How to Tell the Good Stuff from the Bad Stuff
As I've noted before, about 90% of all email is spam. This means that no matter how good your filtering is or how much your organization or ISP does to control spam, you will get spam in your mailbox. Most of this spam will be obvious, but occasionally, it can be tricky to tell if it really is spam or might be a legitimate email. In phishing scams, for example, spammers count on your confusion to get you to click on a bogus link or open a malicious attachment. When spam filters are catching most of your spam, you need to be even more alert to catch the ones that slip through.
So, how do you tell the good stuff from the bad stuff? Here are some pointers:
- No one from EIT or ISU's ITS will ever send you an email signed 'The iastate.edu support team' or 'the iastate.edu help desk' or any variation thereof. Email from either EIT or ISU's ITS will always be from a person. And it should be possible to look that person up in the ISUE or ISU staff/student directory.
- No one from EIT or ISU's ITS will ever ask you to send your password to them via email.
- No one from any legitimate business (not your bank, not your credit card company, not anyone) will ever ask you to send them your password via email. It will not happen. They may send *you* your password via email, but only if you've requested an email reset. No legitimate business will ever reset your password out of the blue.
- Bad grammar and spelling. None of us are perfect, especially when we send email. However, you'll find that 99 times out of 100, spam and phishing emails are poorly spelled and poorly written with missing words and sentences that often don't quite make sense. In addition, there will be deliberate misspellings in an attempt to slip past spam filters.
- Phishing scams will use logos from legitimate businesses to make you think you're going to a legitimate website if you click on their link. They will try to direct you to a bogus site and get you to put in your login and password. Pay attention to the URL. You should not (for example) trust any site where the URL is just an IP address (which would look like -- http://18.104.22.168).
- If you aren't sure whether an email is a scam or from an organization you do business with. Go to the site directly (rather than clicking on the link). Then you'll know you're on the right site.
- Do not open attachments from emails that are unsigned or from someone you don't know.
- Scam emails will contain phrases like--
- Act now or your account will be closed!
- A friend [your boyfriend, a family member, your neighbor] has sent you an e-card!
- Security has been breached! Send me your password.
- Offers that sound too good to be true are too good to be true.
- If it looks like it's from a person you know, but doesn't sound legitimate, contact that person and ask them before you open the email and particularly before you open any accompanying attachments.
If you're not sure, ask the Extension IT support desk. And trust your instincts. If it sounds suspicious, there's probably a reason. Delete it.
Posted by dcoates at August 07, 2008 10:32 AM