E-mail users everywhere are subjected daily to unwanted and/or malicious E-mail messages. Most of us see only a fraction of these messages, because Internet Service Providers and E-mail administrators typically filter out many of them. Unfortunately, these service providers cannot stop all such messages; doing so would result in also stopping an unacceptably high number of legitimate messages.
Computing and Information Services periodically posts alerts about malicious E-mail messages and other pressing security issues, such as messages that appear to have been sent by the accounts office, electronic post cards that appear to have been sent by a friend, and vulnerabilities that were discovered in your operating system or application program that must be corrected without delay. Unfortunately CIS cannot post alerts about all such threats and updates, because they are too frequent. The good news is that the following best practices protect you effectively in the vast majority of cases:
- Enable automatic updates for your operating system and applications. If automated updates are not appropriate for your situation, check for and apply security updates several times per week. Verify that the updates are working in either case.
- Use protection mechanisms that are built into your operating system as well as protection mechanisms that are provided by UNH, including firewall services in the operating system, security settings in applications, automated updates services, virus protection, and vulnerability scans.
- Never respond to E-mail messages that attempt to solicit personal information such as your password, birth date, account information, and SSN. Do not depend on security alerts about such messages; consider such messages malicious just by the fact that they are requesting such information. It does not matter how legitimate an E-mail message looks; if it is asking for such information, it is probably malicious. No legitimate organization should be asking for such information in this manner through E-mail.
- Do not click on URLs (links) in E-mail messages whether the E-mail message appears to be from your bank, a post card from your friend, a friendly advertisement, or any number of other types of messages that offer more information or services just by clicking on a link. If you are confident that the E-mail message is legitimate, enter the URL for the main web site of the organization that you want to reach, and work your way through that site to the topic or service you need to access. When in doubt, call the organization by telephone at their publicly available main phone number before proceeding to links that may not be what they appear to be.
- Before taking any action as described in an E-mail, call the CIS Help Desk at 862-4242 to verify the validity of the E-mail.
For more information about these and related topics, please frequently visit the following addresses:
Please also visit snopes.com/info/top25uls.asp and hoax-slayer.com for additional resources and information.