What is Spam?
Spam is unsolicited email, “junk mail,” typically commercial in nature, sent indiscriminately to as wide a target audience as possible. It is a great source of aggravation, lost time, and increased expense on the Internet. The proliferation of spam has a negative impact on the Internet as a whole, on Internet service providers, and on the end user.
SpamPoison is committed to fighting the flow of spam. We employ multiple strategies for reducing the flow of spam. While there is unfortunately no way to block every single spam, the tools and techniques listed below do dramatically reduce its quantity and make it much easier for our users to manage.
Why am I getting spam?
Spammers scour the internet in search of valid email addresses where they can send their advertising junk mail. The most common ways spammers obtain email addresses are by harvesting them from websites, newsgroups, and chat rooms. In addition, some websites will send you newsletters and updates after you give them your email address to sign up for their services. Subscribing to any of these websites will increase the likelihood of receiving spam.
Why do spammers send out junk email? What do they get out of it?
Many spammers earn a good living from their scams. For example, Jeremy Jaynes was convicted for spamming millions of email addresses through the use of a stolen database of America Online customers. He also illegally obtained email addresses of users of the online auction site eBay. Prosecutors found that he sent out at least 10 million emails a day. His average response rate was 1 out of 30,000 emails sent by selling software that promises to clean computers of private information; a service for choosing penny stocks to invest in; and a “FedEx refund processor” that promised $75-an-hour work but did little more than give buyers access to a web site of delinquent FedEx accounts. Jaynes grossed up to $750,000 per month on these illegal activities.
What should I do if I get spam email?
While there are a lot of efforts has been done in stopping obvious spam mail, there will still be a small percentage of spam that finds its way to your inbox.
If you are receiving emails from legitimate websites that you have visited, there is usually a link at the bottom of the email to unsubscribe from their mailing list. For all unrecognized spam, do not reply to the email; doing so will confirm that your email address is a valid one, and you may receive more spam in the future as a result. Instead, activating the junk mail filter in your email program can potentially filter the rest of your unwanted spam into a junk mail folder. Both Outlook and Gmail have effective junk mail filters.
What is phishing?
Phishing is a type of electronic scam. Cybercriminals) use deceptive tactics to manipulate people into doing what they want with the goal of stealing information and money. They use phishing because, unfortunately, it’s easy to do and often effective.
The tactics used, sometimes called “social engineering,” are the foundation of all phishing scams conducted through emails, text messages, and cell phone calls. As technology becomes more advanced, so do the cybercriminals’ tactics.
Make the cybercriminals job harder and ineffective by recognizing the red flags when receiving unusual or unexpected messages.
What are some tactics used in phishing scams?
Tactics often found in phishing scams range from a fake and malicious web link to a directive that appears to come from your supervisor or a university leader.
When receiving an unusual or unexpected message, look for these tactics and red flags:
Play on emotions
Phishing messages are often written to generate emotions that will motivate you to take immediately action; fraudsters don’t want you to take time to consider the message’s legitimacy. The most common emotions include a sense of fear or urgency, or an award of good fortune—something that is too good to be true.
Fake, malicious links and attachments
Cybercriminals can use links and attachments to deliver malware—malicious software—to your computer and possibly gain access to CU networks and sensitive work information. Such access may also allow them to lock your computer for ransom until a payment is received.
Malicious links can be disguised to look like trusted links and take you to fake or infected websites. Attachments can appear to come from a known source, but whose account has been compromised.
Fraudulent data entry
You’re prompted to fill in sensitive information like user names, passwords, and financial information.
Impersonation of individuals or companies
By impersonating an individual or company or both, cybercriminals can send phish that looks legitimate. They use compromised email accounts and addresses to send the phish. To appear more authentic, business logos are often copied from the Internet and added to the message.
Be aware: cybercriminals may send email that appears to come from a CU address, such as @cu.edu or @colorado.edu. (Think of a return address on a postal letter; someone can list whatever return address they would like, but that doesn’t guarantee that is who sent the letter.) The cybercriminal’s intention of the email is to get you to click links or open attachments.
There’s no link, attachment, or data entry request. What’s the catch?
Cybercriminals get more creative, making it more difficult to detect fraud. Recent phishing scams don’t use malicious links or attachments and appear to come from your supervisor, campus leaders, or departments.
How can I avoid getting scammed?
- Don’t react to tactics aimed to scare you into taking urgent action, including: threats of a lawsuit, a computer full of viruses, locked accounts, or opportunities to earn or save money now.
- Don’t reveal personal or financial information in an email or text messages. (CU will never ask you for your username or password.)
- Don’t open email attachments you are not expecting, even if it appears to come from someone you know. Their account may have been compromised.
- Be cautious of links provided in an email. Hover the cursor over the link to verify that the URL leads to a site you recognize. (How to verify links on mobiles devices will depend on the device.)
- Verify the legitimacy of charities and crowdfunding sites before making donations. Do not provide donations in cash, gift cards, or money wires.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the sender or company directly by an alternate known communication method.
- When in doubt, throw it out. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk.
- Think before you respond:
- Emails from a university leader asking you to make an urgent wire transfer or buy gift cards are likely to be scams.
- No one from your campus IT department is going to call to inform you about a computer virus and ask for your passwords.
- Government agencies will not call and threaten you, or make demands for payment in the form of gift cards.
I’m still not sure if it’s a legitimate message or a phish. What should I do?
You don’t have to be an expert. If something seems suspicious, it probably is. For university-related messages, forward emails to your campus IT or Information Security office and we’ll look into it for you.
For suspicious messages sent to your personal account, do your research to see if the message if legitimate:
- Contact known persons or companies directly.
- If the sender is unknown, see if the organization actually exists and call them directly.
- Consider ignoring and deleting the message.
What should I do if I opened a suspicious link or attachment or inadvertently shared sensitive information?
Immediately report it as a possible incident. Visit our report scam page here.
How do I avoid receiving phishing scams in the first place?
The surest way to avoid receiving phishing scams is to live off-the-grid somewhere high in mountains of no-where. For the rest of us, here are some suggestions:
- Be mindful of what you share online. Fraudsters can easily collect email addresses from numerous sources.
- Use email spams filters for your personal devices and accounts.
- Be cautious when joining loyalty or rewards programs. Some companies may unknowingly sell or share your information to deceitful data brokers.
How can I report personal or home phishing scams?
You can report a phishing scam attempt directly to the company that is being impersonated. You can also send reports to us here.