Internet and computer security are becoming increasingly difficult as we face phishing scams, virus-laden emails and websites, SPAM, and all sorts of malicious activity online. As a computer user, you are an integral part of the university's efforts to protect itself from these dangers. While we have a number of technologies in place to help, we all share the responsibility for ensuring safe computing practices and safeguarding the university's data and reputation.
Email is an important tool for the university that we use to communicate with our employees, students, alumni, vendors, and many other constituent groups; however, it also carries a number of risks.
Malicious Links and Attachments
Email is frequently used to send links to malicious websites seeking to steal your identity or data, as well as to send viruses that can do the same or that can destroy data on your computer and across our campus network. These emails may appear to be from friends or reputable sources, such as a bank or a well-known business.
Phishing emails are messages that attempt to trick people into revealing personal information (username and password, bank account information, etc.) or convince them to download malicious software through the use of a fake website. Popular methods of phishing include mimicking an email message from a bank or an online vendor such as eBay or Amazon encouraging users to visit a link where they will provide their username and password to update their accounts.
Email is increasingly being used to spread scams in attempts to steal money. These messages may be from strangers claiming that they will pay you a large amount of money if you perform a task or transfer money to them, or they may come from the compromised email accounts of family or friends, such as a popular scam email that claims that your friend is traveling abroad and has been robbed and needs you to wire them money. These can also include emails about credit cards, loans, and lotteries that require you to pay a fee.
Safeguarding Your Email Use
To avoid the email concerns listed above, please exercise extreme caution before opening any attachment, clicking on any link in an email, or replying to message. Generally, one should not open attachments or click on any link when:
- The message was sent by someone you do not know.
- The message asks you to click a link to "verify" personal details (e.g., "Please click the link below to verify your account details") or requires you to take action immediately to avoid closure of an account. If you are concerned about the account in question, please open your web browser and type in the website address rather than clicking on any link in the message, or else contact the support department for the company managing the account.
- The message claims you have won a contest and need to open the attachment or click a link to claim your prize.
- The message claims that you must open the attachment or click a link to update your software.
- The link looks funny – it may be numbers instead of words or be a misspelled version of a real website. Look carefully. If the email links to a site, it is safer to open a web browser and type the website address in manually. Links in emails can hide the true destination. To see where a link points, hover your mouse pointer over the link; the destination address will appear in a bubble, as seen below.
Additional Information Security Tips
Here are some additional tips to help protect yourself from attempts to steal personal or university information:
- CougarNet will never ask for your password by email, phone, or in person.
- You should never provide bank account information, credit card numbers, SSN, or other personally identifiable information (PII) via an email message.If someone asks you to provide your network password by email, do not reply to the message.If you suspect you are being solicited by an email phishing scheme, please report the incident to the CougarNet helpdesk as soon as possible. We can use the details of the message to prevent others from receiving it.
- Do not opt out of PreciseMail. PreciseMail catches a large number of fraudulent emails before they ever reach our users. If you have issues with the service catching too many legitimate emails, please do not opt out; instead, contact CougarNet to have someone help you adjust the limits for quarantining messages.
- Do not use global allow rules in PreciseMail. Wildcard rules (e.g., adding " *@hotmail.com" to the allow list) frequently allow unwanted SPAM to be delivered.
For Further Information or Help
To report an incident or request help in confirming the validity of an email or website, or if you have any additional questions, you may contact the CougarNet helpdesk at 708-209-3131 or via email at CougarNet@CUChicago.edu.