Email Security

Current Scams

View information on current scams targeting the UFV community.

Stay informed

 

Email Troubleshooting

Third-Party Services

If you use third-party email services (e.g., Gmail, QQ Mail, 163/126 Mail, etc.), you may experience problems when sending or receiving email.

If you are using a third-party service to send an email from your UFV student email, your emails may not be delivered. Spam filters at UFV and other institutions may regard emails sent this way as spam. To ensure your emails are delivered, use only your UFV student account to send an email. 

You may also experience issues receiving emails when auto-forwarding is set up in Zimbra. UFV cannot guarantee or track delivery to and from these third party services. For this reason, it is best practice to use only your student email. 

Login instructions:

Direct: use your myUFV credentials to sign in directly at mymail.ufv.ca
myUFV: sign in at my.ufv.ca, and click the link in the Student Email box.

 

SPAM, Scams, & Phishing

What is SPAM?

Spam is unsolicited, irrelevant, or inappropriate messages sent on the Internet to a large number of recipients. Sometimes, spam comes from corporate advertisements. Other times, spam comes from cyber criminals.

What is Phishing?

Phishing is a scam where you are tricked into revealing personal and sensitive information such as login credentials and banking details. Attackers usually do this by pretending to be someone you know or trust.

Spear Phishing is when the attack is personalized to you or your organization.

Spoofed Email and Other Scams

You can be tricked into thinking an email is really from someone you know, but the sender address has been forged. It is commonly used to mislead you (such as in a phishing attempt), but can be used as a prank.

Avoid, Reduce, and Block SPAM

Avoid and Reduce: Be careful about where you share your email address. If your email appears on a public directory or social media, it can easily be found by scammers.

Block: Make use of your Quarantine Inbox's block feature. Sign in with the following credentials:

Username: Your full @ufv.ca email address (NOT your AD username)
Password: Your network/email password

Once logged in, go to PREFERENCES > Whitelist/Blacklist. To add an entry, type an email address into the blacklist field and click the Add button.

Most importantly... Report suspicious emails to phishreport@ufv.ca so that we can take action.

What is UFV doing about SPAM?

UFV's cybersecurity team is constantly monitoring our email system to detect spam before it reaches you. We stay up to date on the latest email security threats to ensure our systems are current. However, cybercriminals are getting smarter in the ways they avoid detection so we need your help if something gets through.

 

Email Viruses and Malware

Malware

Malware is short for "malicious software". They are computer programs that are specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Malware Types

There are many types of malware. We understand... all the different terminologies can be confusing. Here are six common types of malware you might encounter:

Virus: Like a biological virus, computer viruses are able to replicate and spread on their own. They typically have a detrimental effect, such as corrupting your computer or destroying your data.

Trojan Horse: Trojan horses are designed to infiltrate your computer system while masquerading as a benign program. One of the most common types of trojan horse viruses are ones which pretend to be anti-virus software, but they are really viruses themselves. Clever!

Ransomware: Ransomware is designed to block access to your computer or files until a sum of money is paid, usually via non-refundable wire transfer or bitcoin transactions.

Spyware: Spyware is designed to covertly transmit your data (files, keystrokes, and data) to the attacker's computer. True to its name, it spies on your activity.

Macro: A macro virus is written in a program's macro language (a language used to automate tasks within the program). As such, macro viruses are commonly distributed through documents and other files. Once you open it, macro viruses will use the program's macro language to automatically perform a sequence of tasks. These can modify your documents, delete them, send a copy of the virus from your email, and other things.

Bot: A malicious bot ("robot") is a self-propagating malware that is designed to infect computers and perform some tasks it receives from an attacker. A number of bot computers are collectively called a botnet. If your computer is part of a botnet, it may send scam and phishing emails or perform attacks against other computers without your knowledge.

Recognize a Phishing Attempt

1 “From” Line

The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but in reality, it could be a spoof. Hackers know that people are more likely to trust an email from someone they can recognize, which is why they make the email address appear to be from an existing contact. Let’s look at a quick example of this.

Real Email: cybersecurity@ufv.ca
Spoofed Email: cybersecurity@ufw.ca

Notice that the ‘v’ is missing from “ufv” in the spoofed email, therefore it appears legitimate at a quick glance but the domain is not accurate.

2. “To” Line

Sometimes, the hacker will send an email to many different people. If you do not personally know the other people in the “to” line or you are being cc’d on a strange email, that should be a red flag.

3. Hyperlinks

Always be cautious of clicking on embedded links within an email unless you are sure it is from a trusted source. Before you click on a link, you can hover over it with your mouse to see the destination URL before you click on it. If the URL does not match what the text says or it looks strange, it’s not a good idea to click on the hyperlink.

4. Time

Consider the time you receive an email and compare it with the normal time you receive similar emails. Do you generally get an email from the CEO of your company at 2 a.m.? If not, this is an indication of a potentially spoofed email.

The same goes for the specific time of year. Be extra cautious around holiday or tax season, as cybercriminals typically increase phishing attempts when financial information is being shared or online shopping is heightened.

5. Attachments

Attachments may seem harmless (especially if it is a known file type like a document or PDF), but some can contain malicious viruses or another form of malware. So, as a rule of thumb, do not open attachments that you are not expecting. If a sender does not normally send you attachments, this is a sign that it could be a fraudulent email. In addition, if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls you should not download or open it.

6. Subject

Phishing attempts usually try to trick you with scare tactics or immediate action. If the subject line seems fishy, such as “Need wire transfer now” or “Change the password immediately”, validate the source before you take any action. The subject may also be irrelevant or not on topic with the rest of the email content, which can be another red flag.

7. Content

The greeting may be generic such as 'Dear valued customer' or 'Account holder'. The sender may be urging you to update your information or change your password in order to avoid a consequence, which instills fear and prompts action. UFV will never threaten you to take some sort of action, as this is another method hackers use to trick you. In addition, if the grammar or spelling is incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.

Example

Let's take a look at an example of a phishing email that has actually been sent to UFV employees, and identify some red flags:

 

Recognize a Fake Website

Check out these telltale signs a website may be fake:

1. Check the address bar

The start of a URL may start with http:// or https:// - note the 's' which stands for secure. If a website uses http:// (no s), that doesn’t guarantee that it is a scam, but it’s something to watch for. To be on the safe side, you should never enter personal information into a site beginning with http://.

2. Check the domain name

A favorite trick of scammers is to create websites with addresses that mimic those of large brands or companies, like gooogle.com or amaz0n.net. Scammers count on you skimming over the address and domain name, so it’s always worth double-checking the address bar if you’re redirected to a website from another page.

3. Check the domain age

Scammers know that more people shop online around the Holidays, so they will make real-looking websites around those times. You can check a website's age at the Whois domain tracker to see how long a site has been in business.  

4. Poor grammar and spelling

An excess of spelling, punctuation, capitalization, and grammar mistakes could indicate that a website went up quickly. On legitimate websites, the occasional typo may be an accident, but these companies still put effort into presenting a professional website. If a website capitalizes every other word or has a lot of odd phrasing and punctuation, take a closer look.

5. Verify

There are lots of free, easy to use tools available for checking the legitimacy of a website. 

If you aren't sure about a website, it is best not to give them any personal or payment information. Be especially careful if you were directed to the website from a link in an email or message.

Details

Article ID: 524
Created
Thu 5/14/20 10:29 AM
Modified
Wed 6/24/20 4:18 PM