Email and the internet are critical tools for both your learning and social experiences here at Shepherd, and your life outside of Shepherd. Like any tool, these may be used to assist you in your life; but they can also be used by those with malicious purposes in mind. Sometimes it is easy to tell when an email or website has a malicious purpose, but not always. Please be cautious in your use of the web and email system.
While Shepherd University’s IT Services staff is diligent in trying to stop spam and malicious content from getting through to end-users, some still filters through. It is up to each person to be as educated as possible as to what to look out for, how to handle it when they see it, and how to be diligent in keeping themselves and their fellow users computing environment safe.
Here is a Exploits Definitions page with basic definitions for exploits and malicious activities to use as a reference so you are familiar with the terminology.
Below are some tips to keep in mind when looking at an email, or a web site you are directed or surf to. These are not comprehensive so please use them as a guideline.
Emails:
- You did not ask for the email so it is unsolicited.
- The FROM address is one you do not know.
- The time the message was sent seems suspicious.
- Even if you are familiar with the sender’s address, it may have been spoofed such as an email from you to you. Use caution when opening and if possible, contact the sender not using email to make sure they sent it.
- The greeting is incorrect. It may have the last name field such as Hello {last name} from a failed mail merge, or your last name instead of your first name such as Hello Smith instead of Hello Jane.
- The text uses bad grammar with poor sentence structure, improper wording and misspellings.
- If it contains attachments, they are not what they say they are. If it is supposed to be a Word document, the document name may be documentname.doc.zip or documentname.docx.exe. There is a very high probability of a malicious payload (virus, malware, spyware, adware) in the attachment.
- If it contains web page links, they do not go where they are supposed to. When you hover over the link without clicking, it may point to a web address ending in a country code instead of .com or .edu or .gov, or to a web address in this country but not close to what it is supposed to be.
Web sites:
- Goes to a web site not expected. You wanted or expected to go to www.google.com but the URL at the top of the browser states something like www.googledme1234.com.nz or something not close.
- The site does not look normal from what you expected. It may be a little or a lot off.
- It asks for private or personal information such as Social Security Number, bank or credit card information, your passwords or PINs, etc.
Use your best judgment. If you are unsure about an email you receive, or a website you are visiting, is legitimate or not, please contact us. Send an email with all of the information you can, without divulging any private information, to itworkorder@shepherd.edu. Include your contact information. This will create a ticket in our system so we may take a look at it and communicate back with its legitimacy. Better to ask than to have your private information and/or computer compromised.