Spam and phishing messages are pouring into our inboxes almost every day. Some of these messages cleverly mimic the look and feel, and in some cases naming conventions, of trusted sites, leading people to accept the legitimacy of the messages.
Rutgers Connect email administrators in the Office of Information Technology have put powerful filters in place to keep the number of incoming malicious messages low, but it is impossible to completely eliminate them. The messages sneaking in past the filters entice you to click on links/attachments or to reveal confidential information about yourself (NetID and password, date of birth, SSN, etc.). Clicking on a link or opening an attachment may install malicious software on your computer, or steal the data entered in good faith to use it later for criminal gain, like illegal downloading research content the Libraries are paying for – or worse.
Recognizing and avoiding spam/phishing messages minimizes your chances of becoming a victim. The following are some tips that will help you identify such attempts:
- Look for spelling and grammatical errors
- Look for suspicious links and/or the sender’s email address
- Do not click on links in an email to connect to a website unless you are sure that the link is authentic.
- Hover with your mouse to reveal the actual URL.
- Do not reply.
- Look for unusual/generic-looking requests
- Fraudulent emails are often not personalized.
- Be wary of emails asking for confidential information. Do not disclose sensitive information in response to an email you don’t know where it is coming from. Phishers like to use scare tactics and may threaten to disable your account or delay services until you “update certain information.”
- Do not open attachments in any suspicious email messages.
- Make sure you are keeping your computer’s security software up to date.
- IIS sends out a reminder on last Wednesday of each month to download and install Windows security updates. Please be sure to install them immediately.
Here is an example of a recent phishing attempt. Can you spot a few clues?
- “i” is missing from President Barchi’s last name in the “From” address
- Suspicious “mailto” email address
- Unusual formatting of the greetings line
- Poorly written message body: “president bill nash” indicates lack of attention to detail. Not capitalizing title and name gives away sloppy authoring skills.
- Poor English: “All staffs are advised to go through.”
If you are uncertain about the legitimacy of an email, ask your local UCS or IIS to confirm the authenticity. If you have clicked on a suspicious link, or have provided your confidential information, call IIS immediately at 848-445-5896 #7.
