Email Spoofing at UNH

February 20, 2017

by UNH IT Staff

Email spoofing is usually fairly obvious, much like a bad disguise.

The University is a frequent target of email address spoofing. The practice is simple: it involves a sender pretending to be someone they are not to mislead the recipient as to the true origin of the message. The end goals are mixed, but methods often involve phishing: tricking the recipient into taking an action such as disclosing personal information or clicking links to sites containing viruses, among others.

In the last two weeks, more than 18 million emails were processed through the UNH email systems. UNH IT has multiple technologies in place that removed 7 million spam messages and tagged 4 million bulk emails.

In addition to existing technologies, UNH Information Technology will introduce Recipient Verification, an additional application to help reduce this problem, on March 15, 2017. This application will review incoming email, comparing the name of the sender to the email address to filter any messages that don’t match while checking against a list of known spoofers. Recipient Verification will catch an estimated 50,000 additional Spoof/Phishing messages.

Unfortunately, no technology will ever completely eradicate spoofing. The cornerstone of security starts with the end-user. UNH faculty and staff are urged to be vigilant about ensuring email is legitimate.

To help ensure the sender is legitimate, ask the following questions:

Does the email address match the sender’s name? Using a fictitious example, if WildECat sends you an email, make sure the email address is WildECat@unh.edu
Does the email ask you to do something out of the ordinary, such as clicking on an unfamiliar web address or asking you to disclose personal information? If so, question the message’s authenticity.

If you receive an email that matches one of the two examples above, or one of a suspicious nature, please report the suspected emails to phishing.report@unh.edu . For more information, search the term phishing on the University of New Hampshire homepage. Questions? Contact the UNH IT Service Desk at 603-862-4242.

 

Bookmark and Share

Archive