Stop the Scammers: IT Shares Best Practices to Combat Email Fraud

Campus community encouraged to follow tips when encountering malicious, fraudulent emails

Everyone can take simple steps to protect themselves from email scams and other online threats. Experts from the UM Office of Information Technology offer several tips on protecting yourself online. Adobe Stock image

Scammers, hackers and all other internet bad guys don’t want you to read this.

They want you to let your guard down and be enticed by the email offer for free computers, incredible discount opportunities or even what appears to be friendly outreach from a friend or colleague in need of assistance. All it takes is one click and they win.

Fortunately for you, a team of University of Mississippi experts within the Office of Information Technology is always scanning and tracking malicious, fraudulent and phishing emails that are circulated among Ole Miss accounts. Behind the scenes, IT has systems in place to reduce exposure to spam, malware and phishing emails on the university’s networks and systems. But they still need your help.

Nishanth Rodrigues

Nishanth Rodrigues, UM chief information officer and chief information security officer, with assistance from the IT Security Committee, shares a number of tips to help you identify spam messages and prevent them from wreaking havoc on your accounts:

  • Use your olemiss.edu or go.olemiss.edu account for UM business: 
    Emails sent from your organization-assigned address will lack the [EXTERNAL] tag in the body of the email, verifying the message is from a trusted source.
  • Pay attention to the [EXTERNAL] tag on email messages:
    The external tag is an indicator placed on any mail coming from outside the organization. It is from an unknown source outside the university and should be examined carefully.
  • Pay attention to messages that report services that are too good to be true:
    Cheap pet sitting and unexpected lottery/inheritance funds are examples of phishing attempts to elicit responses with valuable personal information. Tips for identifying phishing messages are available at https://itsecurity.olemiss.edu/phishing-tips.
  • Watch out for impersonation scams:
    Scammers may send emails that appear to be from a trusted authority – such as a bank, eBay, IT Helpdesk, Microsoft, Zoom, etc. – to lure you into providing a username, password, credit card or even Social Security number. Also watch for messages claiming to be from a colleague/boss asking for a cell number or to purchase gift cards. Part-time job offers promising payment in advance are another red flag.
  • Never open an untrusted attachment:
    Attachments are the most common way to spread malware, which can nab your personal information or even render your machine inoperable. Only open attachments you expect from users you trust. If you’re in doubt, verify with the sender or an IT professional before opening.
  • Investigate suspicious messages:
    Check https://itsecurity.olemiss.edu/phishing to see if a message has been recently reported. Hover your mouse over a link/address or long press on a mobile device to identify questionable URLS (https://technews.olemiss.edu/identify-phishing-attacks/). A scammer may replace one letter or phrase of a domain to fool you into thinking the URL is legitimate, such as using “paypal.net” instead of paypal.com, or “goggle.com” instead of google.com. They may also use a link-shortening service to disguise the “real” link they’re sending. Fortunately, most link-shortening services allow you to preview a link before formally clicking it, such as adding a + symbol to the end of a bitly.
  • Any spam or unwanted messages should be marked as “junk” so they no longer populate your inbox. Phishing messages that look to have malicious intent – spoof message from a chair requesting your cellphone number – can be reported to abuse@olemiss.edu, which will result in follow-up action from our IT security coordinator.
  • Keep an antivirus program installed:
    Symantec antivirus offered by the university ­– https://itsecurity.olemiss.edu/antivirus – will scan email attachments before you download them and prevent you from accessing malicious webpages. It can also help remove malware from your computer.
  • Risks of being phished: 
    • Identity theft: This information can be used to access your financial accounts, make purchases or even secure loans in your name.
    • Virus infections: Some fraudulent emails include links or attachments that, once clicked, download malicious software to your computer. Others may also install keystroke loggers that record your computer activity.
    • Loss of personal data: Malicious software can encrypt files on a victim’s computer and deny owners access to their files until they pay a ransom.
    • Compromising institutional information: If your university IT account is compromised, scammers may be able to access sensitive institutional information and research data.
    • Putting friends and family at risk: If your personal information is accessed, attackers will scan your accounts for personal information about your contacts and, in turn, attempt to phish for their sensitive information. Phishers may also send emails and social media messages from your accounts in an attempt to gain information from your family, friends and colleagues. 

For more information about the university’s IT systems, visit https://olemiss.edu/depts/it.