Student E-mail
E-mail and Internet Scams and Viruses
Unscrupulous people regularly use E-mail and the Internet to trap the unwary into giving out their bank details or parting with their money. Unscrupulous people also create viruses.
E-mail Scams
Early scams - the most famous probably being the "Nigerian scam", which is still being used, and claims that you have inherited money or won a lottery - would promise sometimes vast sums of money in return for bank account details or some sort of "administration charge". Note that the first e-mail may start by asking for contact details - the rest will follow if you reply.
Remember: if it sounds too good to be true, it's because it's false!
Unscrupulous programmers can also send e-mail as if it were someone else - even you! If you are interested, we can explain how it is easy for the unscrupulous to fake your e-mail address www.lboro.ac.uk/it/mail/fake-address.html.
More recently, e-mails purporting to come from high street banks have enticed the unwary into clicking a link and giving out their bank account details. The more sophisticated scams have included creating copies of the bank's web site that collect account and password details. It is even possible for the scammer to make the real bank's Internet address appear in the address bar of your web browser (their address is the same as the bank's address, but adds invisible or unprintable characters).
Similar scams can purport to be from reputable online businesses such as Amazon or E-bay.
-
Never click on a link from an e-mail purporting to be from your bank.
-
E-mails which are forms requesting personal information are always spoof e-mails.
-
The "From" field of an e-mail can be altered easily - it is not a reliable indicator of the true origin of the e-mail.
-
The "Subject" line of the e-mail or the first line being a general greeting such as "Welcome xxx Bank customer" is likely to be a spoof e-mail.
-
E-mails claiming that urgency is required, or that your account is in jeopardy, are very likely to be spoof e-mails.
If in doubt, look up your bank's telephone number yourself in yellow pages (http://www.yell.com/ucs/HomePageAction.do), and telephone for confirmation.
Vigilance is the best line of defence - periodically check your account and change your password. To prevent someone accessing multiple accounts, it is effective to have different passwords for each account. Also, a good password will include a combination of letters and numbers - this makes it more difficult for people to guess the password.
Online Shopping
If you use reputable organisations such as Amazon, you should not have problems (providing that you watch out for e-mail scams).
For other sites, a minimum check should be that there is both a real address and a real telephone number (not just a mobile phone). You risk being defrauded if the site owner is not honest, so be careful out there!
Contact Your Bank and Credit Card Company
If you think that you have entered your personal financial information into a spoof site, contact your bank and credit card company immediately.
Viruses
E-mail can all too easily contain a virus, a Trojan horse, or a worm. We automatically check for viruses etc. on incoming University e-mail, but if you also use another e-mail service (such as Hotmail) our virus checking is not applied to this mail, so a virus could get through to your computer this way. When a new virus is created by a hacker, it may reach the University before the mechanisms to defend against it have been created by the anti-virus software company, so even up-to-date virus checking will not guarantee your computer's safety.
Users of the Staff Desktop Service or the HallNet Service also have anti-virus software installed and automatically kept up to date. You are strongly advised to purchase and keep up to date anti-virus software for any computer you use at home - if you do receive a virus, it could cause extensive damage. Under Site Licence we offer anti-virus software from the Help desk in the Haslegrave building.
Hoaxes
Hoaxes include e-mail messages which come from people you know, apologising for inadvertently infecting your computer. Sometimes they can give instructions on how to remove the infection. These instructions can be false and can cause you to damage your computer by deleting important system files. Of course, such a message could be genuine.
-
Before you take any action (and before you forward the message to anyone else), check the Virus Hoaxes page at http://vil.nai.com/vil/hoaxes.aspx.
-
If you can not find your particular problem on the Hoaxes page, you should find further details in the Virus Information Database at http://vil.nai.com/vil/default.aspx.
The Redirect Dial Scam
This only affects home users using a telephone dial-in modem; it can not affect your use of a campus or HallNet network connection, nor a cable modem such as N.T.L. Some malicious programmers have designed web sites where closing a pop-up advert can alter your Internet connection settings to dial a premium rate 090 telephone number (at £1.50 a minute or so) instead of your Internet Service Provider (on an 0845 number at local rates). Users can be charged £100s before they receive their telephone bill and realise that something has happened.
If you are affected:
-
Contact your telephone company. They may be willing to bar the telephone number in question from your home, or to bar all premium rate lines. They may be willing to suspend that part of your telephone bill while it is being investigated.
-
Contact the regulator Icstis on 0800 500 212 or www.icstis.org.uk/consumers/default.asp.
-
Use up-to-date anti-virus software and keep it up to date. A CD containing McAfee anti-virus software is available from IT Services Service desk.
For your personal home computer you may want to consider ad blocker software - see www.lboro.ac.uk/it/security/ad-spyware.html. Note that this is already installed on Staff Desktop computers. This will notify you if a web site is attempting to modify your computer, and the default button will cancel any such effect. Beware that when you visit Microsoft to patch your operating system - something you should do for your home computer from time to time (but not for your Staff Desktop computer) - you do want the web site to modify your computer (you are patching it!), so you don't want to take the default "cancel" option when your ad blocker software warns you about this web site.
Avoiding Problems
Even with up-to-date virus software, as new viruses are released you could receive a virus before the anti-virus software has been updated to block out that virus. It makes sense to be a little wary of any incoming e-mail, and take steps to try to defend yourself from infection:-
-
Don't open an e-mail attachment unless you know what it is - even if it (purports to) come from someone who you trust.
-
Don't open an e-mail from someone who you know, where the subject line is something you wouldn't expect them to send.
-
Be cautious of any e-mail from someone you do not know.
-
If you use Outlook Express, do not leave the preview pane open. From the View menu, select Layout, and ensure that Show preview pane is set off. When you receive an e-mail, go through the checklist above before double-clicking to open and read the e-mail.
-
Ensure that you have anti-virus software on your personal computer and keep it up to date. HallNet and Staff Desktop users have this handled by us and need do nothing while using our services.
-
Staff Desktop users of Portable Computers and Laptops must be regularly connected to the Internet to ensure that the system is kept up to date. If for any reason you are unable to connect to the network for longer than four weeks, please contact your local IT support person or IT Services on your return so the Anti Virus updates can be manually installed before you connect to the network.