- 1 Phishing Expedition Warning
- 2 How to keep SPAM out of your inbox
- 3 Importing the Cyrillic SPAM Filtering Rule
- 4 Using the Barracuda SPAM firewall
- 5 Alumni Accounts
Phishing Expedition Warning
There are many unscrupulous people who conduct phishing expeditions via e-mail messages. These messages may look very official and have return addresses like "Webmail Support Team" or appear to be coming from a well-known bank, government institutions, or Middlebury College itself.
The common element to these messages is that they request information from you that should be kept private such as your username and password credentials, your PIN number for a financial institution, or your mother’s maiden name. Please note that NO legitimate Internet provider or financial institution would ever request this type of information from you - nor would the Middlebury Helpdesk.
Do not respond to requests of this kind; simply delete the e-mail. If you do respond and then realize what a mistake you’ve made, please call the Helpdesk and we will guide you through changing the appropriate passwords to protect your privacy.
How To Detect and Avoid A Phishing Expedition
You may receive emails which appear to be from reputable financial institutions such as Banknorth, Washington Mutual, Citibank, Amazon, Paypal, Ebay, etc. Some of these emails contain what appear to be links to the websites of these institutions. This type of email scam is known as phishing, because computer spammers use fraudulent email messages to "fish" for information in an attempt to entice recipients into divulging personal data such as credit card or bank account numbers, Social Security numbers, and passwords. Once this information is in the hands of a "phisher", it can be exploited for financial gain or other malicious purposes.
Please follow these suggestions to avoid being exploited by these scam artists:
- Never respond directly to email requesting personal information.
- Do not click links that appear to point you to the institutional website. These links often point you to another, malicious website that "masquerades" as the site you think you are going to.
- If you doubt a message's authenticity, verify it by contacting the institution directly (by phone, going to their verified website, etc).
- Be cautious about opening any attachment or downloading any files from emails you receive.
- Avoid filling out forms in email messages asking for personal financial information.
- Verify suspicious sites by typing the URL directly into your browser's address bar yourself.
- When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't.
- Determine if a Web site is secure by looking at the bottom of your browser's window for an icon of an unbroken key or a lock that's closed, golden, or glowing. Double-clicking on the lock displays the site's certificate, which you can check to verify it matches the company you think you're connected to.
- Ensure your browser is up-to-date and security patches are applied regularly. Use up-to-date anti-virus software. Review your credit card and bank statements at least monthly.
How to keep SPAM out of your inbox
No one likes receiving SPAM (unsolicited commercial e-mail) but deleting spam may be a part of an Internet user's daily routine. Unfortunately, the problem seems to be getting worse. Use these fundamental rules to block out as much SPAM as possible.
Rule #1: Delete SPAM mail immediately. Don't respond to or engage it
A quick delete is the best remedy for spam mail. Don't waste any more of your time once you've figured out the intent of the email.
Spammers will only continue to spam as long as it is profitable. If everyone refuses to purchase items advertised in spam, then eventually it will no longer be profitable.
Also, never respond to a spam. Spammers send out emails to a large number of random addresses, in an attempt to guess at a few valid addresses. (If even one of those addresses responds to spam, it's worth it for the spammer.) Responding to spam tells the spammer that your address is a valid e-mail address that accepts spam, meaning that you can expect more attention from that spammer in the future.
Rule #2: Use 2 separate email addresses
Don't give out your Middlebury email address willy-nilly. Only use your Middlebury email address with colleagues, Middlebury community members, and friends and family. For everything else (web forms, online accounts, other contacts, etc.), set up an e-mail address with some other email provider. You can get a free email address from providers such as Gmail, Yahoo, and Hotmail.
There is no guarantee that your private e-mail address won't get out. If one of your friends or relatives includes you in a long cc: list, someone else in the cc: list could disseminate your e-mail address.
Many legitimate websites use "cookies" to keep track of your actions on the web so that they can better serve you. Some websites even become awkward or impossible to navigate if you don't have cookies enabled.
However, cookies also can give some of your information, such as your email address, to unscrupulous websites. If you are concerned about letting your email address get out when you visit such sites, you can tell your internet browser not to store your cookies, or to check with you every time you receive a cookie.
To disable cookies in Internet Explorer:
- From the Tools menu, select Internet Options.
- Click the Security tab.
- Click on Custom Level....
- Scroll down to the Cookies section and select settings:
- In the section "Allow cookies that are stored on my computer", select Disable or Prompt (if you want to be asked every time).
- In the section "Allow per-session cookies (not stored)", select Disable or Prompt.
- Click to return to the Internet Options window.
- Click again to close the window.
Importing the Cyrillic SPAM Filtering Rule
The Cyrillic SPAM Filtering rule will help you keep your Inbox less cluttered, by moving e-mail written in Cyrillic from the Inbox to a folder of your choice. This could be used to filter SPAM messages written in Cyrillic by moving them to the “Junk E-Mail” folder. Note that the rule will filter ALL messages that contain at least one Cyrillic character in the body or the subject, regardless of whether they are legitimate or SPAM. Follow the steps below to import this rule.
- Launch Outlook.
- From the Tools menu select Rules and Alerts. The Rules and Alerts dialog box opens.
- Click Options. The Options dialog box opens.
- Click Import Rules. The Import Rules From... dialog box opens.
- In the Look In... drop-down list, navigate to [\\middlebury.edu\middfiles\Software\Software-Windows\Quick-Fixes].
- Select the file called cyrillic.rwz and then click . You are returned to the Options dialog box.
- Click . You should now see the new rule in your list of rules. It will look like the one below:
- Click .
- The following pop-up will display, asking whether you want to save your rule changes:
- You must specify the destination for the filtered messages. You may choose the destination that suits you most. We suggest you use the Junk Mail folder, just in case something you DO want comes in and gets filtered. Re-open the Rules and Alerts dialog box (from the Tools menu).
- Select the Cyrillic SPAM rule.
- In the Rule Description section, click on the word specified. The Rules and Alerts – Choose a Folder dialog box opens.
- Select the desired folder and then click .
- In the Rules and Alerts dialog box, turn on the rule by checking the box next to its name:
- Click to close the Rules and Alerts dialog. You have successfully set up the Cyrillic SPAM filter.
Using the Barracuda SPAM firewall
Barracuda is our SPAM guard. It is orders of magnitude more selective than our admissions process, and prevents something like 95% of all spam from reaching your inbox. You can log into Barracuda directly in order to:
- Figure out why a certain email address or group of addresses is unable to reach you
- Change your SPAM filter settings to make the filter more "lenient" or more strict, depending on your needs
- Create a blacklist (messages will always be blocked) and a whitelist (messages will always be allowed) for certain email addresses
To access Barracuda:
- In the Address field of your browser, type http://go.middlebury.edu/spam and then press to go to this address. The Barracuda Spam Firewall webpage will open.
- In the Login box, enter your Middlebury username and password the same way that you would when logging into a computer or accessing your email.
- Click . The Quarantine Inbox will open.
- When you are done using Barracuda, click on Log Off in the top-right corner to leave Barracuda.
To add an address to the Blacklist or Whitelist:
- Log in to Barracuda, using the above instructions.
- Click on the Preferences tab.
- Type an e-mail address in the Whitelist or Blacklist field, then click on .
- Any email address you add to the Whitelist field will never be blocked by Barracuda. Use this if you are having trouble receiving email from an email address that you know is valid.
- Any email address that you add in the Blacklist field will always be blocked by Barracuda, even if Barracuda's inspection would normally let messages from this address through. This is useful if you are receiving lots of SPAM from just a couple email addresses.
- To remove an entry from either list, click on the trash can icon next to the entry.
Alumni who have issues with spam to their alumni.middlebury.edu accounts should turn on GREYLISTING.
• Log into the alumni community (www.middleburyonline.com)
• Click on lifelong email in the left hand nav
• Scroll down to the SPAM CONTROL STATUS checkbox
• Check the box
• Below the checkbox there is an explanation of greylisting
For more info on the online community and SPAM: http://www.middlebury.edu/alumni/lifelongemail/spam