• Campuses
  • Abilene
  • Amarillo
  • Dallas
  • El Paso
  • Highland Lakes
  • Lubbock
  • Permian Basin
• Info For
  • Prospective Students
  • Current Students
  • Residents
  • Faculty & Staff
  • Alumni & Friends
  • Patients & Healthcare
  • Visitors & Community
  • Giving to TTUHSC
• Schools
  • Allied Health Sciences
  • Biomedical Sciences
  • Medicine
    • HSC School of Medicine
    • Foster School of Medicine
  • Nursing
  • Pharmacy
• Contact Info
  • HSC Directory
  • HSC Contacts
  • IT Contacts
  • IT Security Contacts
• Site Maps
  • HSC Site Map
  • IT Site Map

Quick Search

IT Resources

• Information Technology
• Quick Links
  • Available Services
  • Help Desk
  • Security
  • IT Policies
  • Download Software

IT Security Resources

• Security and Infrastructure Assurance
• IT Security
• Infrastructure Assurance
• Incident Reporting
• Information Security Forms
• Information Security Articles
  • Email Hoaxes
  • Social Engineering
  • Technology Security At Home
  • Keeping an Eye on Security: Protecting Yourself From Spam, Phishing, And More
  • Keeping an Eye on Security: Identity Theft And Fraud
• Information Security Resources
• Contact Information
• McAfee Home Use
• How To Control SPAM
• McAfee web site
• Submit a Project Request

HSC Resources

• HSC Home
• Welcome to the HSC
  • Welcome to the HSC
  • TTUHSC Strategic Plan
  • News & Events
  • Fact Books
• Office of the President
• Campuses
  • Abilene
  • Amarillo
  • Dallas
  • El Paso
  • Highland Lakes
  • Lubbock
  • Permian Basin
• Schools
  • Allied Health Sciences
  • Biomedical Sciences
  • Medicine
    • HSC School of Medicine
    • Foster School of Medicine
  • Nursing
  • Pharmacy
• Centers & Institutes
• Research
• Administration
  • President's Office
  • Administrative Officers
  • Communications
  • Departments
  • Center for International and Multicultural Affairs
  • Rural & Community Health
  • Finance & Administration
  • Information Technology
  • Policies, Manuals and State Reporting
  • Institutional Compliance
• Human Resources
  • Prospective Employees
  • New Employees
  • Current Employees
  • HR Offices
  • Job Opportunities
  • More »
• Libraries
  • Library Catalog
  • Databases
  • Online Books
  • Online Journals
  • Online Reserves
  • More »
• Accreditation
  • Office of Institutional Planning and Assessment
  • Quality Enhancment Plan
  • More »
• News & Events
• Emergency Preparedness
• Compliance Hotline

Security

Keeping An Eye On Security:  Protecting Yourself From Spam, Phishing, And More

Spam (unwanted email) has emerged as one of the most annoying side effects from this marvelous age of personal computers.  Just about everybody that uses a computer has been afflicted by it to some degree, and collectively, it has a significant impact on productivity.

As if an Inbox full of unwanted junk email to wade through every morning isn't bad enough, along comes the scammers, fraudsters, and crooks to add financial peril and dysfunctional computers to an already frustrating situation.  Because of the threats involved with email, a healthy dose of skepticism is in order before responding to an "opportunity" that arrives in the form of an email message.

Most people with an email account have seen dozens of email messages supposedly from financial institutions claiming that the recipient urgently needs to "log in" in order to prevent disruption of vital banking services.  Many times, these messages seem to originate from a bank other than the one used by the email recipient.  That's because the scammers often take a "shotgun" style approach by spamming thousands of people with these phone messages in hopes that a few people who really are customers would be fooled and "deposit" their credit card or other financial information on the scammers' servers.

Shotgun phishing probably won't go away anytime soon but there are some more sophisticated scams beginning to show up, so it's more important than ever to be skeptical about unsolicited email messages.  With many email users becoming wise to the basic phishing scams, these new hybrid or blended attacks are emerging as a way for cyber-crooks to trick even security savvy users into letting their guards down.

One new type of targeted phishing scam starts out with an email which directly addresses the intended victim with a meticulously constructed message which often seems to come from a senior member of their organization or trusted correspondent.  Since the sender portion of email messages can easily be faked, this practice is called "spoofing" the sender.

When sender spoofing is used in conjunction with legitimate "looking" email stationery or company letterhead, it can all seem very convincing to the recipient.  Because the email looks legitimate, the person feels compelled to follow the instructions included in the message which often involves clicking on a link included in the message and following the instructions contained in the email.

This is very similar to the "trick people into clicking on the attachment" variety of viruses that have been around for years.  If clicked, the web links in the email usually takes the targeted person to a malicious server that tries to infect the victim's computer with a virus or offers up some software to install.  Many times, this new "software" allows the fraudster to capture the keystrokes and other personal and financial information of the victim over a long period of time (until the malicious software is discovered and removed).  Therefore, while it may involve more research and effort to carry out this type of phishing attack, the scammer's success rate is probably much higher than the older shotgun method.  This combination of spoofing, phishing, and trojan horse malware is why this new type of attack is called a "blended attack".

Here are a few tips to help you protect yourself from these potential pitfalls.

Beware of email messages with lavish offerings or urgent deadlines.  Whether it's a chance to prevent your bank or PayPal privileges from being suspended, or to help someone you don't know close a multi-million dollar deal, or the plethora of other fabulous opportunities that present themselves via your Inbox, take a few moments to fully consider the message and investigate its authenticity before you click on anything and you will probably be able to avoid these cyber-con-artist's traps.

Beware of links included in email messages, especially when the email is trying to convey a special sense of urgency.  An example of this could be "Your account privileges will be terminated if you fail to log in within 24 hours" or "It is very important that you visit <blank> website and install this" or "Click on that as soon as possible".

Remember that financial organizations simply do not do urgent business via email.  And your boss will understand if you call seeking verification of instructions before you act.

Do not install software from a website (or any other source) unless you understand what you are getting and why you need it.  If you're visiting a website and a box pops up asking questions, just say NO or click the "X" to close the window.  That's a very savvy habit to develop as you go about surfing the information superhighway.  You can always go back later if you discover that you needed it after all.  Following these simple guidelines will help make your experiences on the Internet happy ones and keep your computer healthy and working for you (not the bad guys).

Go undercover with your primary email account.  It is a good idea to maintain a couple of different email accounts in order to help keep spam out of the Inbox for your primary business email account.  Only give out your primary account information to your coworkers, family, friends, and other individuals you trust with the responsibility of keeping your Inbox free of spam.  Then use a less important account (s) when it is necessary to give out an email address on the Internet to businesses or on websites that your are not familiar with.  That will help keep your favorite email address off the big commercial spammer lists.

Take advantage of free web-based email services from providers such as Google (Gmail), Yahoo, and Microsoft (Hotmail) in order to minimize the spam that arrives in your primary account's inbox.  You only need to check the secondary account when your are expecting email such as information coming from a website you visited.  Then you can gleefully ignore all the spam that piles up in that secondary Inbox.

The IT division also offers free spam reduction services to the TTUHSC community.  Greylisting is a sophisticated way of validating the remote email server by requiring the server to resend a message.  This only occurs the first time a message is received from an unknown sender and is very effective at reducing spam while maintaining the flow of legitimate email through the system.  For more information about Greylisting and how to sign up for the service please refer to http://www.ttuhsc.edu/IT/HelpDesk/greyList.aspx.

Users can also apply the Junk Email Filter to their Exchange account to move any messages determined to be possible junk email to a designated folder, such as a Junk Email folder.  For more information on applying this filter to your email account, please go to http://www.ttuhsc.edu/IT/HelpDesk/outlookMgmt/junkemail.aspx.

If you develop these good habits, you will be on the road to successfully managing spam and minimizing your exposure to Internet fraud.  Remember, it's easier to prevent spam than it is to stop it once it starts rolling in.

By Lane Timmons

Security Systems Analyst II

Texas Tech University Health Sciences Center, 3601 4th Street, Lubbock, TX 79430
806.743.1000
it.webmaster@ttuhsc.edu

Campus Webmasters | Recommended Web Site Viewing Requirements | General Policy Information | Online Institutional Resumes

State of Texas Web Site | SAO Fraud Reporting | DMCA Compliance | Texas Homeland Security | TTUHSC Energy Conservation Report

TTUHSC Home | Texas Tech University System | Texas Tech University

©2009 Texas Tech University Health Sciences Center | All Rights Reserved