E-Mail Threats, Spam, and Phishing

What is spam?

Spam is a term used to refer to electronic "junk mail". The spam could be an e-mail message from someone who is trying to advertise his or her product or service, but it also could be a carrier of malicious software or a link to it. 

Fortunately, the University has implemented anti-spam software in our network to pre-screen incoming e-mail looking for spam characteristics, such as messages containing words that are commonly associated with spam, subject lines with capitalized words, e-mail from sources that are known to deliver spam, etc. Any suspicious e-mail messages are quarantined. 

At certain times during the day, a report is sent to your e-mail inbox that contains a list of the subject lines of all e-mail messages that were directed to you but were quarantined because they appeared to be suspicious. Since even the best spam filters sometimes quarantine perfectly legitimate e-mail messages, the anti-spam software gives you an option to release selected e-mail messages from quarantine and to deliver them to your inbox. 

"Whitelisting" e-mail senders

If an e-mail sender's messages to you are repeatedly identified as spam but you are reasonably certain they are not, the anti-spam software allows you to "whitelist" that sender. Spam filters ignore e-mail messages from any whitelisted sender, so they will never be quarantined until the sender is removed from the whitelist. We discourage the whitelisting of all e-mail addresses from any public e-mail service (e.g., *@gmail.com ) since temporary accounts that are virtually anonymous can easily be set up within these public services to deliver spam and malware.

Important note - Never white list UHCL e-mail accounts. Since no UHCL e-mail originating from Outlook goes through our spam filter, the only e-mail originating from (some account)@uhcl.edu that would enter the spam filter would be counterfeit.  

What is "phishing"?

Have you experienced any of these circumstances?

• You receive an e-mail from the University, or your bank, or the IRS, or another commercial entity telling you that your account will be closed unless you verify your identity by providing your user ID and password
• You receive an e-mail from your bank telling you that they are upgrading their databases, and they need to make sure that they have your correct account number on file
• Uou receive a call from the IRS asking for your social security number and other information.
• You receive an e-mail asking for private information indirectly, by having you click a link that directs you to a form asking for your password, social security number, account numbers, etc.

These e-mail messages and phone contacts, and many more, are likely attempts at fraud, called “phishing” - the name implying that the sender is “phishing” for information.

Phishing messages that have succeeded are not always the ones with a professional appearance and flawless language and syntax blended with company logos, colors and standard photos.  Many successful phishing attempts have been e-mail messages with no official images, poor spelling and horrible grammar. One would think that no one would respond to such obvious fraud attempts. Yet, even smart people who just happen to be distracted at the time often do. To protect yourself, never forget that no reputable organization will ever contact you via e-mail or over the phone to ask you for your password or any other piece of personal information.

If you ever receive such an e-mail message that makes it through our spam filters, do not reply. If the request is made over the phone, hang up.

Note - There are cases where an organization, even UHCL, may need to notify you that your password is expiring, and the e-mail may include a link to their password change page. While such pages may be legitimate, they also may be phishing attempts with links that direct you to a malicious site. If you receive such an e-mail, instead of clicking the password change link in the e-mail, visit the organization's legitimate password change web page either by navigating through the site's menus or by typing the web page's address or URL directly into your browser.

One more thing - responding to a phishing e-mail message or any spam with the intent of “telling the spammer off” is a bad idea! Your response just confirms that your e-mail address is valid resulting in more junk e-mail coming your way.

If you are concerned that you might have exposed private information in response to what could be a phishing attempt, please visit the What to Do if You Have Responded to a Phishing Scam page.

You cannot always trust the "From:" field

A malicious individual who wants to infect systems will often craft an e-mail message with infected links or attachments and then send it to you with a person whom you know as the sender. Obviously, if you receive a message that appears to be from a friend of yours, you will trust it more than you would if it came from a stranger. But how does a malicious hacker know who your friends are? One of the techniques in the hackers' arsenal is to extract personal and organizational e-mail directories from sites that they have broken into. Once an attacker has a list of e-mail addresses for individuals who belong to a specific group, he or she can just insert one name from the directory into the "From:" field of the e-mail message and another into the "To:" field. The generally insecure worldwide e-mail protocol allows them to insert a fraudulent sender with very little effort.

It is worth noting that just because an e-mail has "jacksmith@uhcl.edu" in the "From:" field of the message, it does not necessarily mean that Jack Smith's e-mail program or his computer was hacked. More likely it means that Jack Smith's e-mail address was found in an e-mail directory somewhere, and a malicious individual merely entered Jack Smith's e-mail address into the "From:" field of the e-mail message that was crafted on the malicious individual's system.

Be careful when clicking e-mail links and attachments

Links and attachments within e-mail messages are a common source of computer virus infections. While anti-virus/anti-malware software should disable the virus/malware, there are cases where the anti-virus/anti-malware does not detect an incoming virus. See Computer Viruses and Other Malware page for information regarding how to improve the effectiveness of your anti-virus/anti-malware defenses.    

Additionally, before you click a link or attachment in an e-mail ask yourself the following questions:

• Do I know who the sender is?
• Is the note written in the sender’s usual style?
• Do I know why I am receiving the attachment or link?
• Do I know what the attachment or link is about?

If you answer "no" to any of the above, you may want to contact the sender to be sure before opening the attachment.

Check your links before clicking

Links to web sites actually have two components: the displayed link text that you see on the web page and the web address or URL to which the link is addressed. While the displayed text can appear to be a perfectly valid link, the two components can be totally different, so that you may think that a link will direct you to UHCL's web site, but it may take you to a totally different web site instead. For example, the following link appears to direct you to the UHCL home page:  http://www.uhcl.edu, but when you click it, where does it take you? This is a technique that can be used by a malicious individual to route you to a counterfeit version of the real site to obtain information. 

Your system can help you counter this threat. Before clicking any link, hover your cursor over the link, but do NOT click it. When the cursor is physically positioned over the link, the browser's status line or a small popup box will display the web address or URL to which you would be directed if you click the link. Try it using the link above. Review the actual destination and verify that the web site address that is displayed points to the registered domain name of the site that you expect.