College of Engineering |

DECS

ClamAVLogo_med.png

Michigan State University, along with almost every email provider continues to be a target of malware emails. Malware emails often appear to be package/parcel delivery notices, invoices, fax/scans, or fake court notices.

You likely have valuable MSU and Engineering accounts, and from time to time you will be the target of malware emails. Please exercise care when viewing emails and if you have any questions, contact DECS Support at support@egr.msu.edu, 353-8891, or stop by 1325 Engineering Building.

Tips for Recognizing a Malware Email

  1. Sender's email address. If the sender's address is unfamiliar or doesn't match an expected address for a company, then it is probably a malware email. Most malware emails appear to be package delivery notices, invoices, fax/scans, or court notices. These emails rarely appear to come from an appropriate address, for example emails claiming to be from Fedex or UPS are likely to be malware if their From address does not match fedex.com or ups.com.
  2. Email subject or attachment contains username. A malware email may contain your username in the subject or the attachment filename, or the Subject field may be blank. Contrast this to normal emails which almost always have a Subject and rarely mention your email username.
  3. Enticement to open an attachment. Many emails containing malware will encourage you to open an attachment. Many attachments can still be harmful even if you are running antivirus. Emails about package delivery problems have no good reason to require you to open an attachment; if they were emailing you about a legitimate delivery problem they could just inform you in the body of the email.
  4. Enticement to follow a link. Some malware emails are similar to phishing emails where they encourage you to follow a web link. This web link could lead to malware, so please consider all the tips first.
  5. Information verification. If an email is asking for you to confirm, check, review or provide information using an attachment, it may be a malware attachment. Reconsider if this seems safe and contact support if in doubt. It may not be safe to open the attachment.
  6. Problem warning, threat, or urgency. Malware emails often attempt to incite your fear, worry, or a sense of urgency. If an email encourages you to solve a problem by opening an attachment then you should be very wary. Some emails appear to be a second response asking you for a followup. Examples include dealing with package delivery problems, information about fake court appearances, or fake invoices from entities you may not be doing business with.
  7. Undisclosed-recipients/unlisted-recipients. If the email recipient list shows undisclosed-recipients/unlisted-recipients or an email address other than yours, then it may be malware.
    undisclosed.png
  8. Suspicious attachment. If the email has an unexpected attachment such as a file with the extensions .doc, .zip, .xls, .js, .pdf, .ace, .arj, .wsh, .scr, .exe, .com, .bat, or other Microsoft Office file types then it may be malware. Consider that sometimes the file extension is hidden or the contents are different than indicated.
  9. Plain text/absence of logos. Most legitimate email messages tend to be written with HTML and they may have a mix of text and images. Malware emails rarely have images and tend to have plain formatting.
  10. Generic greeting. If the email is addressed with a generic phrase like "Dear Customer" then it may be malware or a phishing attempt.
  11. Unexpected attachment contents. If you do ultimately open an attachment and the contents are empty or are very different from what you expected, it may be malware. Please contact support for help immediately! Support may be able to limit damage or help you recover.

What do real malware emails look like?

Here is a real screenshot of a mailbox containing 19 malware emails from early 2017:

malware-mailbox1.png

What can email malware do on your computer?

jigsaw-ransomware-screenshot.jpgcryptolocker-screenshot.jpgpetya-ransomware-screenshot.png

  • Most malware email attachments include code or exploits to cause your computer to download more malware from the internet. These email attachments are often small, customized, and not widely spread making them hard to detect by antivirus software.
  • In recent years, email malware is often ransomware which can delete or encrypt your files and backups even if they are stored in the cloud or on a server. DECS can generally only help you recover files if they were stored on DECS network storage. Ransomware cannot be trusted to decrypt your files even if you pay and may spread to other computers on the network.
  • Email malware can also steal data from your computer such as passwords, bank logins, PayPal logins, other logins, or files, take full control over your computer remotely using a RAT (Remote Access Tool), or just act as an agent which allows attackers to attack other computers through your computer.

How To Protect Yourself from Malware emails

  • If a potential malware email doesn't sound like it pertains to your duty, you can probably just delete it. Keep in mind a determined attacker may try sending a followup email or may even call you on the phone to convince you to open it.
  • NEVER click "Enable Content" or "Enable macros" on a document you received in email. Contact DECS support if you see this:

enable-content-warning-1.png

  • Think before you act on an email. Be wary of any communications that implore you to act immediately or warn of negative consequences if you do not act now. Consider if you have dealt with the sender before.
  • Modern email malware is unlikely to be detected by typical desktop antivirus software so please use caution.
  • If an email looks suspicious, even if it is from someone you know, before you act on the email, contact the DECS Support Office at 517-353-8891 or forward the mail to support@egr.msu.edu. If it does appear to be from someone you recognize, look up their phone number in a directory and call them to ask. Never use contact information provided in the email.
  • If you attempt to open an attachment and have to go through multiple steps ("Enable Content") or it seems more difficult than it should be, stop and ask for help! Some malware requires multiple steps and you might be safe if you stop early, but it is best to ask for help to make sure your computer is still clean.
  • DECS uses multiple methods to try to prevent malware delivery to your account. Sometimes malware will only be identified as Spam, so be careful when reviewing your Spam folders. You may also use mail from other providers and you must maintain awareness with all email systems.

Test Your Phishing Attempt Recognition

DECS, along with several information technology companies, have produced quizzes to test your phishing I.Q. Do you think you can recognize a phishing attempt email or website? Take the tests to find out!

Make sure Spam Filtering is Enabled on Your Engineering Email Account

DECS provides many services to our users, including the ability to filter out spam messages sent to your engineering email address. Spam Filtering is enabled by default on new accounts but you can check your status using the following steps:

  1. Using your EGR username and password, log in to the My Account page of this website.
  2. Click Email Spam Filtering in the menu under Account.
  3. The page will display a message with your spam filter status.
  4. To change the status, click in the checkbox next to Enable Spam Filtering and then click Save Filter.
  5. Log out.

If legitimate email is being sent to your spam folder, you can setup email allowlisting on your account.  You can also forward the email to support@egr.msu.edu and we can assist you with allowlisting the email address. You can add the email to your allowlist by the following steps:

  1. Using your EGR username and password, log in to the My Account page of this website.
  2. Click Email Spam Filtering in the menu under Account.
  3. The page will display a message with your spam filter status.
  4. Click Allowlisting (Accepting).
  5. To enable allowlisting, click the checkbox next to Enable Allowlist.
  6. Add the email address that you want to filter (one per line). These can contain a wildcard (*), i.e. *@msu.edu would be all msu.edu addresses. It is NOT recommended that you allowlist your own @msu.edu address since this will prevent spam checking on forwarded or spoofed email.
  7. Press Save to save changes.

If spam is still being sent to your Inbox, please set up email blocklisting and send the email to abuse@egr.msu.edu.

  1. Using your EGR username and password, log in to the My Account page of this website.
  2. Click Email Spam Filtering in the menu under Account.
  3. The page will display a message with your spam filter status.
  4. Click Blocklisting (Blocking).
  5. To enable blocklisting, click the checkbox next to Enable blocklist.
  6. Add the email address that you want to filter (one per line). These can contain a wildcard (*), i.e. *@junkmail.com would be all junkmail.com addresses.
  7. Press Save to save changes.

 

 

Keywords
Security category