Ah, the joy of checking your email and finding a mysterious message from an unknown sender promising to solve all your problems. Who doesn't love a surprise? But wait, before you click on that tempting link or download that suspicious attachment, let's talk about the elephant in the inbox. Yes, we're talking about spam and phishing, the internet's equivalent of a carnival game where you can win a lifetime supply of regret. As university employees, you are the first line of defense against these online scams, and this knowledgebase article is your ultimate weapon.
What is Phishing and Spam?
A spam email is an email that you did not ask for and do not want, usually sent to many people at once for commercial purposes. For example, you might receive an email that offers you a free product, a cheap loan, or a chance to win a prize, but it’s actually a scam or an advertisement.
A phishing email is an email that tries to trick you into giving away your personal or financial information to someone who is pretending to be a legitimate organization. For example, you might receive an email that looks like it’s from your bank, but it’s actually from a hacker who wants to steal your account details. Phishing emails can also contain links or attachments that can infect your device with malware.
Note: It is important to contact the IT Service Desk right away if you believe you have clicked on a phishing link because they can help you take steps to protect your data and devices from further damage. They can also alert other users of the potential threat and prevent more people from falling victim to the phishing attack.
Some of the steps that the IT Service Desk may advise you to take are:
- Change your passwords for any accounts that may have been compromised
- Scan your computer or device for malware and remove any suspicious files
- Report the phishing email or text message to the appropriate authorities
- Monitor your bank statements and credit reports for any unauthorized transactions
Phishing attacks are becoming more sophisticated and convincing, so it is important to be vigilant and cautious when opening emails or text messages from unknown senders. Always check the sender’s address, the spelling and grammar of the message, and hover over any links before clicking on them. If you are unsure about a link, do not click on it and contact the IT Service Desk for assistance
Spam/Phishing FAQ
Why do I receive spam?
The amount of spam you receive depends on your Spamability quotient (SQ)
- If you have your email address on any websites your SQ goes up as these are culled by spammers
- If you participate in discussions groups or list servers your SQ goes up for the same reason
- If you have given out your email address to any surveys or to access a website or register for or purchase something your SQ goes up
- If you ever respond to SPAM or to the 'reply to be removed from spam list' request your SQ goes way up
- If you follow links in a Spam message your SQ will go up as this just confirms your email address
A normal range of spam is 0-30 per week depending on your SQ
How do I reduce the amount of spam I receive?
- Don't give out your email address automatically (this includes paper comment cards or questionnaires)
- Check websites privacy policies before submitting your email address online. Find out how your address is going to be used and protected
- Be aware of options that are selected by default when installing software or completing online forms
- Use Email filters to block addresses, or tag suspect email
- Don't follow the links in spam messages
- Disable the automatic downloading of graphics in HTML email. Graphics in spam are often linked to track who opens the message (which confirms the address as active)
- Consider using an additional email address to be used for online shopping and completing forms. Any spam generated by these activities would then go to this secondary address, and not to your regular mailbox. There are a number of free email services available (Hotmail, Yahoo, Gmail).
What is Exchange Online Protection (EOP)?
Exchange Online Protection (EOP) is a cloud-based email security service that protects your university email account against spam, malware, and other email threats. EOP scans your incoming messages for malicious software and filters out unwanted messages from your inbox.
EOP is important because it helps safeguard your personal and professional information, as well as the university’s data and reputation. By using EOP we can reduce the risk of phishing attacks, identity theft, data breaches, and other cyber threats that can compromise your email account or the university’s network. EOP is included for all VIU mailboxes, which means you don’t need to install or configure anything to use it.
How do I report phishing or spam?
If the email you've received is trying to impersonate a VIU employee, the IT department would like to investigate further. You can send it as an attachment to ithelp@viu.ca
Otherwise, you can follow these steps to report spam or phishing on an email to Microsoft:
- Select the suspicious message in your inbox or another folder.
- Go to the Home tab and select Report Message. A drop-down menu will appear with different options.
- Select Report as Phishing if the message is a phishing email or select Report as Junk if you think the email is regular spam. You can also select other options such as Not Junk, Not Phishing, or Report as Abuse depending on the situation.
- The message will be reported to Microsoft and moved to the Junk Email folder or deleted. You will see a confirmation message on your screen.
Not sure if a message is phishing or legitimate? You can send these to ithelp@viu.ca as well, who will try to confirm for you.
That’s it! You have successfully reported a spam or phishing email to Microsoft.
I found legitimate email in my junk folder. How do I report a message as safe?
To report a message as safe, follow these steps:
- Select the message in your Junk Email folder or another folder.
- Go to the Home tab and select Report Message. A drop-down menu will appear with different options.
- Select Not Junk if you think the message is not spam or select Not Phishing if you think the message is not a phishing email. You can also select other options such as Report as Junk, Report as Phishing, or Report as Abuse depending on the situation.
- The message will be reported to Microsoft and moved to your inbox or another folder. You will see a confirmation message on your screen.
That’s it! You have successfully reported a message as safe with EOP.
What is a junk folder and how often should I check it?
It is important to check your junk folder because sometimes legitimate messages are incorrectly classified as junk by your email service. If you don’t check your junk folder, you might miss important emails from your colleagues, students, or other contacts.
You should check your junk folder regularly (daily or weekly) to make sure that you don’t miss any good messages. You can also mark them as not junk to move them back to your inbox or any folder. This will also improve the accuracy of our spam filter for future messages.
Why do safe emails sometimes end up in my junk folder?
Legitimate emails sometimes end up in the junk folder because your email service tries to protect you from spam messages. Spam messages are unwanted or harmful emails that can clutter your inbox or even harm your computer or data.
VIU uses a system called Exchange Online Protection (EOP) to filter spam messages. EOP looks at different things about each message, such as who sent it, what it says, and how it was delivered. Based on these things, EOP decides if a message is spam or not.
Sometimes, EOP can make mistakes and mark good messages as spam by accident. This can happen for various reasons, such as:
- The sender of the message has a bad reputation or has been reported as a spammer by other users.
- The content of the message contains words or links that are commonly used by spammers.
- The delivery of the message was done in a way that is suspicious or unusual.
When EOP marks a message as spam, it moves it to your Junk Email folder. This is why you should check your Junk Email folder regularly to make sure you don’t miss any good messages. You can also tell EOP which messages are not junk by reporting them as as safe. This will help EOP learn from its mistakes and improve its filtering for future messages
Why do unsafe emails sometimes end up in my inbox?
Sometimes, EOP can miss some spam or phishing emails and let them through to your inbox. This can happen for various reasons, such as:
- The spam or phishing email is new or cleverly designed to avoid detection by EOP.
- The sender of the email has a good reputation or has been added to your safe list by mistake.
- The settings of your email service are too permissive or have been overridden by legacy rules that allow some spam or phishing emails to bypass EOP.
When EOP misses a spam or phishing email, it ends up in your inbox. This is why you should be careful when opening any email that looks suspicious or unfamiliar. You can also help EOP improve its filtering by reporting any spam or phishing emails that you find in your inbox. This will help EOP learn from its mistakes and block similar emails in the future.
What file types are restricted?
Emails containing attachments with the following file extensions will be automatically quarantined:
.ace
.apk
.app
.appx
.ani
.arj
.bat
.cab
.cmd
.com
.deb
.dex
.dll
.elf
.exe
.hta
.img
.iso
.jar
.jnlp
.kext
.lha
.lib
.library
.lnk
.lzh
.macho
.msc
.msi
.msix
.msp
.mst
.pif
.ppa
.ppam
.reg
.rev
.scf
.scr
.sct
.sys
.uif
.vb
.vbe
.vbs
.vxd
.wsc
.wsf
.wsh
.xll
.xz
.z
If you need to send these kinds of files, please use OneDrive and share the file to the intended recipient from there.