Email is a necessity for communicating and for conducting William & Mary's business. However, email can be difficult to control from a security perspective.
In W&M Information Technology, we have lots of security measures in place to filter, block, and quarantine malicious emails, but the bad guys are always trying to stay one step ahead - and sometimes bad emails can get into our mail system. It is up to the individual to recognize these malicious emails and act on them (or ignore them) accordingly.
There are several security threats when it comes to email.
- Phishing is the tactic of making false claims in order to gain access to your account. Phishing, though not new in terms of the Internet, continues to refine itself by trying to find new ways to trick you. Phishing scams may ask you to provide your account credentials or they may direct you to a fake login page to capture them.
- Ransomware is a type of virus that encrypts your files and blocks access to your data, in an effort to receive a payment (ransom). The virus is automatically installed on your computer, usually after opening a malicious attachment in an email. Similar to phishing, the look of the email may be deceiving and may try make you believe that it is legitimate.
Mouseover scams are designed to get you to download malicious files or software just by hovering over a link. Often they come in the form of PowerPoint attachments sent by spammers, and when you open the attachment and hover over a link or image, files will immediately start to download.
- Extortion is a strategy utilized to manipulate the target to engage in a certain type of behavior or action. Often using sexually sensitive material, the attacker blackmails the target for money.
It's best to err on the side of caution when an email threat is a possibility. If in doubt, forward the email in question to [[support]] for verification. If you know it is bogus, forward it to [[abuse]] and delete it from your inbox.
Notifications sent by W&M IT
Many malicious emails are going to claim to be from IT. They aren't. However, you can expect to receive a few legitimate email notifications from W&M IT that you do need to act on. These notifications are for (but not limited to):
- Your yearly password reset (once annually, based on the date of your previous password reset)
- The annual network authentication (usually in early August)
- Verification of phone locations (once annually, based on the date when the phone location was previously verified)
So how do you know if it is legit? Real emails from W&M IT will not link you directly to a login page. They will direct you to the W&M IT home page on our website. From there, click the button to access the site for the appropriate update.
Questions? Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]] | Jones 201, Monday - Friday, 8:00 am - 5:00 pm