Handling Email Spam and Phishing
Email spam is unsolicited mass email. Some spam email can contain offensive content or it may have an attachment that contains a virus that has the potential to harm your computer or the network.
All incoming outside email messages are passed through the TMU mail filters to determine whether they are legitimate senders or from "spammers".
- Sometimes legitimate messages are falsely flagged as spam. These messages may be forwarded with full headers to firstname.lastname@example.org.
- Some messages that are spam will make it past TMU's spam filters. These messages may be forwarded with full headers to email@example.com.
Appropriate measures will be taken to try and reduce the amount of incoming spam and reduce the number of messages that have been falsely flagged as spam.
Currently, incoming outside email messages passed through the TMU mail filters which are considered to be spam are quarantined and not delivered to your mailbox. This may cause potential problems because some legitimate messages are falsely flagged as spam, quarantined and the users don’t know about it. Currently, users contact CCS to check if a message they were expecting has been quarantined and if so CCS will manually release the message from quarantine.
Often when CCS troubleshoots an email issue, or reported spam, it’s useful to have the “full headers” of a message. This helps to accurately track where a message came from.
- Select the message.
- Using the drop-down menu in the upper-right, select Show original.
- Click Copy to clipboard.
- Paste into a new message.
- Select the message.
- From the View menu select Headers then All.
- Forward the message.
- Double-click the message to open it in a new window.
- Click the File tab in the new window and click the Properties button.
- The headers are in the bottom portion of the window (beside Internet headers:). Copy headers.
- Forward the original message and paste the copied headers into that message before sending it.
Because of the way some external sites block Google content, it’s best to use an image from the TMU branding site (opens in new window) . Download and unzip the Logo Download file. Upload the TMU-rgb.png file to your My Drive on Google Drive.
You can add this to your Gmail signature. Click on the gear icon and select Settings > General > Signature. Then use the Insert Image icon, select the My Drive tab and click the TMU-rgb.png file. Click on Select. Click on the image and choose the appropriate size.
Phishing emails are designed to deceive you into:
- Clicking a link and entering personal details like your TMU username and password;
- Giving away personal details like your credit card or bank account numbers;
- Opening an attachment and installing malicious software; or
- Impersonating someone in an attempt to commit fraud with your help.
Each month, our university fields 1,500 increasingly convincing phishing emails attempting to target students, faculty and staff.
- The sender's address is suspicious.
- The "To" field is blank or for another person.
- The email includes typos or grammatical errors.
- The message contains an urgent request for personal information.
- The message requires immediate action to avoid a problem like losing access to your TMU account.
- When you hover over a link or button in the email, it directs you to an address (usually suspicious) unrelated to the text in the link.
- We've provided some samples to help you detect phishing emails. Many of these examples are derived from phishing emails that were sent to TMU email addresses. The links in these examples have been slightly modified to make them less dangerous but please don't attempt to visit these sites.
Spear phishing is a phishing tactic that targets a specific person by sending fraudulent emails that include personal information about the victim, tricking them into believing the email is legitimate.
Here is an example where the sender is pretending the email is from a TMU address, but the actual address is really from uniswa.szabc.
Here is an example of an email that claims to be from FedEx where the actual address is from specweldfab.revitalsite.comabc.
It’s always worth taking a moment to carefully check the full email address of the sender.
Here is part of an urgent request that included a link to a fake TMU login page:
Here’s another example of an urgent request:
Both of these fake messages include tell-tale grammatical errors and demand you take action to avoid losing access to your account.
Tip: Avoid using the “Report phishing” option that’s built into the TMU Gmail platform. Forwarding the phish to firstname.lastname@example.org ensures you’re reporting it directly to us so we can stop it from reaching others at the university.
Phishing attacks aren’t just limited to your inbox
Hackers can also target you by directing you to malicious phishing websites or contact you via your mobile devices.