What is Bad Email?

Spam, Phishing, Scam, Hoax and Malware distributed via

Email

Spam:Spam is unsolicited or undesired electronic junk mail. Characteristics of spam are:

• Mass mailing to large number of recipients• Usually a commercial advertisement• Annoying but usually harmless unless

coupled with a fraud based phishing scam

SPAM

EXAMPLES

Advertising and great deals

Do I know this person?

Warning from Google-nice job Google

Sent to a large number of users at once

These emails often end up in our spam folder because of our spam filters in place

Is this a trusted website?

SPAM & PHISHING

EXAMPLE

americanexpress.com is the legitimate address not aexp.com

Sent to a large number of users at one time

Generic greeting

Asking you to click on a link that goes to a fraudulent website. Hover over the link to see where it really goes

Phishing Email:A phishing email is a fraudulent message carefully crafted to trick you into giving up your password or other sensitive information. Financial gain and criminal activity are the key motivations for email phishing. Characteristics of phishing emails are:• Invoke a sense of urgency• Asking you to click on a link embedded in the

email that has no affiliation with the organization it is masquerading as

• Asking for passwords or other sensitive information such as a social security number

• Generic greetings and signatures• Odd spelling or grammar

PHISHING

EXAMPLE

Scam Email:Email fraud or scams can come in many different forms such as job scams and lottery scams. They are cons and share the same characteristics:• Requests for money• Requests to cash a check, wire

money, or set up a bank account• Promises of money for little or no

effort• Odd grammar and misspellings

JOB SCAM

EXAMPLE

Email address looks real but does not actually exist

Asking you to respond to a non-SLU email address

Odd grammar

Too good to be true

Not a SLU person and no contact information

JOB SCAM

EXAMPLE

Asking you to send personally identifiable information such as SSN, drivers license or other ID

Hoax Email:A hoax email is also known as a spoof email. The sender alters part of the email such as the senders name or address so it appears to come from a legitimate source. Characteristics of hoax emails are:• Spread urban myths or outlandish stories• Sell a bogus product or market an online service• Spoofed email address to appear legitimate• Odd spelling or grammar• Promise or request of money

HOAX & SCAM

EXAMPLE

This could be a spoofed email address or compromised account of a SLU student so it looks legitimate

Invoke of sense of urgency or need

Sent to a member of the students contact list

Poor punctuation and odd grammar throughout body of message

Actual signature of SLU student

Malware distributed via Email:Malware, or malicious software, is software used to disrupt computer operation, gain access to private computer systems or gather sensitive information. Attachments in emails and internet advertising are two ways malware is distributed. Some types of malware include: • Viruses, ransomware, worms, Trojan horse, rootkits,

keyloggers, dialers, spyware and adware• A common Trojan horse masquerades itself as anti-

virus software. The Trojan presents itself as something harmful or useful in order to get victims to install it on their computer

• Could be a keystroke logger that can capture all your passwords!

MALWARE

EXAMPLE

Often sent from someone you trust without their knowledge

Enticing subject line

Generic looking attachment or link that will download malware to your computer without your knowledge

What do I do with Bad Email?

• Spam or phishing from an unknown sender can be marked as spam within your email program. This alerts Google to begin blocking the sender address. Other bad email such as hoaxes, can just be deleted unless…..

• Bad email from a known sender such as someone in your SLU contact list might indicate they have a compromised account. Forward the email to helpdesk @slu.edu so it can be investigated.

• Phishing email that is concerning, can be forwarded to the helpdesk so they can be investigated. Once forwarded, choose the report phishing option within Google. This alerts Google of the fraudulent activity.

• Other bad email that is concerning, such as those that might contain a malware attachment or job scams, can be forwarded to the helpdesk.

• If you have responded to any of these emails with personal information, or clicked on links that may have downloaded malware, please contact the ITS Service Desk at 977-4000 or helpdesk @slu.edu.

• The helpdesk will involve Information Security when necessary (infosecurityteam@slu.edu)

Summary:The easiest way for cybercriminals to gain access to

our resources is through unaware end users. Because this activity will continue to increase, it is imperative

that we critically evaluate emails we receive. We cannot stop cybercriminals from sending bad email, however, by becoming aware of what we should be

looking for, we can limit our response to them which in turn will protect our resources as well as our personal

information.

More info:For more examples on phishing emails, visit: http://netforbeginners.about.com/od/scamsandidentitytheft/ig/Phishing-Scams-and-Email-Cons/

Take the anti-phish IQ Test hosted by Dell SonicWall visit: http://www.sonicwall.com/furl/phishing/