Social Engineering - 'Phishing' for personal information
One of the most common ways in which data is lost, computers are compromised, and systems are accessed by unauthorized users is through social engineering. Many studies have shown that people will give passwords, account numbers, credit cards, etc. if someone asks for them, without verifying the request. If you receive an e-mail asking for your user name, account name, password, credit card number, social security number, etc., do not respond. The person or organization who sent that message to you is "phishing" for your personal information, typically for their own financial gain or possibly to gain access to the systems that you may already have access. Reputable businesses, including Dartmouth College, do not send e-mails asking for your personal information. If you are unsure, call the business that appears to be making the request to verify the request. Use a phone number that you have for the business, rather than one provided in the e-mail message you received.
In addition, even if you know it is a scam, you should not reply to the message. The simple act of replying to let the sender know you are on to their scam provides valuable information to the sender. When you reply, you let them know your e-mail address is valid and active. They can then sell lists of confirmed e-mail addresses to other vendors who want to do a mass marketing campaign via e-mail.
See also: Microsoft's article: "Recognize phishing scams and fraudulent e-mail".
Virus Detection
The mailhub servers, through which all mail to and from off-campus flows, have virus detection software installed. If a virus is detected in an e-mail enclosure by the mailhub server, the enclosure will be removed from the message, the message will be annotated about the enclosure/virus/malware removal, and the modified message will continue to be sent to the originally intended recipient(s).
You should be aware that not all viruses are detected this way, so you should only open enclosures that you are expecting, even if the message appears to be from someone you know. The best way to do this is to ensure that you have an up-to-date AntiVirus program installed on your computer with the most current virus definitions before proceeding. To allow the AntiVirus software to protect you, if you are expecting the e-mail and the enclosure, do not right-click and OPEN the enclosure without saving it to your computer first. SAVE the enclosure to your computer! This allows the AntiVirus software to scan the file during the download process to ensure that it is free from the viruses the AntiVirus software can detect.
For additional information on this service, see Scanning E-mail for Viruses.
Encryption and Electronic Signatures for Your E-mail
If you would like to learn how to include an electronic signature with your e-mail using your eToken, see Using S/MIME E-mail. This feature currently works for the following e-mail clients: BlitzMail 2.8 or higher for the Macintosh, as well as Thunderbird on Windows, the Macintosh, and Linux, Outlook on Windows, and Mail on the Macintosh. (Note: Authentication is required for use with S/MIME.)
Additionally, you can use your eToken to encrypt your e-mail; however, we strongly discourage this, because if your eToken becomes damaged or lost, or if you forget your password, anything you encrypted with that eToken will be permanently inaccessible.
For instructions on how to get an eToken or PKI Certificate, see Identify Yourself Through Authentication.
If you have questions about any of these topics, please contact the IT Service Desk (Help Desk) at 646-2999 and select from the options provided, send electronic mail to help@dartmouth.edu, or call your department's IT support office.
|
