for viruses and scams.  Cornell doesn’t want to block legitimate e-mails so they will mark some e-mails as potential spam by putting PMX in the subject line, and then letting you decide.  To clean up your main Inbox of this unwanted mail, you can filter these PMX marked messages into your Junk folder.  (A good majority of the time, these marked PMX messages are junk.)   How-to set up a filter video: http://screencast.com/t/qKqmW7phwKr   (Read more about this here:  https://confluence.cornell.edu/display/wsbn/2012/08/01/SPAM+-+Phishing+E-mails)
  3. What is the From (sender) e-mail address?  What is the To e-mail address?
    Does the name match the e-mail address?  (see example above)  Do the To and From box contain the same person’s name?  In this case, it is likely their email account was hacked and they are unwittingly sending out spam.
  4. Request for personal information
    One tactic that is commonly used by hackers is to alert you that you must provide and/or update your personal information about an account (e.g., Social Security number, bank account details, account password). Phishers will use this tactic to drive urgency for someone to click on a malicious URL or download an attachment aiming to infect the user’s computer or steal their information. I see this many times manifesting as “Your inbox is almost full! Login to expand your storage” or “Your benefit package needs attention! Click here to update your profile.” Many scammers exploit our sense of urgency by writing that your time to act is limited somehow or there will be some kind of consequence for not acting immediately.

    Please remember:  NO one will (or should) ever ask you for your NetID password, not in your office, not by me, not by anyone at Cornell… no one.  If you believe your NetID has been compromised, go to http://netid.cornell.edu and change your password and security questions immediately.
  5. You have enough space in your e-mail Inbox…. Trust me.
    You have 50 GB of space in your e-mail.  I would be extremely surprised if someone here managed to max out their e-mail storage space.  If you receive an e-mail that you have, it’s pretty much a sure sign it’s spam.
    Want to know how exactly how much space you have free?  In Outlook, click on the File tab.  Under Mailbox Cleanup, you will see the space used in your mailbox.
  6. Check the Cornell Phish Bowl.
    Cornell IT has a long list of fraudulent e-mails that circulate around campus.  You can check to see if the e-mail you received is on this list:
    http://www.it.cornell.edu/security/safety/phishbowl.cfm
    If the one you received isn’t similar to any of the ones listed, you may forward the suspicious e-mail to security-services@cornell.edu or you can forward it to me.
  7. Check  the verified Cornell communications list.
    IT security has a list of verified e-mails that are from Cornell departments here:   https://www.it.cornell.edu/security/safety/verified.cfm
    When in doubt, call the person or department that the e-mail claims to be sending it from… using the Cornell directory – not the information in the e-mail!
      (Cornell’s People search:   https://www.cornell.edu/search/?tab=people)
  8. Check the grammar, spelling, spacing and punctuation.
    This is a good sign of spam (usually).  It may be that the person is trying to bypass the e-mail security scanning software by misspelling known key words, using it as another phishing tactic, not very educated or English is not their first language.

 fraudulent_e-mail_example

Check out this video made by Cornell IT last year about E-mail Phishing:
http://www.cornell.edu/video/email-phishing-101  

 2014-11-21_1208

 

 

 

And as always, when in doubt, you can always forward the suspicious e-mail to your friendly Lead IT person – me!

Jenn Carges jar97@cornell.edu 

 

 

 

Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *