• NETWORK
  • Overview
  • Ethernet
  • Wireless
  • Using 802.1x
  • VPN
  • Handheld devices
  • Hubs and Device Reg
  • Peer-to-Peer and Copyright
  • International student guide
  • Active Directory
  • Modem
  • Outside ISP
  • Medical Campus
• E-MAIL
  • Get started
  • General e-mail topics
  • Away from BU?
  • After graduation
• SECURITY
  • Overview
  • Virus protection
  • Spyware detection
  • Firewalls
  • AutoUpdate
  • Virus removal
  • McAfee VirusScan help
  • Norton Security help
  • Alerts
  • Register notebooks
  • Facebook settings
• WIN/MAC
  • Overview
  • Supported software
  • Windows help
  • Mac OS help
  • Microsoft Office
  • FileMaker Pro
  • Adobe Acrobat
  • Web browsers
  • Web Login Help
  • Distributed software
  • Go green!
• ACS/UNIX
  • Overview
  • Get an account
  • Account quotas
  • Docs and software
  • Using Pine
  • X Win, Telnet, SSH
  • BU Linux
  • Using FTP
• TUTORIALS
  • Overview
  • Course descriptions
  • Tutorial handouts
  • Self-paced tutorials
• SALES/REPAIR
  • Overview
  • Personal
  • Departmental
  • Repair
  • Donate or recycle
  • BUPD Laptop Reg
• CONTACT
  • Contact us
  • Departmental support
  • Courseware support
  • Web development
  • Faculty resources
  • Web conferencing

spoofing and phishing - avoid identity theft

Spoofed messages are a kind of spam cleverly designed to look like they originated from a person or organization you could be familiar with. A spoof could also be a message that looks like it was meant for someone else but was sent to you by accident, or a returned e-mail that appears to have originated with you but contains a message you didn't send. Detailed information about spoofing is available on the wikipedia page at http://en.wikipedia.org/wiki/E-mail_spoofing.

Many spoofed messages are harmless -- they're simply ill-conceived attempts at marketing. However, a message that hopes to get you to provide personal information, or download software that will steal that information from you -- a tactic often referred to as "phishing" -- is a particularly dangerous kind of e-mail spoof.

A currently popular phishing technique simply asks you to reply and send your password. As an example, you may receive a message claiming to be from some seemingly official (but non-existent) entity, e.g., "The BU.EDU Upgrade Team," saying that the mail system is being upgraded and your account will be deleted unless you respond immediately and provide your password. A bit of healthy skepticism should reveal several suspicious aspects of these types of messages.

Click to see a sample of spoofed e-mail received by some in the BU community.

• The message asks for your password. Similar messages may ask for a lot of other information that no BU organization would need from you, e.g., your last name, your username, and your date of birth. Except for your password, this information is already well known to the University, and the University certainly knows whether you are still affiliated with BU and therefore still need your e-mail account.
• The "From" address sounds vague and the real address shown next to it isn't @bu.edu -- it's from some external address.
• If you start to reply to the message, the "To" address generated goes not to a BU address, but to some external address (sometimes this "reply-to" address is even in a foreign country).

If you are ever suspicious of a message, you should contact the sender directly (not via a response), perhaps by telephone, and ask if the message is legitimate. In this case, you could contact the Office of Information Technology at 617-353-2780 or it@bu.edu or security@bu.edu.

The following ruses are typical of messages that could be phishing:

If you have received a message that you suspect to be a scam, the best thing to do is just ignore and delete it. However, if you want to be certain of that decision, you can research the message at Web sites like www.millersmiles.co.uk. Typically such e-mails take the form of one of the following:

a. A request for information about your bank, PayPal, eBay, or Amazon accounts, often saying that you will lose access to your account if you don't respond within 24 hours.

b. A request that you go to a (bogus but authentic-looking) Web site to install a security patch. That Web site may install some sort of malware on your computer, such as a keystroke logger, facilitating direct theft of your account information and passwords when you later visit legitimate sites.

c. A request from your Internet Service Provider with an official-sounding (Information Technology-like address) such as "bu.edu support." Sometimes these messages are easy to spot as they often have typos or grammatical errors. However, if you ever want to confirm the authenticity of such a message, you can call the Office of Information Technology at 617-353-2780 or send e-mail to security@bu.edu to verify it -- don't reply to the original message.

You can protect yourself from the dangers that accompany unwanted mail:

Don't follow links and never provide personal information

You should never follow links offered to you in unsolicited mail or provide any personal or financial information, just as you wouldn't when you receive an unsolicited phone call. This should be your guideline no matter how tempting, frightening or persuasive the mail seems. Remember that, given an awareness of the problem of phishing, legitimate companies probably wouldn't use this method of approaching you. If you do feel compelled to respond, don't use the e-mail to do that. Go directly to the legitimate Web site of the sender (PayPal, for example) and login there.

If in doubt, confirm

It's often useful to copy and paste the subject or some other tag line from e-mail into Google to get to the truth of claims (including, for example, those from organizations claiming to be engaged in charitable activities). E-mail that asks recipients to forward to everyone in their address books is almost always a hoax. If you ever want advice about a message you received, you can forward it to ithelp@bu.edu and we'll take a look at it. You can also research hoaxes at Web sites like www.millersmiles.co.uk.

Don't open attachments that you weren't expecting

Many viruses are designed to send out spoofed e-mail messages. This mail could be originating from any infected PC in the world which happens to have your address in a file, e.g. the address book, or which happens to have auto-generated your address in some fashion. Some, although not all, of these messages will come with an attachment designed to spread the virus to you. Viewing such an attachment puts your computer at risk.

Use virus protection software

Although those propagating a virus can use spoofing in order to get you to open a virus attached to an e-mail message, sometimes spoofed messages are simply the side-effect of a virus that someone else has, but they are not actually harmful to you. Receiving messages of this kind does not mean that you have been infected with a virus. However, you should always run current virus protection software and make sure that its definition file is up-to-date. If you accidentally opened a file that was attached to a message of this kind, then you could be infected and should scan your computer using the most current definitions.

Protect yourself from spam

To eliminate much of your unwanted mail in general, follow the instructions on our spam page. However you should note that spam filtering may or may not eliminate spoofed messages, since the headers of a spoofed message typically appear to be from a legitimate source. You will always need to be careful when reading mail and should immediately delete any unsolicited messages.

It's not just you

If you are seeing this type of unwanted message, it's extremely likely that so is everyone else in the B.U. community, and outside. Try not to think of it as "how did someone get my e-mail address?" Changing your e-mail address will not make a difference. Just delete the messages and focus on computing safely, as described above.

If it's too late:

If you responded to e-mail and provided your password, you should immediately change your password. If you have provided information to a Web site that you now believe to have been part of a scam, you should review on-line guidelines for what to do, such as those provided by Microsoft. At a minimum you should scan your computer for spyware and viruses, as described on our related page. Depending on what information you provided, you may also need to take steps to protect your credit card and bank information.

 

IT Help Center   BU 

• © Boston University