Navigate Up
Sign In
studentcentralstaffcentral

Email services for staff

Spam and nuisance mail


​Spam, viruses and other unwelcome email content have become a serious problem for internet users and for the university. In response Information Services subscribed to a spam filtering service for staff email, provided by Symantec's MessageLabs. See below for more information on the spam filtering service.
 
Our spam filter can not protect us from all threats and we each have a responsibility to be vigilant and protect the university's reputation and data, as well as our own personal finances. Phishing scams have become one of our biggest risks.
 
Please read on to find out how to keep your data and reputation safe.
 
 

How to avoid being hooked by phishers

Phishers use IT systems  to get money, or confidential information from you. They do this by tricking you into downloading and installing malicious software on your computer, usually by asking you to click on links in mail messages but they may also telephone you and ask you to visit a website. Once they have access to your computer, one of the first things they will do is send email messages to all your contacts (internal and external), passing on malicious software in your name. These scams are getting increasingly sophisticated and messages look very realistic, but there are a number of signs you can look out for as shown in the messages below:

The first message below appears to come from a member of university staff (details obscured). This is because they clicked on a link in a phishing message, giving the malicious software access to their email account and contact details:

phishing2.png


The message looks like something university staff might expect to see, using words like 'IT Help Desk' or 'Service Desk'. However, resting your mouse over the link will show you that it is not taking you to a safe university site:

phishing3.png


The second example looks very professional and even uses Barclays Bank graphics:

phishing example.jpg

What to look out for:

  • spelling and bad grammar. Many of these messages come from countries where English is not the first language
  • links to insecure websites hiding behind fake addresses - before clicking on a link in an email, always rest your mouse (without clicking) over the link to check where it is really going to. Secure websites always start with https: - be very wary of any addresses that start with just http:. In the example above the real address is a bit.ly short-cut address. You can not tell where it is actually going but you can see it is not a secure site.
  • the message asks you to do something unusual, for example verify your details, or it tells you that your account has been compromised,  or that it will be closed down unless you supply confidential information. The university and other organisations will never ask you to supply details such as usernames, passwords, or bank details, in this way. Never tell anyone your password and never enter your university password into any webpage that does not begin with https:,  no matter how convincing the request is!

If you are worried that one of your accounts has been compromised, the best way to check is to try logging on in the usual way. Go directly to the web page you usually use, do NOT follow a link in an email message.

 

For more tips on how to spot malicious 'phishing' messages see  advice on email and text message scams from Barclays at this site: http://www.barclays.co.uk/Helpsupport/FinancialScams/P1242561788639

 

Note that this site does not begin with https: but they are publically available sites and don't ask you to log in nor supply any information about yourself.

 

 

How does the spam filtering service work?

 
All mail coming in to the university from the internet first passes through pur SPAM filtering service. Any messages suspected of being spam are returned to the sender.  These messages are not deleted but are kept in a quarantine folder on the MessageLabs service. If you think that a message you are expecting may have been wrongly identified as spam, contact our Service Desk and ask them to retrieve the message for you.
 
Messages received from and sent to external email addresses have the following text at the bottom to show they have been checked:
 
 This email has been scanned by the MessageLabs Email Security System on behalf of the University of Brighton [or BSMS].
 
 
 
 
See the Symantec.cloud website for further information on this service.
 
See information on the right to find out what you should do if you suspect a  spam/phishing message has slipped through into your university email account.
 
 

Further advice on keeping your data and the university's data safe:

 
Only messages coming into or going out of the university are checked by the spam filters. Messages sent internally are not checked. Computer viruses and other malicious software can attach themselves to email clients and send harmful messages appearing to be from the computer's owner. To keep your email account and the university's systems safe:

  • think carefully before downloading software, opening email attachments, or clicking on a link
  • never give out passwords
  • do not access your university email from a computer that does not have up to date antivirus software installed
  • do not assume that just because you know the sender, the message is safe
  • if a message is unexpected, carefully check links to web pages before opening them - let your mouse rest over the link until the real address appears on your screen   
  • do the links to web pages begin with https:// or http:// ? Secure websites always start with https://
  • is the web address completely different to what you would expect?
​ 

Not all spam is malicious

You may be receiving marketing messages from companies you have contacted in the past. If you don't want to receive these messages you can ask to be removed from the company's mailing list. Look towards the end of the message and you will normally find a link to unsubscribe. This takes just a few seconds and will help to reduce your inbox clutter.   
​Students, see spam and nuisance mail  guidance for students​
 

 What is spam?

 
Spam is email that you have not asked for and don’t want; messages created by automated email programs which are sent to thousands of people at once and often contain viruses and other malicious software.
 

 What is phishing?

 
Phishing is the act of sending an email that appears to be coming from a reputable company or person, in order to trick people into giving away personal information such as passwords, credit card numbers and bank details.
 

 What to do if you receive SPAM

 

What should you do when you receive a spam message? 

  • move the message to the Report Spam folder in your mailbox. It will be submitted to Symantec for analysis, after which the message will be moved to your Deleted Items folder

report-spam-folder.png

  • never reply to a spam message 
  • don't ask to be taken off the mailing list because then the senders will know your email address is real and active and you will receive even more messages
  • never click on links in a spam message - the message could be concealing a virus or you could find offensive material (pornography for example) displayed on your screen
 

 Practise safe computing

 
​See our Safe computing web page for more guidance on keeping university information and your personal and financial information safe online.
 

 IT security policies and guidance

 
Page owner: Jill Shacklock