Middlebury

SPAM

Phishing Expedition Warning

There are many unscrupulous people who conduct phishing expeditions via e-mail messages. These messages may look very official and have return addresses like "Webmail Support Team" or appear to be coming from a well-known bank, government institutions, or Middlebury College itself.

The common element to these messages is that they request information from you that should be kept private such as your username and password credentials, your PIN number for a financial institution, or your mother’s maiden name. Please note that NO legitimate Internet provider or financial institution would ever request this type of information from you - nor would the Middlebury Helpdesk.

Do not respond to requests of this kind; simply delete the e-mail. If you do respond and then realize what a mistake you’ve made, please call the Helpdesk and we will guide you through changing the appropriate passwords to protect your privacy.

How To Detect and Avoid A Phishing Expedition

You may receive emails which appear to be from reputable financial institutions such as Banknorth, Washington Mutual, Citibank, Amazon, Paypal, Ebay, etc. Some of these emails contain what appear to be links to the websites of these institutions. This type of email scam is known as phishing, because computer spammers use fraudulent email messages to "fish" for information in an attempt to entice recipients into divulging personal data such as credit card or bank account numbers, Social Security numbers, and passwords. Once this information is in the hands of a "phisher", it can be exploited for financial gain or other malicious purposes.

Please follow these suggestions to avoid being exploited by these scam artists:

  • Never respond directly to email requesting personal information.
  • Do not click links that appear to point you to the institutional website. These links often point you to another, malicious website that "masquerades" as the site you think you are going to.

Here's an example of such a message, with the urgent link visible in the email and the real web address shown in the yellow rectangle below it:
Phishing graphic.PNG

  • If you doubt a message's authenticity, verify it by contacting the institution directly (by phone, going to their verified website, etc).
  • Be cautious about opening any attachment or downloading any files from emails you receive.
  • Avoid filling out forms in email messages asking for personal financial information.
  • Verify suspicious sites by typing the URL directly into your browser's address bar yourself.
  • When prompted for a password, give an incorrect one first. A phishing site will accept it; a legitimate one won't.
  • Determine if a Web site is secure by looking at the bottom of your browser's window for an icon of an unbroken key or a lock that's closed, golden, or glowing. Double-clicking on the lock displays the site's certificate, which you can check to verify it matches the company you think you're connected to.
  • Ensure your browser is up-to-date and security patches are applied regularly. Use up-to-date anti-virus software. Review your credit card and bank statements at least monthly.

How to keep SPAM out of your inbox

No one likes receiving SPAM (unsolicited commercial e-mail) but deleting spam may be a part of an Internet user's daily routine. Unfortunately, the problem seems to be getting worse. Use these fundamental rules to block out as much SPAM as possible.

Rule #1: Delete SPAM mail immediately. Don't respond to or engage it

A quick delete is the best remedy for spam mail. Don't waste any more of your time once you've figured out the intent of the email.

Spammers will only continue to spam as long as it is profitable. If everyone refuses to purchase items advertised in spam, then eventually it will no longer be profitable.

Also, never respond to a spam. Spammers send out emails to a large number of random addresses, in an attempt to guess at a few valid addresses. (If even one of those addresses responds to spam, it's worth it for the spammer.) Responding to spam tells the spammer that your address is a valid e-mail address that accepts spam, meaning that you can expect more attention from that spammer in the future.

Rule #2: Use 2 separate email addresses

Don't give out your Middlebury email address willy-nilly. Only use your Middlebury email address with colleagues, Middlebury community members, and friends and family. For everything else (web forms, online accounts, other contacts, etc.), set up an e-mail address with some other email provider. You can get a free email address from providers such as Gmail, Yahoo, and Hotmail.

There is no guarantee that your private e-mail address won't get out. If one of your friends or relatives includes you in a long cc: list, someone else in the cc: list could disseminate your e-mail address.

Rule #3: Disable cookies

Many legitimate websites use "cookies" to keep track of your actions on the web so that they can better serve you. Some websites even become awkward or impossible to navigate if you don't have cookies enabled.

However, cookies also can give some of your information, such as your email address, to unscrupulous websites. If you are concerned about letting your email address get out when you visit such sites, you can tell your internet browser not to store your cookies, or to check with you every time you receive a cookie.

To disable cookies in Internet Explorer:

  1. From the Tools menu, select Internet Options.
  2. Click the Security tab.
  3. Click on Custom Level....
  4. Scroll down to the Cookies section and select settings:
    • In the section "Allow cookies that are stored on my computer", select Disable or Prompt (if you want to be asked every time).
    • In the section "Allow per-session cookies (not stored)", select Disable or Prompt.
  5. Click OK button.PNG to return to the Internet Options window.
  6. Click OK button.PNG again to close the window.



Importing the Cyrillic SPAM Filtering Rule

The Cyrillic SPAM Filtering rule will help you keep your Inbox less cluttered, by moving e-mail written in Cyrillic from the Inbox to a folder of your choice. This could be used to filter SPAM messages written in Cyrillic by moving them to the “Junk E-Mail” folder. Note that the rule will filter ALL messages that contain at least one Cyrillic character in the body or the subject, regardless of whether they are legitimate or SPAM. Follow the steps below to import this rule.

  1. Launch Outlook.
  2. From the Tools menu select Rules and Alerts. The Rules and Alerts dialog box opens.
  3. Click Options. The Options dialog box opens.
  4. Click Import Rules. The Import Rules From... dialog box opens.
  5. In the Look In... drop-down list, navigate to [\\middlebury.edu\middfiles\Software\Software-Windows\Quick-Fixes].
  6. Select the file called cyrillic.rwz and then click Open button.PNG. You are returned to the Options dialog box.
  7. Click OK button.PNG. You should now see the new rule in your list of rules. It will look like the one below:
    Outlook Rules and Alerts graphic.PNG
  8. Click OK button.PNG.
  9. The following pop-up will display, asking whether you want to save your rule changes:
    Outlook Rules dialog 1.PNG
    Click Yes button.PNG.
  10. You must specify the destination for the filtered messages. You may choose the destination that suits you most. We suggest you use the Junk Mail folder, just in case something you DO want comes in and gets filtered. Re-open the Rules and Alerts dialog box (from the Tools menu).
  11. Select the Cyrillic SPAM rule.
  12. In the Rule Description section, click on the word specified. The Rules and Alerts – Choose a Folder dialog box opens.
  13. Select the desired folder and then click OK button.PNG.
  14. In the Rules and Alerts dialog box, turn on the rule by checking the box next to its name:
    Outlook Rules and Alerts graphic 2.PNG
  15. Click OK button.PNG to close the Rules and Alerts dialog. You have successfully set up the Cyrillic SPAM filter.
Powered by MediaWiki