Email and Web Safety

On this page:
The Dangers of Spam 
Spam Protection
Smart Email Behavior
Conclusion

The Dangers of Spam

Responding to spam can not only hurt you by compromising your personal information, it can also impact the entire Institute by spreading a virus or causing MIT email to be 'blacklisted' (blocked by other Internet Service Providers).

Phishing

Almost everyone has gotten an email message disguised with the subject or message, "Your account has been suspended." or "We need to verify your password." These subject lines coupled with a spoofed (e.g., simulated) return address of Administrator@mit.edu, Admin@ebay.com, or AccountsDept@(your bank).com can confuse the untrained "fish." Further, the messages themselves often contain logos, and trademarks that add to the deception.

When trying to determine if email is authentic or not, remember one very important detail: no legitimate company will ever send you email requesting your username, password, or any other personally identifying information.

Attachments

Some of you may remember the Melissa virus, which used MS Outlook to transmit macro-virus-carrying attachments. To this day spammers try to spread viruses throughout the Internet by sending emails with dangerous attachments (the Storm Worm is an example of this trend). The general rule of thumb is to not open email attachments unless you are certain it originated from a trustworthy source. If you're not sure where an email came from, forward the full headers to the IS&T Service Desk.

Image Spam

In the last few years image spam has been a growing source of viruses. Image spam (an email that contains no text but an image that shows the email message) can by-pass text-based spam filters and still get into our inboxes. Much of the image spam is used in stock-scam messages, in which receivers are encouraged to buy stock to raise its value, but they are also used in other phishing attempts. In either case, this spam is still a problem for IT systems as it drains bandwidth and storage resources as well as for end-users.

Spam Protection

Spam protection is available to everyone using an xxx@mit.edu email address. With the gateway provided by Symantec's Brightmail AntiSpam appliance, you can fine-tune which emails are filtered by setting up good senders and bad senders. It is a good idea to periodically revise these preferences and to check the Spam Quarantine summaries for legitimate emails. Generally, the MIT supplied spam tools are more efficient than the filters included in your email software's preferences. Learn more.

Smart Email Behavior

In addition to spam screening and being aware of what to look for when receiving email, you will also want to use email in a way that will protect sensitive information from exposure. Watch for these types of risky behaviors:

• Are you emailing file attachments that contain sensitive information, e.g., any information that can be used for identity theft?
• When sending sensitive information via email, do you send the message unencrypted?
• When in a public place or using a shared computer station, are you logging in to your email using your password?
• Have you posted your email address on the Internet?
• Does anyone know your WebMail or login password; is it posted near your computer, or is it easy enough to be guessed?

Conclusion

If email is to remain a trusted form of communication, it needs to be kept secure and private. MIT goes to great lengths to ensure the security of its networks and IT services, but there are many possible attack vectors. The ITSS team is available to respond and investigate incidents related to the misuse or abuse of IT resources including email.

If you feel like your email account may have been compromised or is being abused, don't hesitate to contact the ITSS team.

In conclusion, your email should be reasonably secure if you show due diligence by taking a few measures that are mentioned on this page, including:

• Install anti-virus software and keep your virus definitions updated.
• Enable optional security settings whenever available.
• Keep your local workstations and accounts secure.
• If you must send email that contains sensitive information, do so only using a secure file transfer method or only send it to receivers within the MIT network.
• Follow the top 10 safe computing tips.