Virus Protection Information Page
With the never-ending onslaught of viruses and worms circulating the Internet, mostly through email attachments, it is critical for you to exercise good judgment on opening email attachments. Even the most seasoned IT professionals can get snookered into opening email attachments.
While you can make sure your anti-virus software is up to date and has the most current virus definitions available, there is usually a delay in anti-virus software providing timely updates for new viruses that have been released. So, the best means of protecting yourself is to discern whether or not you should open email attachments, or visit suspicious web sites.
Listed below are a few points to consider, before opening that email attachment.
- Think about how important your computer and data is to you.
Can you afford to be without your computer for any length of time it may take to eradicate/restore your system? If the message and attachment has an ounce of peculiarity, you can always shoot back a reply or call the sender and ask them if they did send it to you.
- Most software companies will not issue software fixes/patches as email attachments.
They will direct you to their official download/support web page. Some emails will put "admin" or "administrator" as the sender of the message. It is rare to receive such messages from admin accounts, especially with attachments. Also, several malicious emails (not necessarily sent as attachments, but web links) attempt to trick you into believing that you need to log into your bank account or credit card account to verify your information (what they do is capture your username and password). BE CAREFUL!
NOTE: SVSU does NOT send emails with attachments from admin@svsu.edu.
- Get in the habit of always including your name or contact information in the body of your messages. Request those people you correspond with to do the same.
If the message has the email address of family/friend/co-worker, but does not have their personal name or signature imbedded within the message - immediately suspect any attachment as being infected. You should not open the attachment, until you verify the user sent it to you for a genuine purpose. Most of the viruses that circulate via email attachments, try to make their messages appealing - but they do not usually include personal names of the sender within the body of their message.
- Be alert to the file extensions of attachments
If the attachment has the extension .pif or .scr or .bat or a double extenstion .scr.pif - it's most likely a virus. Do you really need to open an attachment called details.pif or document.scr.exe?
If you don't know the program that uses that file extension, don't open it. Even files with .doc (Word documents) may have embedded macro viruses - so be careful.
- If it looks suspicious, do some investigative work.
Visit http://www.sarc.com/ or http://www.mcafee.com/ occasionally, and see what kind of virus activity has been detected recently. The sites provide a lot of information and tools to help you eradicate & fix your infected system, if you should fall victim.
- Is the email a Hoax or Urban Legend?
Check whether the message you received is legit or a hoax. You can do this at http://vil.mcafee.com/hoax.asp or http://www.snopes.com/. Simply put in key words from the message (like jdbgmgr.exe) and see if they have any information about the subject.
The second link above (http://www.snopes.com/) provides additional Urban Legends or Myths that often circulate and get passed around innocently. - Most institutions (schools, bank, credit agencies) will never ask you to verify personal data via email
Here's a couple other things to check before responding or opening an attachment:
- Poor grammar through-out the message
- Odd or incomplete Sender and Reply-to addresses
One of the things that users should be on the look out for is poorly named or suspicious looking email addresses.
If you get an "official" message that pertains to SVSU, it's not going to come from Yahoo, Hotmail, or addresses that don't even have svsu.edu in them (some of those recent messages used purdue.edu - think about it - why would "SVSU Team" have a purdue.edu address asking you for your personal data?). And, likewise, if you do attempt to reply - review what the reply-to address is - again, if it's not an svsu.edu address - it's probably a bogus message. Some of the earlier scammers had used email addresses that were not even affiliated with SVSU.
- Look for Signatures or "real" names inside the email message (like the one below).
Oftentimes, scammers will not put any verifiable contact information in the message. Still, if the message seems odd - make a call BEFORE opening attachments or responding to messages.
- Links in email messages
Rather than believe a message that seems to be asking for you to verify personal data or a transaction, do not click on the link in the message. Paypal and eBay users are often targeted with sales that never took place, and it's an attempt to steal your identity and access your Paypal account. Do Not Click the link - go directly to your account using the web browser and check things out for yourself, or contact customer service about the legitimacy of the message.
- Poor grammar through-out the message
SVSU Information Technology Services has implemented tools to help decrease the chances of major virus outbreaks from affecting our users. All incoming email attachments that originate from off-campus computer systems are scanned before delivery to your inbox. Free anti-virus software is also available (see below).
Remember, anti-virus companies are reactionary in nature. They have to react to outbreaks, therefore IT departments rely on their ability to react. It usually takes a couple of hours before a patch is ready.
While we scan all incoming messages - we might not catch the newest virus let loose on the internet - which means....
We have to rely on you to exercise good judgment!
SVSU staff/faculty/students are encouraged to obtain anti-virus & anti-spyware software.
ITS has provided links to a couple of well known, free software - click here.