Many viruses are spread through email attachments. Always be cautious about attachments, even if you know who sent them. Your correspondent's computer could be infected by a virus that sends out virus-laden emails without his or her knowledge. CITES Spam Control automatically filters known viruses sent to @uiuc.edu email addresses, regardless of whether you've signed up for Spam Control. However, you should still be very alert for viruses, as they can cause significant problems such as data loss.
What you can do to avoid viruses:
- Don't open attachments unless you are sure about their contents.
- Keep your antivirus software up-to-date. Learn more about antivirus software and how to protect your computer from viruses at the CITES Security homepage.
- Use U of I Box for attachments. You can easily share files instead of sending them as attachments. See the U of I Box web pages for more information.
Forwarding Email Off-Campus
Although it may be tempting to forward your campus mail to an external email account, faculty and staff should never automatically forward their campus and work related email to a third-party service or personal email account. There are several reasons that faculty and staff should not forward work related email:
- Free email services are not truly free. These services scan the content of your email and use the content for targeted advertising and spam. This type of scanning creates an unacceptable risk that the University's sensitive data will be exposed to the world.
- The simple act of forwarding certain types of sensitive data to a third-party email service could violate state and federal laws. For example, student data (grades, discussions of academic performance, etc) are FERPA-protected and may not be stored in a personal, third-party account without violating FERPA.
- When a faculty or staff member is sick or unavailable, academic, research, or administrative information that is kept in a campus account can be shared with coworkers and collaborators. If the unavailable employee forwards all of his or her email to an off-campus service, this information will be completely inaccessible.
- If an employee using their campus email account happens to accidentally email sensitive data to another campus account, it is possible for campus IT staff to mitigate some of the damage by recalling emails and deleting messages that haven't been read yet. This can help reduce the damage caused by an accidental data breach, or in some cases, prevent the breach altogether. However, if an employee is using a third-party email service, there is no way to mitigate the damage.
If your campus email account isn't meeting your needs, there are solutions that keep sensitive data on campus. Please work with your local IT support staff and CITES to find an acceptable resolution.
The danger posed by scam and hoax emails can vary. Some hoax emails involve claims that companies or celebrities will give you money or that you will help cure someone of a disease if you forward a chain letter to your friends. Although the hoax chain letter itself is relatively benign, on a large scale the emails can slow down entire networks.
One of the most harmful types of scam emails are messages claiming that your account for a financial service (such as PayPal, eBay, banks, and credit cards) has been compromised or disconnected and you need to confirm your personal information. These email messages contain links to fake web sites designed to collect information about you to steal your identity or access your real accounts for fraudulent activities. If you receive an email that warns you about your accounts, do not click on any links provided in the email. This type of scam, known as phishing, is becoming increasingly common, and the emails can appear to be legitimate.
What you can do to avoid phishing attempts and other scam emails:
- Use CITES Spam Control to filter phishing attempts. Spam Control automatically deletes known phishing emails before they reach your inbox. Find out more about Spam Control and how to sign up on the CITES Spam Control pages.
- Contact your financial service. If you aren't sure about the legitimacy of an email from your financial service, try contacting its customer support or help. Remember to navigate to the financial service's homepage by typing the URL into your browser or using your bookmark--don't use any links to the financial service from the email in question because they might direct you to a counterfeit homepage.
- Educate yourself. Visit the CITES Security homepage to learn more about scams such as phishing.
Spammers are essentially the telemarketers of the Internet who send you unsolicited email messages about products and services. While spam is usually not as dangerous as viruses and scams, these unwanted messages are obtrusive and often offensive. And if you have a severe spam problem, you can spend more time deleting spam than reading legitimate messages.
What you can do to avoid spam:
- Use CITES Spam Control to filter your spam. Spam Control can quarantine or automatically delete your spam messages. Find out more about Spam Control and how to sign up on the CITES Spam Control pages.
- Read Tips on Avoiding Spam. This web page offers tips on how to reduce or avoid spam.
If you receive harrassing or threatening emails from an individual and believe you are in physical danger, immediately call the University of Illinois Police Department at 911. You can also call a CITES Security Officer at 265-0000 (5-0000 from a campus phone) to report the threatening email. More information can be found at Reporting Security Incidents.